How to gather all the information to review if traffic is not being filtered in SDN Openshift Container Platform 4.

Solution Verified - Updated -

Issue

The OpenShift SDN uses OpenvSwitch, virtual extensible LAN (VXLAN) tunnels, OpenFlow rules, and iptables. The way the iptables proxy works is by querying iptables-save to gather all the current rules, it later verifies the current rules and then applies the change in a single transaction with iptables-apply.
The way the userspace proxy works is by running, for each rule, iptables -C to check if a rule exists, and iptables -A to create it or iptables -D to delete it if necessary. Doing multiple small iptables transactions is way slower than running a single large transaction.

Environment

  • Openshift Container Platform 4 [OCP].
  • Openshift-SDN:

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content