K8s_POD_to_service

root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep suse

ems edgecloud-suse-adapter-58f584bbd7-h96nf 1/1 Running 0 27m 10.233.67.198 ems203-w1 <none> <none>

ems edgecloud-suse-adapter-58f584bbd7-q9p52 1/1 Running 0 28m 10.233.98.86 ems203-w7 <none> <none>

ems edgecloud-suse-adapter-58f584bbd7-t6xvc 1/1 Running 0 26m 10.233.101.205 ems203-w2 <none> <none>

root@ems203-m1:/home/labadmin# kubectl get pods -A -o wide | grep a10

ems ems-a10nsp-accounting-89c69b796-rpb9k 1/1 Running 0 47m 10.233.101.224 ems203-w2 <none> <none>

root@ems203-m1:/home/labadmin# kubectl get svc -n ems -o wide | grep suse

edgecloud-suse-adapter ClusterIP 10.233.50.7 <none> 8080/TCP 38m

app.kubernetes.io/instance=edgecloud-suse-adapter,app.kubernetes.io/name=edgecloud-suse-adapter

root@ems203-m1:/home/labadmin# kubectl get svc -n ems -o wide | grep a10nsp

ems-a10nsp-accounting ClusterIP 10.233.3.89 <none> 8080/TCP 28m app.kubernetes.io/instance=ems-a10nsp-accounting,app.kubernetes.io/name=ems-a10nsp-accounting

root@ems203-m1:/home/labadmin# kubectl get endpoints -n ems edgecloud-suse-adapter -o wide

NAME ENDPOINTS AGE

edgecloud-suse-adapter 10.233.101.205:8080,10.233.67.198:8080,10.233.98.86:8080 39m

root@ems203-m1:/home/labadmin# kubectl get endpoints -n ems ems-a10nsp-accounting -o wide

NAME ENDPOINTS AGE

ems-a10nsp-accounting 10.233.101.224:8080 30m

root@ems203-m1:/home/labadmin# kubectl -n kube-system get cm kube-proxy -o yaml | grep mode

mode: ipvs

root@ems203-w2:/home/labadmin# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 10.233.50.7:8080 rr

-> 10.233.67.198:8080 Masq 1 0 0

-> 10.233.98.86:8080 Masq 1 0 0

-> 10.233.101.205:8080 Masq 1 0 0

SCENARIO 1: Pod → Service → Pod (SAME NODE)

Assume:

Client pod: 10.233.101.224 (ems203-w2)

Selected backend: 10.233.101.205 (same node)

#Step-by-step packet flow

1.Client pod sends traffic

SRC=10.233.101.224

DST=10.233.50.7:8080

Packet exits pod via:

eth0 → veth → caliXXXX

2.Packet hits kube-proxy (IPVS hook)

At PREROUTING (nat):

kube-proxy registered the Service IP with IPVS

Kernel hands packet to IPVS engine

3. IPVS selects backend

Scheduler: rr

Selected: 10.233.101.205:8080

Mode: Masq (SNAT+DNAT)

DNAT happens here

DST changes:

10.233.50.7 → 10.233.101.205

SNAT also applied

SRC becomes: Node IP (ems203-w2)

Why SNAT?

To avoid asymmetric return paths

Standard kube-proxy IPVS behavior

2.Routing decision (NO VXLAN)

Routing table sees:

10.233.101.205/32 dev caliYYYY scope link

So:

Traffic stays inside the node

NO vxlan.calico

NO physical NIC

5. Packet delivered to backend pod

caliYYYY → veth → pod eth0

Backend pod sees:

SRC = NodeIP

DST = 10.233.101.205

6.Response path (conntrack magic)

Return packet:

SRC=10.233.101.205

DST=NodeIP

conntrack reverses:

SNAT

DNAT

Final packet to client pod:

SRC=10.233.50.7

DST=10.233.101.224

Client thinks it talked to the Service IP, not the pod.

SCENARIO 2: Pod → Service → Pod (DIFFERENT NODE)

Assume IPVS selects:

10.233.67.198 (remote node)

step1-3.Same until IPVS selection

DNAT:

10.233.50.7 → 10.233.67.198

SNAT:

SRC → ems203-w2 NodeIP

4.Routing decision (VXLAN path)

Routing table:

10.233.67.0/24 via vxlan.calico

Packet flow:

caliXXXX → vxlan.calico → eth0 → network

5.Remote node decapsulation

On remote node:

eth0 → vxlan.calico → caliZZZZ → pod

6.Return path

Response goes back to ems203-w2

conntrack reverses NAT

Client gets reply from Service IP

###############

root@ems203-w2:/home/labadmin# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 172.27.69.40:30195 rr

-> 10.233.98.79:3128 Masq 1 0 0

-> 10.233.101.141:3128 Masq 1 0 0

-> 10.233.120.234:3128 Masq 1 0 0

TCP 172.27.69.40:30222 rr

-> 10.233.97.68:8000 Masq 1 0 0

-> 10.233.98.124:8000 Masq 1 0 0

-> 10.233.120.202:8000 Masq 1 0 0

TCP 172.27.69.40:30379 rr

-> 10.233.97.73:9543 Masq 1 0 0

-> 10.233.98.73:9543 Masq 1 0 0

-> 10.233.101.231:9543 Masq 1 0 0

TCP 172.27.69.40:30390 rr

-> 10.233.98.111:24224 Masq 1 0 0

-> 10.233.127.154:24224 Masq 1 0 0

TCP 172.27.69.40:30477 rr

-> 10.233.67.204:9000 Masq 1 0 0

-> 10.233.101.133:9000 Masq 1 0 0

-> 10.233.127.142:9000 Masq 1 0 0

TCP 172.27.69.40:31122 rr

-> 10.233.97.68:9443 Masq 1 0 0

-> 10.233.98.124:9443 Masq 1 0 0

-> 10.233.120.202:9443 Masq 1 0 0

TCP 172.27.69.40:31292 rr

-> 10.233.67.204:8000 Masq 1 0 0

-> 10.233.101.133:8000 Masq 1 0 0

-> 10.233.127.142:8000 Masq 1 0 0

TCP 172.27.69.40:31707 rr

-> 10.233.98.111:9880 Masq 1 0 0

-> 10.233.127.154:9880 Masq 1 0 0

TCP 172.27.69.40:31796 rr

-> 10.233.67.204:9443 Masq 1 0 0

-> 10.233.101.133:9443 Masq 1 0 0

-> 10.233.127.142:9443 Masq 1 0 0

TCP 172.27.69.40:31937 rr

-> 10.233.97.68:8443 Masq 1 0 0

-> 10.233.98.124:8443 Masq 1 0 0

-> 10.233.120.202:8443 Masq 1 0 0

TCP 172.27.69.40:32058 rr

-> 10.233.97.68:9000 Masq 1 0 0

-> 10.233.98.124:9000 Masq 1 0 0

-> 10.233.120.202:9000 Masq 1 0 0

TCP 172.27.69.40:32679 rr

-> 10.233.67.204:8443 Masq 1 0 0

-> 10.233.101.133:8443 Masq 1 0 0

-> 10.233.127.142:8443 Masq 1 0 0

TCP 172.27.69.57:80 rr

-> 10.233.97.68:8000 Masq 1 0 0

-> 10.233.98.124:8000 Masq 1 0 0

-> 10.233.120.202:8000 Masq 1 0 0

TCP 172.27.69.57:443 rr

-> 10.233.97.68:8443 Masq 1 0 0

-> 10.233.98.124:8443 Masq 1 0 0

-> 10.233.120.202:8443 Masq 1 0 0

TCP 172.27.69.57:9000 rr

-> 10.233.97.68:9000 Masq 1 0 0

-> 10.233.98.124:9000 Masq 1 0 0

-> 10.233.120.202:9000 Masq 1 0 0

TCP 172.27.69.57:9443 rr

-> 10.233.97.68:9443 Masq 1 0 0

-> 10.233.98.124:9443 Masq 1 0 0

-> 10.233.120.202:9443 Masq 1 0 0

TCP 172.27.69.57:9543 rr

-> 10.233.97.73:9543 Masq 1 0 0

-> 10.233.98.73:9543 Masq 1 0 0

-> 10.233.101.231:9543 Masq 1 0 0

TCP 172.27.69.58:9880 rr

-> 10.233.98.111:9880 Masq 1 0 0

-> 10.233.127.154:9880 Masq 1 0 0

TCP 172.27.69.58:24224 rr

-> 10.233.98.111:24224 Masq 1 0 0

-> 10.233.127.154:24224 Masq 1 0 0

TCP 172.27.69.59:32307 rr

-> 10.233.98.79:3128 Masq 1 0 0

-> 10.233.101.141:3128 Masq 1 0 0

-> 10.233.120.234:3128 Masq 1 0 0

TCP 172.27.69.62:80 rr

-> 10.233.67.204:8000 Masq 1 0 0

-> 10.233.101.133:8000 Masq 1 0 0

-> 10.233.127.142:8000 Masq 1 0 0

TCP 172.27.69.62:443 rr

-> 10.233.67.204:8443 Masq 1 1 0

-> 10.233.101.133:8443 Masq 1 0 0

-> 10.233.127.142:8443 Masq 1 0 0

TCP 172.27.69.62:9000 rr

-> 10.233.67.204:9000 Masq 1 0 0

-> 10.233.101.133:9000 Masq 1 0 0

-> 10.233.127.142:9000 Masq 1 0 0

TCP 172.27.69.62:9443 rr

-> 10.233.67.204:9443 Masq 1 0 0

-> 10.233.101.133:9443 Masq 1 0 0

-> 10.233.127.142:9443 Masq 1 0 0

TCP 10.233.0.1:443 rr

-> 172.27.69.36:6443 Masq 1 10 1

-> 172.27.69.37:6443 Masq 1 15 1

-> 172.27.69.38:6443 Masq 1 12 0

TCP 10.233.0.3:53 rr

-> 10.233.64.65:53 Masq 1 0 0

-> 10.233.111.194:53 Masq 1 0 0

TCP 10.233.0.3:9153 rr

-> 10.233.64.65:9153 Masq 1 0 0

-> 10.233.111.194:9153 Masq 1 0 0

TCP 10.233.1.97:8080 rr

-> 10.233.67.195:8080 Masq 1 0 0

TCP 10.233.1.248:9501 rr persistent 10800

-> 10.233.67.200:9501 Masq 1 0 0

-> 10.233.97.65:9501 Masq 1 0 0

-> 10.233.98.110:9501 Masq 1 0 0

-> 10.233.101.130:9501 Masq 1 0 0

-> 10.233.101.195:9501 Masq 1 0 0

-> 10.233.120.212:9501 Masq 1 0 0

-> 10.233.127.85:9501 Masq 1 0 0

-> 10.233.127.178:9501 Masq 1 0 0

TCP 10.233.3.89:8080 rr

-> 10.233.101.224:8080 Masq 1 0 0

TCP 10.233.5.226:9100 rr

-> 172.27.69.36:9100 Masq 1 0 0

-> 172.27.69.37:9100 Masq 1 0 0

-> 172.27.69.38:9100 Masq 1 0 0

-> 172.27.69.39:9100 Masq 1 0 0

-> 172.27.69.40:9100 Masq 1 0 0

-> 172.27.69.41:9100 Masq 1 0 0

-> 172.27.69.42:9100 Masq 1 0 0

-> 172.27.69.43:9100 Masq 1 0 0

-> 172.27.69.44:9100 Masq 1 0 0

-> 172.27.69.45:9100 Masq 1 0 0

-> 172.27.69.46:9100 Masq 1 0 0

TCP 10.233.6.91:9500 rr persistent 10800

-> 10.233.67.200:9500 Masq 1 0 0

-> 10.233.97.65:9500 Masq 1 0 0

-> 10.233.98.110:9500 Masq 1 0 0

-> 10.233.101.130:9500 Masq 1 1 0

-> 10.233.101.195:9500 Masq 1 0 0

-> 10.233.120.212:9500 Masq 1 0 0

-> 10.233.127.85:9500 Masq 1 0 0

-> 10.233.127.178:9500 Masq 1 0 0

TCP 10.233.6.253:80 rr

-> 10.233.97.73:8080 Masq 1 0 0

-> 10.233.98.73:8080 Masq 1 0 0

-> 10.233.101.231:8080 Masq 1 0 0

TCP 10.233.9.202:9880 rr

-> 10.233.64.74:9880 Masq 1 0 0

-> 10.233.67.244:9880 Masq 1 0 0

-> 10.233.97.74:9880 Masq 1 0 0

-> 10.233.98.126:9880 Masq 1 0 0

-> 10.233.100.138:9880 Masq 1 0 0

-> 10.233.101.173:9880 Masq 1 0 0

-> 10.233.101.209:9880 Masq 1 0 0

-> 10.233.111.203:9880 Masq 1 0 0

-> 10.233.120.235:9880 Masq 1 0 0

-> 10.233.127.73:9880 Masq 1 0 0

-> 10.233.127.165:9880 Masq 1 0 0

TCP 10.233.10.74:5432 rr

-> 10.233.97.77:5432 Masq 1 0 0

-> 10.233.98.119:5432 Masq 1 0 0

-> 10.233.101.188:5432 Masq 1 0 0

TCP 10.233.11.28:8080 rr

-> 10.233.67.242:8080 Masq 1 0 0

TCP 10.233.11.215:8080 rr

-> 10.233.97.111:8080 Masq 1 0 0

-> 10.233.98.66:8080 Masq 1 0 0

TCP 10.233.13.0:443 rr

-> 10.233.120.221:10250 Masq 1 0 0

TCP 10.233.13.69:27017 rr

-> 10.233.67.202:27017 Masq 1 0 68

-> 10.233.127.124:27017 Masq 1 0 8

-> 10.233.127.133:27017 Masq 1 0 68

TCP 10.233.14.135:5000 rr

-> 10.233.120.200:5000 Masq 1 0 0

TCP 10.233.15.117:9404 rr

-> 10.233.67.231:9404 Masq 1 0 0

-> 10.233.97.76:9404 Masq 1 0 0

-> 10.233.98.74:9404 Masq 1 0 0

-> 10.233.101.212:9404 Masq 1 0 0

-> 10.233.127.69:9404 Masq 1 0 0

-> 10.233.127.174:9404 Masq 1 0 0

TCP 10.233.15.196:10901 rr

-> 10.233.98.72:10901 Masq 1 0 0

-> 10.233.101.183:10901 Masq 1 0 0

-> 10.233.127.188:10901 Masq 1 0 0

TCP 10.233.16.8:9500 rr

-> 10.233.67.223:9500 Masq 1 0 0

TCP 10.233.16.79:443 rr

-> 10.233.101.233:8080 Masq 1 0 0

TCP 10.233.16.83:32307 rr

-> 10.233.98.79:3128 Masq 1 0 0

-> 10.233.101.141:3128 Masq 1 0 0

-> 10.233.120.234:3128 Masq 1 0 0

TCP 10.233.16.127:8080 rr

-> 10.233.67.233:8080 Masq 1 0 0

-> 10.233.120.224:8080 Masq 1 0 0

-> 10.233.127.74:8080 Masq 1 0 0

TCP 10.233.16.127:9093 rr

-> 10.233.67.233:9093 Masq 1 0 0

-> 10.233.120.224:9093 Masq 1 0 0

-> 10.233.127.74:9093 Masq 1 0 0

TCP 10.233.18.62:8080 rr

-> 10.233.127.167:8080 Masq 1 0 0

TCP 10.233.18.104:9500 rr

-> 10.233.127.145:9500 Masq 1 0 0

TCP 10.233.19.0:8200 rr

-> 10.233.101.207:8200 Masq 1 0 0

TCP 10.233.19.0:8201 rr

-> 10.233.101.207:8201 Masq 1 0 0

TCP 10.233.19.47:8080 rr

-> 10.233.101.198:8080 Masq 1 12 0

TCP 10.233.19.154:8080 rr

-> 10.233.67.252:8080 Masq 1 0 0

-> 10.233.101.255:8080 Masq 1 0 0

-> 10.233.127.139:8080 Masq 1 0 0

TCP 10.233.19.154:9000 rr

-> 10.233.67.252:9000 Masq 1 0 0

-> 10.233.101.255:9000 Masq 1 0 0

-> 10.233.127.139:9000 Masq 1 0 0

TCP 10.233.19.180:8636 rr

-> 10.233.101.157:8636 Masq 1 0 0

TCP 10.233.21.0:9880 rr

-> 10.233.98.111:9880 Masq 1 0 0

-> 10.233.127.154:9880 Masq 1 0 0

TCP 10.233.21.0:24224 rr

-> 10.233.98.111:24224 Masq 1 0 13

-> 10.233.127.154:24224 Masq 1 0 12

TCP 10.233.21.43:9090 rr

-> 10.233.98.72:10902 Masq 1 0 0

-> 10.233.101.183:10902 Masq 1 0 0

-> 10.233.127.188:10902 Masq 1 0 0

TCP 10.233.21.213:80 rr

-> 10.233.67.223:8080 Masq 1 0 0

TCP 10.233.23.68:9187 rr

-> 10.233.97.77:9187 Masq 1 0 0

-> 10.233.98.119:9187 Masq 1 0 0

-> 10.233.101.188:9187 Masq 1 0 0

TCP 10.233.24.148:9404 rr

TCP 10.233.24.158:3000 rr

-> 10.233.101.211:3000 Masq 1 0 0

TCP 10.233.24.206:9094 rr

-> 10.233.97.76:9094 Masq 1 0 0

TCP 10.233.24.235:80 rr

-> 10.233.97.113:8000 Masq 1 0 0

-> 10.233.101.241:8000 Masq 1 0 0

-> 10.233.127.125:8000 Masq 1 0 0

TCP 10.233.24.235:443 rr

-> 10.233.97.113:8443 Masq 1 0 0

-> 10.233.101.241:8443 Masq 1 0 0

-> 10.233.127.125:8443 Masq 1 0 0

TCP 10.233.24.235:9000 rr

-> 10.233.97.113:9000 Masq 1 0 0

-> 10.233.101.241:9000 Masq 1 0 0

-> 10.233.127.125:9000 Masq 1 0 0

TCP 10.233.24.235:9443 rr

-> 10.233.97.113:9443 Masq 1 0 0

-> 10.233.101.241:9443 Masq 1 0 0

-> 10.233.127.125:9443 Masq 1 0 0

TCP 10.233.27.1:80 rr

-> 10.233.97.73:9500 Masq 1 0 0

-> 10.233.98.73:9500 Masq 1 0 0

-> 10.233.101.231:9500 Masq 1 0 0

TCP 10.233.28.85:9094 rr

-> 10.233.101.212:9094 Masq 1 0 0

TCP 10.233.28.160:9500 rr

-> 10.233.120.209:9500 Masq 1 0 0

TCP 10.233.29.13:443 rr

-> 10.233.67.204:8080 Masq 1 0 0

-> 10.233.101.133:8080 Masq 1 0 0

-> 10.233.127.142:8080 Masq 1 0 0

TCP 10.233.29.63:8080 rr

-> 10.233.97.121:8080 Masq 1 0 0

TCP 10.233.29.192:8080 rr

-> 10.233.101.134:8080 Masq 1 1 0

-> 10.233.127.67:8080 Masq 1 1 1

TCP 10.233.30.60:80 rr

-> 10.233.97.68:8000 Masq 1 0 0

-> 10.233.98.124:8000 Masq 1 0 0

-> 10.233.120.202:8000 Masq 1 0 0

TCP 10.233.30.60:443 rr

-> 10.233.97.68:8443 Masq 1 0 0

-> 10.233.98.124:8443 Masq 1 0 0

-> 10.233.120.202:8443 Masq 1 0 0

TCP 10.233.30.60:9000 rr

