Vxlan - No encryption issue #3259
Labels
Comments
|
Hi @apoprassas94 , Can you try updating Wireshark decoding configuration to decode UDP port 4500 as VxLAN and see if that helps |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have 3 nodes topology.
One node is the submariner broker, while the rest two are the gateways.
I deployed both the broker and the join process for the gateways via helm package manager.
I used VXLAN option for the cable driver.
According to the submariner Docs, I am waiting to see unencrypted traffic between the two gateway nodes. However, using tcpdump and wireshark I see encryption with IPSEC.
The command that was used for the deployment of the broker is:
helm install "${BROKER_NS}" submariner-latest/submariner-k8s-broker --create-namespace --namespace "${BROKER_NS}"
while for the join of gateways to the broker:
helm --kubeconfig=$kubeconfig_path install submariner-operator submariner-latest/submariner-operator
--create-namespace
--namespace "${SUBMARINER_NS}"
--set ipsec.psk="${SUBMARINER_PSK}"
--set broker.server="${SUBMARINER_BROKER_URL}"
--set broker.token="${SUBMARINER_BROKER_TOKEN}"
--set broker.namespace="${BROKER_NS}"
--set broker.ca="${SUBMARINER_BROKER_CA}"
--set submariner.cableDriver=vxlan
--set submariner.clusterId="${CLUSTER_ID}"
--set submariner.clusterCidr="${CLUSTER_CIDR}"
--set submariner.serviceCidr="${SERVICE_CIDR}"
--set submariner.globalCidr="${GLOBAL_CIDR}"
--set serviceAccounts.globalnet.create="${GLOBALNET}"
--set submariner.natEnabled="false"
--set crd.create=true
--set submariner.serviceDiscovery=true
--set serviceAccounts.lighthouse.create=true
Does the submariner supports unencrypted traffic?
The text was updated successfully, but these errors were encountered: