amazon-vpc-cni-k8s icon indicating copy to clipboard operation
amazon-vpc-cni-k8s copied to clipboard

Published 20 hours ago verified publisher icon aws

Allow setting of EC2 Security group connection tracking configurable idle timeouts in AWS VPC CNI

Open youwalther65 opened this issue 2 years ago • 10 comments
trafficstars

What would you like to be added: AWS just released EC2 Security group connection tracking adds support for configurable idle timeouts.

Modifying these parameters requires EC2 API calls. It would be great if AWS VPC CNI can automatically implement custom configuration of these idle timeouts for newly provisioned ENI, it manages.

Why is this needed: Avoid conntrack (connection tracking) issues leading to paket loss etc.

youwalther65 avatar Nov 22 '23 13:11 youwalther65

For whomever works on this, ENI options are specified on create here: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/pkg/awsutils/awsutils.go#L786

The data-structure chain from aws-sdk-go(https://raw.githubusercontent.com/aws/aws-sdk-go/main/service/ec2/api.go) is:

CreateNetworkInterfaceInput -> ConnectionTrackingSpecification -> ConnectionTrackingSpecificationRequest

jdn5126 avatar Nov 22 '23 16:11 jdn5126

I would like to try and implement this, any guidance is highly appreciated as this is my first issue

bawejahritik avatar Dec 27 '23 08:12 bawejahritik

@bawejahritik thank you for the offer! We are currently discussing internally when to pick this up, as we want to limit the number of new environment variables that we introduce until we have a chance to clean existing ones up.

jdn5126 avatar Dec 27 '23 17:12 jdn5126

Thank you for your response, is there anything else I can work on which is a good first issue?

Would love to contribute

bawejahritik avatar Dec 27 '23 20:12 bawejahritik

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar Feb 26 '24 00:02 github-actions[bot]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar Apr 27 '24 00:04 github-actions[bot]

@jdn5126 Any news regarding AWS internal decision?

youwalther65 avatar Apr 27 '24 07:04 youwalther65

@youwalther65 I no longer work for AWS, so I cannot answer this

jdn5126 avatar Apr 29 '24 17:04 jdn5126

cc: @orsenthil

jayanthvn avatar Apr 29 '24 17:04 jayanthvn

Any news regarding AWS internal decision?

No news yet. this is desirable feature that we will bring it up for prioritization.

orsenthil avatar May 15 '24 20:05 orsenthil

bump, please add

OverStruck avatar Jul 13 '24 20:07 OverStruck

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar Sep 24 '24 00:09 github-actions[bot]

Issue closed due to inactivity.

github-actions[bot] avatar Oct 09 '24 00:10 github-actions[bot]