-> 10.233.97.68:9000 Masq 1 0 0

-> 10.233.98.124:9000 Masq 1 0 0

-> 10.233.120.202:9000 Masq 1 0 0

TCP 10.233.30.60:9443 rr

-> 10.233.97.68:9443 Masq 1 0 0

-> 10.233.98.124:9443 Masq 1 0 0

-> 10.233.120.202:9443 Masq 1 0 0

TCP 10.233.30.163:9200 rr

-> 10.233.97.83:9200 Masq 1 0 0

-> 10.233.101.156:9200 Masq 1 0 0

-> 10.233.127.71:9200 Masq 1 1 0

TCP 10.233.30.163:9300 rr

-> 10.233.97.83:9300 Masq 1 0 0

-> 10.233.101.156:9300 Masq 1 0 0

-> 10.233.127.71:9300 Masq 1 0 0

TCP 10.233.31.71:9216 rr

-> 10.233.67.202:9216 Masq 1 0 0

-> 10.233.67.218:9216 Masq 1 0 0

-> 10.233.97.127:9216 Masq 1 0 0

-> 10.233.98.67:9216 Masq 1 0 0

-> 10.233.98.109:9216 Masq 1 0 0

-> 10.233.101.143:9216 Masq 1 0 0

-> 10.233.101.229:9216 Masq 1 0 0

-> 10.233.101.232:9216 Masq 1 0 0

-> 10.233.120.231:9216 Masq 1 0 0

-> 10.233.120.245:9216 Masq 1 0 0

-> 10.233.120.250:9216 Masq 1 0 0

-> 10.233.127.87:9216 Masq 1 0 0

-> 10.233.127.124:9216 Masq 1 0 0

-> 10.233.127.133:9216 Masq 1 0 0

-> 10.233.127.162:9216 Masq 1 0 0

TCP 10.233.32.146:10254 rr

-> 10.233.97.68:10254 Masq 1 0 0

-> 10.233.98.124:10254 Masq 1 0 0

-> 10.233.120.202:10254 Masq 1 0 0

TCP 10.233.32.146:10255 rr

-> 10.233.97.68:10255 Masq 1 0 0

-> 10.233.98.124:10255 Masq 1 0 0

-> 10.233.120.202:10255 Masq 1 0 0

TCP 10.233.33.7:8080 rr

-> 10.233.120.209:8080 Masq 1 0 0

TCP 10.233.33.223:9503 rr persistent 10800

-> 10.233.67.200:9503 Masq 1 0 0

-> 10.233.97.65:9503 Masq 1 0 0

-> 10.233.98.110:9503 Masq 1 0 0

-> 10.233.101.130:9503 Masq 1 0 0

-> 10.233.101.195:9503 Masq 1 0 0

-> 10.233.120.212:9503 Masq 1 0 0

-> 10.233.127.85:9503 Masq 1 0 0

-> 10.233.127.178:9503 Masq 1 0 0

TCP 10.233.33.234:8080 rr

-> 10.233.67.215:8080 Masq 1 0 0

-> 10.233.101.138:8080 Masq 1 0 0

TCP 10.233.34.212:80 rr

-> 10.233.127.153:9999 Masq 1 0 0

TCP 10.233.35.50:8080 rr

-> 10.233.101.237:8080 Masq 1 0 0

TCP 10.233.35.179:5601 rr

-> 10.233.127.173:9500 Masq 1 0 0

TCP 10.233.36.31:9500 rr

-> 10.233.98.112:9500 Masq 1 0 0

TCP 10.233.37.55:5432 rr

-> 10.233.67.253:5432 Masq 1 1 1

-> 10.233.101.200:5432 Masq 1 3 1

TCP 10.233.39.0:443 rr

-> 10.233.97.68:8080 Masq 1 0 0

-> 10.233.98.124:8080 Masq 1 0 0

-> 10.233.120.202:8080 Masq 1 0 0

TCP 10.233.39.209:8443 rr

TCP 10.233.39.236:80 rr

-> 10.233.67.247:8080 Masq 1 0 0

TCP 10.233.40.27:8200 rr

-> 10.233.97.93:8200 Masq 1 0 0

-> 10.233.101.190:8200 Masq 1 0 0

-> 10.233.101.207:8200 Masq 1 0 0

TCP 10.233.40.27:8201 rr

-> 10.233.97.93:8201 Masq 1 0 0

-> 10.233.101.190:8201 Masq 1 0 0

-> 10.233.101.207:8201 Masq 1 0 0

TCP 10.233.41.63:9404 rr

-> 10.233.97.118:9404 Masq 1 0 0

TCP 10.233.41.160:80 rr

-> 10.233.67.204:8000 Masq 1 0 0

-> 10.233.101.133:8000 Masq 1 0 0

-> 10.233.127.142:8000 Masq 1 0 0

TCP 10.233.41.160:443 rr

-> 10.233.67.204:8443 Masq 1 0 0

-> 10.233.101.133:8443 Masq 1 0 0

-> 10.233.127.142:8443 Masq 1 0 0

TCP 10.233.41.160:9000 rr

-> 10.233.67.204:9000 Masq 1 0 0

-> 10.233.101.133:9000 Masq 1 0 0

-> 10.233.127.142:9000 Masq 1 0 0

TCP 10.233.41.160:9443 rr

-> 10.233.67.204:9443 Masq 1 0 0

-> 10.233.101.133:9443 Masq 1 0 0

-> 10.233.127.142:9443 Masq 1 0 0

TCP 10.233.41.214:8081 rr

-> 10.233.101.235:8081 Masq 1 0 0

TCP 10.233.42.173:9500 rr

-> 10.233.101.134:9500 Masq 1 0 0

-> 10.233.127.67:9500 Masq 1 0 0

TCP 10.233.43.64:8080 rr

-> 10.233.97.107:8080 Masq 1 0 0

TCP 10.233.43.196:9094 rr

-> 10.233.97.76:9094 Masq 1 0 0

-> 10.233.101.212:9094 Masq 1 0 0

-> 10.233.127.174:9094 Masq 1 0 0

TCP 10.233.43.255:443 rr

-> 10.233.101.206:9443 Masq 1 0 0

TCP 10.233.44.69:9500 rr

-> 10.233.127.167:9500 Masq 1 0 0

TCP 10.233.44.122:8080 rr

-> 10.233.101.193:8080 Masq 1 0 0

-> 10.233.127.144:8080 Masq 1 0 0

TCP 10.233.44.202:9094 rr

-> 10.233.127.174:9094 Masq 1 0 0

TCP 10.233.45.122:8080 rr

-> 10.233.127.147:8080 Masq 1 0 0

TCP 10.233.45.225:5432 rr

-> 10.233.98.119:5432 Masq 1 0 0

TCP 10.233.47.99:5000 rr

-> 10.233.98.118:5000 Masq 1 0 0

TCP 10.233.47.215:80 rr

-> 10.233.67.252:8080 Masq 1 0 0

-> 10.233.101.255:8080 Masq 1 0 0

-> 10.233.127.139:8080 Masq 1 0 0

TCP 10.233.48.21:80 rr

-> 10.233.67.223:9999 Masq 1 0 0

TCP 10.233.48.135:443 rr

-> 10.233.98.89:10250 Masq 1 0 0

TCP 10.233.49.91:8080 rr

-> 10.233.127.179:8080 Masq 1 0 0

TCP 10.233.50.7:8080 rr

-> 10.233.67.198:8080 Masq 1 0 0

-> 10.233.98.86:8080 Masq 1 0 0

-> 10.233.101.205:8080 Masq 1 0 0

TCP 10.233.50.20:443 rr

-> 10.233.97.113:8080 Masq 1 0 0

-> 10.233.101.241:8080 Masq 1 0 0

-> 10.233.127.125:8080 Masq 1 0 0

TCP 10.233.51.235:80 rr

-> 10.233.120.220:8080 Masq 1 0 0

TCP 10.233.52.25:8080 rr

-> 10.233.67.222:8080 Masq 1 0 0

-> 10.233.120.215:8080 Masq 1 0 0

-> 10.233.127.65:8080 Masq 1 0 0

TCP 10.233.52.25:9090 rr

-> 10.233.67.222:9090 Masq 1 0 0

-> 10.233.120.215:9090 Masq 1 0 0

