From ed425bdd6fefacb0f06b35fa8f4caedf042dc84d Mon Sep 17 00:00:00 2001 From: "Cel A. Skeggs" Date: Thu, 1 Feb 2018 17:49:12 -0500 Subject: [PATCH] backend/udp: Use a /32 prefix for the flannel0 interface This avoids the kernel's creation of broadcast routes, which prevent communication from the host with the zeroth subnet to containers on any other hosts. --- backend/udp/udp_network.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/backend/udp/udp_network.go b/backend/udp/udp_network.go index 1f9752f8..242ebf49 100644 --- a/backend/udp/udp_network.go +++ b/backend/udp/udp_network.go @@ -153,9 +153,15 @@ func configureIface(ifname string, ipn ip.IP4Net, mtu int) error { return fmt.Errorf("failed to lookup interface %v", ifname) } - err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipn.ToIPNet(), Label: ""}) + // Ensure that the device has a /32 address so that no broadcast routes are created. + // This IP is just used as a source address for host to workload traffic (so + // the return path for the traffic has an address on the flannel network to use as the destination) + ipnLocal := ipn + ipnLocal.PrefixLen = 32 + + err = netlink.AddrAdd(iface, &netlink.Addr{IPNet: ipnLocal.ToIPNet(), Label: ""}) if err != nil { - return fmt.Errorf("failed to add IP address %v to %v: %v", ipn.String(), ifname, err) + return fmt.Errorf("failed to add IP address %v to %v: %v", ipnLocal.String(), ifname, err) } err = netlink.LinkSetMTU(iface, mtu)