Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-15267

Add ForceUDPEncaps to ESP protocol section undedr Submariner prerequisites

XMLWordPrintable

    • False
    • None
    • False
    • None

      The following section 

      If the gateway nodes are directly reachable over their private IPs without any NAT in between, make sure that the firewall configuration allows the ESP protocol on the gateway nodes.

      under 

      https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/networking/networking#submariner-prereqs

      should be extended to cover also CeIPSecForceUDPEncaps support for ACM.

      We should add something similar to :

       

      In case you don't want to allow ESP protocol in firewall you can force submariner to encapsulate IPSec traffic in UDP.
      To force UPD encapsulation apply the following on hub cluster for each managed cluster : 

      oc edit SubmarinerConfig -n  <managed-cluster-namespace> submariner
 

      add forceUDPEncaps: true to spec.

       

              rh-ee-ofischer Oliver Fischer
              yboaron Yossi Boaron
              Prachi Yadav Prachi Yadav
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: