trapier/kube-on-linux-networking.txt

## kube-on-linux-networking.txt
                  +-----------------------------------------------------------------------------+
                  |CLIENT POD HOST                                                              |
                  |       +---------------------------------------------+                       |
+---------------+ |       |CLIENT POD                                   |                       |
|KUBEDNS        | |       |                                             |                       |
|             <-------------+ $ curl http://myservice:4000              |                       |
|               | | srvc  |                                             |                       |
| myservice     | | disc  |     $ grep nameserver /etc/resolv.conf      |                       | ++ kubelet
| A 10.96.193.4 | | (DNS) |     nameserver 10.96.0.10                   |                       | ++ > svc cluster ip range:
|               | |       |                                             |                       |       10.96.0.0/16
|             +-------------> $ curl http://10.96.193.4:4000            |                       |
|               | |       |                                             |                       |
+---------------+ |       |   $ ip r sh                                 |                       | ++
                  |       |   default via 169.254.1.1 dev eth0          |                       |  | CNI
                  |       |   169.254.1.1 dev eth0 scope link           |                       |  | > pod cidr: 10.10.0.0/16
                  |       |                                             |                       |  |
                  |       |                +3:eth0@if19 10.10.59.2/32   |                       |  |
                  |       +--------------- | ---------------------------+                       |  |
                  |                        | (veth)                                             |  |
                  | Inner/Encap/Outer      +19:cali7d7a89ea281@if3                              | ++
                  | | function                                                                  |
                  | v v                                                                         |
                  | I NAT    iptables nat: 10.96.193.4 tcp dpt:4000 x DNAT to:10.10.242.135:80* | ++ kube-proxy
                  |                                                 x DNAT to:10.10.59.3:80     | ++
                  |                                                                             |
                  | I ROUTE  $ ip r get 10.10.242.135 | head -n1                                | ++
                  |          10.10.242.135 via 10.10.242.128 dev vxlan.calico  src 10.10.59.0   |  | CNI
                  |                                                                             |  |
                  | I ARP    $ ip neigh | grep 10.10.242.128                                    |  |
                  |          10.10.242.128 dev vxlan.calico lladdr 66:68:3d:c5:aa:4a PERMANENT  |  |
                  |                                                                             |  |
                  | E ENCAP  $ bridge fdb sh dev vxlan.calico | grep 66:68:3d:c5:aa:4a          |  |
                  |          66:68:3d:c5:aa:4a dst 192.168.122.64 self permanent                | ++
                  |                                                                             |
                  | O ROUTE  $ ip r get 192.168.122.64 | head -n1                               | ++ DHCP
                  |          192.168.122.64 dev eth0  src 192.168.122.155                       | ++
                  |                                                                             |
                  | O ARP    $ ip neigh | grep 192.168.122.64                                   | ++ ARP
                  |          192.168.122.64 dev eth0 lladdr 52:54:00:90:37:06 REACHABLE         | ++
                  |                                                                             |
                  |                             eth0 192.168.122.155/24                         |
                  +------------------------------+----------------------------------------------+
