iwita
b9152718d2
new version
|
5 years ago | |
|---|---|---|
| .. | ||
| .gitignore | 5 years ago | |
| BUILD | 5 years ago | |
| Dockerfile | 5 years ago | |
| Makefile | 5 years ago | |
| README.md | 5 years ago | |
| VERSION | 5 years ago | |
| main.go | 5 years ago | |
| tcp.go | 5 years ago | |
README.md
Reproduction of k8s issue #74839
Network services with heavy load will cause "connection reset" from time to time. Especially those with big payloads. When packets with sequence number out-of-window arrived k8s node, conntrack marked them as INVALID. kube-proxy will ignore them, without rewriting DNAT. The packet goes back the original pod, who doesn't recognize the packet because of the wrong source ip, end up RSTing the connection.