1. Proposed title of this feature request

Egress IP: Cut the TCP connection or preserve the source port in case of Egress IP switch node.

1. What is the nature and description of the request?

Let's assume we have a cluster with three worker nodes (A,B,C). An egress IP is configured to be able to run on nodes A and B. 

An application with a long-running TCP connection is running on node C. The long-running TCP connection is a connection to a database (via a connection pool) 

Between the cluster nodes and the database is a firewall that only allows a connection to the database from the egress IP.

The connection is built from Node C via Node A (target 31001, for example) to the database. The firewall stores the information in the connection table: source ip + port + target ip + target port.

Now the egress IP switches from Node A to Node B because of the cluster upgrade during the drain process. 

Now the TCP packages of the existing TCP connection are leaving the cluster from Node B with the same source IP BUT with a different source port. The result is the firewall drops the package because of the different source port. 

Would it be possible to cut the TCP connection during a node drain?  To force the client to recreate a new database connection?

OR 

Would it be possible to preserve the source port?

1. Why does the customer need this? (List the business requirements here)

 The customer is running an application with a JDBC connection pool. The database is protected via a firewall; for that reason, we are using an egress IP. But during the node failure / node drain, the firewall drops the TCP packages because of a source port change, and that leads to a stale TCP connection. 

1. List any affected packages or components.

OVN Kubernetes