Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow/support arbitrary L4 protocols in guest traffic #609

Open
taspelund opened this issue Oct 22, 2024 · 0 comments
Open

Allow/support arbitrary L4 protocols in guest traffic #609

taspelund opened this issue Oct 22, 2024 · 0 comments
Labels
customer For any bug reports or feature requests tied to customer requests

Comments

@taspelund
Copy link

OPTE currently rejects traffic that doesn't match one of 4 permitted L4 protocols: TCP, UDP, ICMP and ICMPv6.

While there are NAT considerations for other L4 protocols (Shared NAT / PAT / NAT Overload / rely on TCP/UDP source/destination ports as part of the NAT entry, so it's only compatible with 1:1 NAT), this is restrictive for users who need to rely on other transport protocols.

e.g.

Keepalived uses VRRP to signal state transitions (must be unicast on our platform), but since this rides inside its own L4 Protocol, those packets get dropped by OPTE.

Simple tunneling mechanisms like GRE or IP-in-IP rely on L4 protocols that are not TCP, UDP or ICMP.

In these situations, the narrow L4 protocol support is a hindrance... where at best the experience is functional but kludgy (like having to setup something like wireguard as transport).
@taspelund taspelund added the customer For any bug reports or feature requests tied to customer requests label Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer For any bug reports or feature requests tied to customer requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@taspelund