You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: docs/egress.md
+14-12
Original file line number
Diff line number
Diff line change
@@ -466,13 +466,15 @@ in a cluster using `kube-proxy` IPVS. The issue was fixed in Antrea v1.7.0.
466
466
467
467
## Known issues
468
468
469
-
To support `EgressSeparateSubnet` feature, VLAN sub-interfaces will be created by
470
-
Antrea Agents, the `rp_filter` of VLAN sub-interfaces should be 2, which enables loose
471
-
mode filtering. In a vanilla Kubernetes cluster, Antrea Agents will set the `rp_filter`
472
-
to 2 automatically without user intervention. However, it has been observed that
473
-
`rp_filter`update by Antrea has no effect on OpenShift clusters due to [a known issue](https://github.com/antrea-io/antrea/issues/6546).
474
-
A workaround is to leverage OpenShift Node Tuning Operator to update the `rp_filter`
475
-
for `all` interface on all Egress Nodes:
469
+
To support the `EgressSeparateSubnet` feature, VLAN sub-interfaces will be
470
+
created by Antrea Agent on a Node, and the `rp_filter` setting of the VLAN
471
+
sub-interfaces should be set to `2`, which configures loose reverse path
472
+
filtering. In a vanilla Kubernetes cluster, Antrea Agent will set `rp_filter` to
473
+
`2`automatically without user intervention. However, it has been observed that
474
+
the `rp_filter` update by Antrea takes no effect on an OpenShift cluster due to
475
+
[a known issue](https://github.com/antrea-io/antrea/issues/6546). A workaround
476
+
for this issue is to leverage OpenShift Node Tuning Operator to update
477
+
`rp_filter` for all interfaces on all Egress Nodes:
476
478
477
479
```yaml
478
480
apiVersion: tuned.openshift.io/v1
@@ -496,8 +498,8 @@ spec:
496
498
profile: openshift-antrea
497
499
```
498
500
499
-
After you apply above `Tuned` CR named `antrea` in a given OpenShift cluster, the Node
500
-
Tuning Operator will watch the CR and update `net.ipv4.conf.all.rp_filter` to 2 for all
501
-
matched Nodes (e.g. all Nodes with a label `network-role=egress-gateway`). Please refer
502
-
to the OpenShift official document about [Using the Node Tuning Operator](https://docs.openshift.com/container-platform/4.16/scalability_and_performance/using-node-tuning-operator.html)
503
-
for more details of `Tuned` CR.
501
+
After you apply the above `Tuned` CR named `antrea` in an OpenShift cluster, the
502
+
Node Tuning Operator will reconcile the CR and update
503
+
`net.ipv4.conf.all.rp_filter`to `2` for all the matched Nodes (e.g. all Nodes
504
+
with label `network-role=egress-gateway`). Please refer to the OpenShift
505
+
document about [Using the Node Tuning Operator](https://docs.openshift.com/container-platform/4.16/scalability_and_performance/using-node-tuning-operator.html).
0 commit comments