1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
1
Hello,
Your understanding is correct, it is explained here
By default, the source IPv4 address of each pod that communicates with resources outside of the VPC is translated through network address translation (NAT) to the primary IP address of the primary network interface attached to the node. You can change this behavior to instead have a NAT device in a private subnet translate each pod's IPv4 address to the NAT device's IPv4 address.
The fact that Ping (echo
and echo-reply
) is working I think the VPN is setup properly. You may want to look at this link which explains SNAT in detail and inbound/outbound traffic to and from PODs.
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 10 meses
- OFICIAL DE AWSActualizada hace 9 meses
- OFICIAL DE AWSActualizada hace un año
Thank you, that brought me closer to a solution. I have set up a (public) NAT gateway in a public subnet and use it for NAT for pods in a private subnet. However the behavior is the same: Ping works and TCP does not.
tcpdump
andtraceroute
show that the traffic is going through the NAT gateway and the VPN tunnel. Somewhere along the way the answer gets lost/discarded. I assume now the issue is no more EKS related as the NAT works fine for pings and non-VPN connections.