FE; make BIRD use IANA approved ports for BFD (49152-65535) #442
Conversation
zolug
added
kind/enhancement
There was a problem hiding this comment.
Just for reference for IPv6: https://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch11s03.html
Also, could you update the documentation: https://github.com/Nordix/Meridio/blob/v1.0.9/docs/components/frontend.md?plain=1#L98
Sysctl: net.ipv4.ip_local_port_range='49152 65535' | The source port of BFD Control packets must be in the range 49152-65535
| @@ -202,7 +202,7 @@ func (l *LoadBalancer) insertParameters(dep *appsv1.Deployment) *appsv1.Deployme | |||
| } | |||
| ret.Spec.Template.Spec.InitContainers[0].Args = []string{ | |||
| "-c", | |||
| common.GetLoadBalancerSysCtl(l.trench), | |||
| fmt.Sprintf("%s ; %s", common.GetLoadBalancerSysCtl(l.trench), common.GetFrontendSysCtl()), | |||
There was a problem hiding this comment.
Could be added here otherwise: https://github.com/Nordix/Meridio/blob/v1.0.9/pkg/controllers/common/models.go#L42
There was a problem hiding this comment.
Yeah, but I wanted to handle it separately, even though currently LB and FE share the same POD, the settings are FE specific.
There were plans to support a non-composite setups in the future, in which case I figured separating these could help sort things out. If it's not on the TODO list anymore, I can merge them.
edit:
But maybe that component requirement doc is sufficient to track sysctls. So I will do as you suggested.
Adjust /proc/sys/net/ipv4/ip_local_port_range following recommendation from BIRD.
Description
As per BIRD documentation, use ip_local_port_range to force BIRD using IANA approved src ports for BFD.
BFD packets are sent with a dynamic source port number. Linux systems use by default a bit different dynamic port range than the IANA approved one (49152-65535). If you experience problems with compatibility, please adjust /proc/sys/net/ipv4/ip_local_port_range.Issue link
NA
Checklist