PR : Merge from main

.github/workflows/advanced-lb-sanity.yml

@@ -101,3 +101,15 @@ jobs:
              ./validation.sh
              ./rmconfig.sh
              cd -
+      - run: |
+             cd cicd/ipmasquerade/
+             ./config.sh
+             ./validation.sh
+             ./rmconfig.sh
+             cd -
+      #- run: |
+      #       cd cicd/httpsproxy/
+      #       ./config.sh
+      #       ./validation.sh
+      #       ./rmconfig.sh
+      #       cd -

README.md

@@ -57,7 +57,7 @@ Additionally, loxilb can also support cluster-ip and node-port services, thereby
 loxilb works as a L4 load-balancer/service-proxy by default. Although it provides great performance, at times, L7 load-balancing might become necessary in K8s. There are many good L7 proxies already available for K8s. Still, we are working on providing a great L7 solution natively in eBPF. It is a tough endeavor one which should reap great benefits once completed. Please keep an eye for updates on this.
 
 ## Telco-Cloud with loxilb
-For deploying telco-cloud with cloud-native functions, loxilb can be used as a SCP(service communication proxy). SCP is nothing but a communication hub for telco micro-services running in Kubernetes. But telco-cloud requires load-balancing and communication across various interfaces/standards like N2, N4, E2(ORAN), S6x, 5GLAN, GTP etc. Each of these present its own unique challenges which loxilb aims to solve e.g.
+For deploying telco-cloud with cloud-native functions, loxilb can be used as a SCP(service communication proxy). SCP is a communication proxy defined by [3GPP](https://www.etsi.org/deliver/etsi_ts/129500_129599/129500/16.04.00_60/ts_129500v160400p.pdf) and aimed at telco micro-services running in cloud-native environment. Telco-cloud requires load-balancing and communication across various interfaces/standards like N2, N4, E2(ORAN), S6x, 5GLAN, GTP etc. Each of these present its own unique challenges which loxilb aims to solve e.g.:    
 - N4 requires PFCP level session-intelligence
 - N2 requires NGAP parsing capability
 - S6x requires Diameter/SCTP multi-homing LB support
@@ -66,20 +66,11 @@ For deploying telco-cloud with cloud-native functions, loxilb can be used as a S
 - E2 might require SCTP-LB with OpenVPN bundled together
 - SIP support is needed to enable cloud-native VOIP
 
-## How-To Guides
-- [How-To : Deploy loxilb in K8s with kube-loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/kube-loxilb.md)
-- [How-To : Run in K8s with in-cluster mode](https://www.loxilb.io/post/k8s-nuances-of-in-cluster-external-service-lb-with-loxilb)
-- [How-To : High-availability with loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/ha-deploy.md)
-- [How-To : Run loxilb in standalone mode](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/standalone.md)
-- [How-To : Manual build/run](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/run.md)
-- [How-To : Standalone configuration](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/cmd.md)
-- [How-To : Debug loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/debugging.md)
-- [How-To : Access end-points outside K8s](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/ext-ep.md)
-- [How-To : Deploy multi-server K3s HA with loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s-multi-master.md)
-- [How-To : Deploy loxilb with multi-AZ HA support in AWS](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/aws-multi-az.md)
-
-## Getting started with different K8s distributions/tools   
+## Architectural Considerations   
+- [Understanding loxilb modes and deployment in K8s with kube-loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/kube-loxilb.md)
+- [Understanding High-availability with loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/ha-deploy.md)
 
+## Getting Started  
 #### loxilb as ext-cluster pod  
 - [K3s : loxilb with default flannel](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s_quick_start_flannel.md)
 - [K3s : loxilb with calico](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s_quick_start_calico.md)
@@ -97,6 +88,16 @@ For deploying telco-cloud with cloud-native functions, loxilb can be used as a S
 - [K3s : loxilb service-proxy with flannel](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-proxy-flannel.md)
 - [K3s : loxilb service-proxy with calico](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-proxy-calico.md)
 
+#### loxilb in standalone mode
+- [Run loxilb standalone](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/standalone.md)
+
+## Advanced Guides    
+- [How-To : Service-group zones with loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-zones.md)
+- [How-To : Access end-points outside K8s](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/ext-ep.md)
+- [How-To : Deploy multi-server K3s HA with loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s-multi-master.md)
+- [How-To : Deploy loxilb with multi-AZ HA support in AWS](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/aws-multi-az.md)
+- [How-To : Deploy loxilb with Ingress](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilb-nginx-ingress.md)
+
 ## Knowledge-Base   
 - [What is eBPF](ebpf.md)
 - [What is k8s service - load-balancer](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/lb.md)
@@ -105,6 +106,9 @@ For deploying telco-cloud with cloud-native functions, loxilb can be used as a S
 - [eBPF internals of loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilbebpf.md)
 - [What are loxilb NAT Modes](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/nat.md)
 - [loxilb load-balancer algorithms](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/lb-algo.md)
+- [Manual steps to build/run](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/run.md)
+- [Debugging loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/debugging.md)
+- [loxicmd command-line tool usage](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/cmd.md)
 - [Developer's guide to loxicmd](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/cmd-dev.md)
 - [Developer's guide to loxilb API](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/api-dev.md)
 - [API Reference - loxilb web-Api](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/api.md)

api/restapi/handler/firewall.go

@@ -56,6 +56,9 @@ func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Respond
 	Opts.Trap = params.Attr.Opts.Trap
 	Opts.Record = params.Attr.Opts.Record
 	Opts.Mark = uint32(params.Attr.Opts.FwMark)
+	Opts.DoSnat = params.Attr.Opts.DoSnat
+	Opts.ToIP = params.Attr.Opts.ToIP
+	Opts.ToPort = uint16(params.Attr.Opts.ToPort)
 