                                                 |
                                    +------------+--------------------------------+
                                    |                                             |
                                    |          INFRASTRUCTURE NETWORK             |
                                    |                                             |
                                    +------------------+----+---------------------+
                                                       |    |
                      +---------------------------+    |    |    +---------------------------+
                      |SERVER POD HOST (replica 1)|    |    |    |SERVER POD HOST (replica 2)|
                      | +-----------------------+ |    |    |    | +-----------------------+ |
                      | |SERVER POD             | |    |    |    | |SERVER POD             | |
                      | |      nginx:80         | |    |    |    | |      nginx:80         | |
                      | | eth0 10.10.242.135/32 | |    |    |    | | eth0 10.10.59.3/32    | |    ++ CNI
                      | +-----------------------+ |    |    |    | +-----------------------+ |
                      |                           |    |    |    |                           |
                      |  eth0 192.168.122.64/24   |    |    |    |  eth0 192.168.122.92/24   |    ++ DHCP
                      +---+-----------------------+    |    |    +---+-----------------------+
                          |                            |    |        |
                          +----------------------------+    +--------+
	+-----------------------------------------------------------------------------+
	\|CLIENT POD HOST \|
	\| +---------------------------------------------+ \|
	+---------------+ \| \|CLIENT POD \| \|
	\|KUBEDNS \| \| \| \| \|
	\| <-------------+ $ curl http://myservice:4000 \| \|
	\| \| \| srvc \| \| \|
	\| myservice \| \| disc \| $ grep nameserver /etc/resolv.conf \| \| ++ kubelet
	\| A 10.96.193.4 \| \| (DNS) \| nameserver 10.96.0.10 \| \| ++ > svc cluster ip range:
	\| \| \| \| \| \| 10.96.0.0/16
	\| +-------------> $ curl http://10.96.193.4:4000 \| \|
	\| \| \| \| \| \|
	+---------------+ \| \| $ ip r sh \| \| ++
	\| \| default via 169.254.1.1 dev eth0 \| \| \| CNI
	\| \| 169.254.1.1 dev eth0 scope link \| \| \| > pod cidr: 10.10.0.0/16
	\| \| \| \| \|
	\| \| +3:eth0@if19 10.10.59.2/32 \| \| \|
	\| +--------------- \| ---------------------------+ \| \|
	\| \| (veth) \| \|
	\| Inner/Encap/Outer +19:cali7d7a89ea281@if3 \| ++
	\| \| function \|
	\| v v \|
	\| I NAT iptables nat: 10.96.193.4 tcp dpt:4000 x DNAT to:10.10.242.135:80* \| ++ kube-proxy
	\| x DNAT to:10.10.59.3:80 \| ++
	\| \|
	\| I ROUTE $ ip r get 10.10.242.135 \| head -n1 \| ++
	\| 10.10.242.135 via 10.10.242.128 dev vxlan.calico src 10.10.59.0 \| \| CNI
	\| \| \|
	\| I ARP $ ip neigh \| grep 10.10.242.128 \| \|
	\| 10.10.242.128 dev vxlan.calico lladdr 66:68:3d:c5:aa:4a PERMANENT \| \|
	\| \| \|
	\| E ENCAP $ bridge fdb sh dev vxlan.calico \| grep 66:68:3d:c5:aa:4a \| \|
	\| 66:68:3d:c5:aa:4a dst 192.168.122.64 self permanent \| ++
	\| \|
	\| O ROUTE $ ip r get 192.168.122.64 \| head -n1 \| ++ DHCP
	\| 192.168.122.64 dev eth0 src 192.168.122.155 \| ++
	\| \|
	\| O ARP $ ip neigh \| grep 192.168.122.64 \| ++ ARP
	\| 192.168.122.64 dev eth0 lladdr 52:54:00:90:37:06 REACHABLE \| ++
	\| \|
	\| eth0 192.168.122.155/24 \|
	+------------------------------+----------------------------------------------+
	\|
	+------------+--------------------------------+
	\| \|
	\| INFRASTRUCTURE NETWORK \|
	\| \|
	+------------------+----+---------------------+
	\| \|
	+---------------------------+ \| \| +---------------------------+
	\|SERVER POD HOST (replica 1)\| \| \| \|SERVER POD HOST (replica 2)\|
	\| +-----------------------+ \| \| \| \| +-----------------------+ \|
	\| \|SERVER POD \| \| \| \| \| \|SERVER POD \| \|
	\| \| nginx:80 \| \| \| \| \| \| nginx:80 \| \|
	\| \| eth0 10.10.242.135/32 \| \| \| \| \| \| eth0 10.10.59.3/32 \| \| ++ CNI
	\| +-----------------------+ \| \| \| \| +-----------------------+ \|
	\| \| \| \| \| \|
	\| eth0 192.168.122.64/24 \| \| \| \| eth0 192.168.122.92/24 \| ++ DHCP
	+---+-----------------------+ \| \| +---+-----------------------+
	\| \| \| \|
	+----------------------------+ +--------+