cni icon indicating copy to clipboard operation
cni copied to clipboard
verified publisher icon containernetworking

CNI Plugins Should allow hairpin traffic

Open caseydavenport opened this issue 8 years ago • 4 comments

Not 100% sure where this goes, but feels like CNI could be the right place to specify that plugins should support, but are not strictly required to support hairpin traffic (if/how each plugin does this will vary, so feels like it belongs in CNI rather than in the runtime).

Perhaps it should be an optional part of the spec, or a convention?

Context being this Kubernetes issue: https://github.com/kubernetes/kubernetes/issues/45790

caseydavenport avatar Jun 13 '17 16:06 caseydavenport

Do any current plugins support hairpin mode?

cmluciano avatar Jun 13 '17 20:06 cmluciano

@cmluciano at least the bridge plugin does: https://github.com/containernetworking/plugins/blob/master/plugins/main/bridge/bridge.go#L46

I think this issue is less strictly about "hairpin mode" than supporting traffic from a container that gets routed back to itself through whatever means that plugin deems appropriate.

caseydavenport avatar Jun 13 '17 21:06 caseydavenport

We talked about this somewhat at the most recent meeting. It's clear that there are two aspects to this:

  1. The spec (or one of the related documents, e.g. conventions) should mention hairpin support
  2. The plugins should support hairpin traffic, especially as present in Kubernetes, Mesos, Rkt, etc.,

So there should be specific plugin issues + PRs as needed, and a spec change. In the context of this issue, we were thinking of adding a block to the conventions document that mentions hairpin mode and that plugins SHOULD support traffic being redirected back to the container.

Thoughts on specific wording?

squeed avatar Aug 09 '17 17:08 squeed

That sounds good to me @squeed

cmluciano avatar Aug 11 '17 21:08 cmluciano