 	FW.Rule = Rules
 	FW.Opts = Opts
@@ -156,6 +159,9 @@ func ConfigGetFW(params operations.GetConfigFirewallAllParams) middleware.Respon
 		tmpOpts.Trap = FW.Opts.Trap
 		tmpOpts.Record = FW.Opts.Record
 		tmpOpts.FwMark = int64(FW.Opts.Mark)
+		tmpOpts.DoSnat = FW.Opts.DoSnat
+		tmpOpts.ToIP = FW.Opts.ToIP
+		tmpOpts.ToPort = int64(FW.Opts.ToPort)
 		tmpOpts.Counter = FW.Opts.Counter
 
 		tmpResult.RuleArguments = &tmpRule

api/restapi/handler/loadbalancer.go

@@ -132,6 +132,7 @@ func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) mid
 		tmpSvc.Probetype = lb.Serv.ProbeType
 		tmpSvc.Probeport = lb.Serv.ProbePort
 		tmpSvc.Name = lb.Serv.Name
+		tmpSvc.Snat = lb.Serv.Snat
 
 		tmpLB.ServiceArguments = &tmpSvc
 

api/swagger.yml

@@ -2894,6 +2894,9 @@ definitions:
           name:
             type: string
             description: service name
+          snat:
+            type: boolean
+            description: snat rule
           oper:
             type: integer
             format: int32
@@ -3614,6 +3617,15 @@ definitions:
       fwMark:
         type: integer
         description: Set a fwmark for any matching rule
+      doSnat:
+        type: boolean
+        description: Do SNAT on matching rule
+      toIP:
+        type: string
+        description: Modify to given IP in CIDR notation
+      toPort:
+        type: integer
+        description: Modify to given Port (Zero if port is not to be modified)
       counter:
         type: string
         description: traffic counters
@@ -3949,4 +3961,3 @@ definitions:
         type: integer
         format: uint8
         description: Retry Count to detect failure
-

cicd/httpsproxy/config.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name llb1
+spawn_docker_host --dock-type host --dock-name l3h1
+spawn_docker_host --dock-type host --dock-name l3ep1
+spawn_docker_host --dock-type host --dock-name l3ep2
+spawn_docker_host --dock-type host --dock-name l3ep3
+
+echo "#########################################"
+echo "Connecting and configuring  hosts"
+echo "#########################################"
+
+
+connect_docker_hosts l3h1 llb1
+connect_docker_hosts l3ep1 llb1
+connect_docker_hosts l3ep2 llb1
+connect_docker_hosts l3ep3 llb1
+
+sleep 5
+
+#L3 config
+config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254
+config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254
+config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254
+config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254
+config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24
+config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24
+config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24
+config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24
+
+$dexec llb1 ip addr add 10.10.10.3/32 dev lo
+./minica -ip-addresses 10.10.10.254
+
+docker cp minica.pem llb1:/opt/loxilb/cert/rootCA.crt
+docker cp 10.10.10.254/cert.pem llb1:/opt/loxilb/cert/server.crt
+docker cp 10.10.10.254/key.pem llb1:/opt/loxilb/cert/server.key
+
+sleep 5
+create_lb_rule llb1 10.10.10.254 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --mode=fullproxy --security=https

cicd/httpsproxy/rmconfig.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts l3h1 llb1
+disconnect_docker_hosts l3ep1 llb1
+disconnect_docker_hosts l3ep2 llb1
+disconnect_docker_hosts l3ep3 llb1
+
+delete_docker_host llb1
+delete_docker_host l3h1
+delete_docker_host l3ep1
+delete_docker_host l3ep2
+delete_docker_host l3ep3
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"

cicd/httpsproxy/validation.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+source ../common.sh
+echo SCENARIO-https-tcplb
+$hexec l3ep1 node ../common/tcp_server.js server1 &
+$hexec l3ep2 node ../common/tcp_server.js server2 &
+$hexec l3ep3 node ../common/tcp_server.js server3 &
+
+sleep 5
+code=0
+servIP=( "10.10.10.254" )
+servArr=( "server1" "server2" "server3" )
+ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" )
+j=0
+waitCount=0
+while [ $j -le 2 ]
+do
+    res=$($hexec l3h1 curl --max-time 10 -s ${ep[j]}:8080)
+    #echo $res
+    if [[ $res == "${servArr[j]}" ]]
+    then
+        echo "$res UP"
+        j=$(( $j + 1 ))
+    else
+        echo "Waiting for ${servArr[j]}(${ep[j]})"
+        waitCount=$(( $waitCount + 1 ))
+        if [[ $waitCount == 10 ]];
+        then
+            echo "All Servers are not UP"
+            echo SCENARIO-tcplb [FAILED]
+            sudo killall -9 node 2>&1 > /dev/null
+            exit 1
+        fi
+    fi
+    sleep 1
+done
+
+for k in {0..0}
+do
+echo "Testing Service IP: ${servIP[k]}"
+lcode=0
+for i in {1..4}
+do
+for j in {0..2}
+do
+    res=$($hexec l3h1 curl --max-time 10 --insecure -s https://${servIP[k]}:2020)
+    echo $res
+    if [[ $res != "${servArr[j]}" ]]
+    then
+        lcode=1
+    fi
+    sleep 1
+done
+done
+if [[ $lcode == 0 ]]
+then
+    echo SCENARIO-https-tcplb with ${servIP[k]} [OK]
+else
+    echo SCENARIO-https-tcplb with ${servIP[k]} [FAILED]
+    code=1
+fi
+done
+
+sudo killall -9 node 2>&1 > /dev/null
+exit $code