0

I am using minikube cluster on AWS instance. I have replaced IPVS with iptables within kube-proxy to achieve session affinity. IPVS source hashing algorithm is used to achieve session affinity, now to my understanding, the source hashing algorithm is maintaining session on the basis of only IP address. This is not fine in case of the multiple user connecting from private network having only one public end-point. The traffic from that public end-point is always directed to one pod in case of replica although they may be different users. This leaves other pod ideal.

Desired result:

The different users from the same public end-point should be considered as different users on the basis of same-IP+unique-port and should be directed to different pods within the replica.

How can i achieve this using IPVS?

zuri_nahk
  • 21
  • 2
  • 4
  • Please explain in more details about your scenario, if you can give some examples of how reproduce the behaviour would be helpful to get better help. – Mr.KoopaKiller Aug 24 '20 at 12:50
  • @KoopaKiller I have exposed k8 service via NodePort let say 30788. The client first makes a UDP connection with machine-public-IP:30788 now the immediate connection which client makes is TCP with machine-public-IP:30788. Now both of these connection has to be established with same pod in the replica. This is achieved by introducing ipvs with the source hashing algorithm. – zuri_nahk Aug 24 '20 at 13:20
  • Now the problem is let say there is an enterprise where there are many clients behind the same public IP. When these different clients establish a connection with machine-public-IP:30788 the source hash algorithm of ipvs treat them as traffic originating from same source ip and direct all of them to the same pod leaving other pods ideal. – zuri_nahk Aug 24 '20 at 13:22
  • I want that somehow the different client connecting from the same source IP should be considered as a different user on the basis of there unique port and should be directed to different pods. – zuri_nahk Aug 24 '20 at 13:26
  • What is the reason to redirect to another pod, to balance the traffic or another reason? Have you considered use an ingress, like nginx-ingress? – Mr.KoopaKiller Aug 24 '20 at 17:38
  • yes to balance the traffic because if there are three pods e.g POD-A, POD-B and POD-C. The clients from the same organization having the same public IP goes to only POD-A. I am handling session affinity on L4, not on L7, don't think ingress will fulfil my desire. – zuri_nahk Aug 24 '20 at 18:19
  • Could you give an example to reproduce? Then I can take a look and see how to achieve the desired state. – Mr.KoopaKiller Aug 25 '20 at 08:38

0 Answers0