-> 10.233.127.65:9090 Masq 1 0 0

TCP 10.233.53.6:10254 rr

-> 10.233.67.204:10254 Masq 1 0 0

-> 10.233.101.133:10254 Masq 1 0 0

-> 10.233.127.142:10254 Masq 1 0 0

TCP 10.233.53.6:10255 rr

-> 10.233.67.204:10255 Masq 1 0 0

-> 10.233.101.133:10255 Masq 1 0 0

-> 10.233.127.142:10255 Masq 1 0 0

TCP 10.233.53.198:9500 rr

-> 10.233.101.237:9500 Masq 1 0 0

TCP 10.233.54.169:9543 rr

-> 10.233.97.73:9543 Masq 1 0 0

-> 10.233.98.73:9543 Masq 1 0 0

-> 10.233.101.231:9543 Masq 1 0 0

TCP 10.233.54.191:8080 rr

-> 10.233.127.80:8080 Masq 1 0 0

TCP 10.233.54.212:80 rr

-> 10.233.101.254:8080 Masq 1 0 0

TCP 10.233.55.118:9091 rr

-> 10.233.97.76:9091 Masq 1 0 0

-> 10.233.101.212:9091 Masq 1 0 0

-> 10.233.127.174:9091 Masq 1 0 0

TCP 10.233.55.118:9092 rr

-> 10.233.97.76:9092 Masq 1 1 41

-> 10.233.101.212:9092 Masq 1 4 43

-> 10.233.127.174:9092 Masq 1 2 44

TCP 10.233.55.118:9093 rr

-> 10.233.97.76:9093 Masq 1 0 0

-> 10.233.101.212:9093 Masq 1 0 0

-> 10.233.127.174:9093 Masq 1 0 0

TCP 10.233.56.135:80 rr

-> 10.233.127.123:8080 Masq 1 0 0

TCP 10.233.56.151:8200 rr

-> 10.233.97.93:8200 Masq 1 0 0

-> 10.233.101.190:8200 Masq 1 0 0

TCP 10.233.56.151:8201 rr

-> 10.233.97.93:8201 Masq 1 0 0

-> 10.233.101.190:8201 Masq 1 0 0

TCP 10.233.57.70:80 rr

-> 10.233.97.113:8000 Masq 1 0 0

-> 10.233.101.241:8000 Masq 1 0 0

-> 10.233.127.125:8000 Masq 1 0 0

TCP 10.233.57.70:443 rr

-> 10.233.97.113:8443 Masq 1 0 0

-> 10.233.101.241:8443 Masq 1 0 0

-> 10.233.127.125:8443 Masq 1 0 0

TCP 10.233.57.70:9000 rr

-> 10.233.97.113:9000 Masq 1 0 0

-> 10.233.101.241:9000 Masq 1 0 0

-> 10.233.127.125:9000 Masq 1 0 0

TCP 10.233.57.70:9443 rr

-> 10.233.97.113:9443 Masq 1 0 0

-> 10.233.101.241:9443 Masq 1 0 0

-> 10.233.127.125:9443 Masq 1 0 0

TCP 10.233.57.167:80 rr

-> 10.233.101.211:9600 Masq 1 0 0

TCP 10.233.57.167:8080 rr

-> 10.233.101.211:3000 Masq 1 0 0

TCP 10.233.59.229:27017 rr persistent 10800

-> 10.233.67.202:27017 Masq 1 0 0

-> 10.233.127.124:27017 Masq 1 0 0

-> 10.233.127.133:27017 Masq 1 0 0

TCP 10.233.60.15:8080 rr

-> 10.233.120.204:8080 Masq 1 0 0

TCP 10.233.60.205:80 rr

-> 10.233.98.106:8000 Masq 1 0 0

-> 10.233.127.129:8000 Masq 1 0 0

TCP 10.233.60.239:80 rr

-> 10.233.127.145:9500 Masq 1 0 0

TCP 10.233.62.36:9500 rr

-> 10.233.127.80:9500 Masq 1 0 0

TCP 10.233.62.173:9543 rr

-> 10.233.101.134:9543 Masq 1 0 0

-> 10.233.127.67:9543 Masq 1 0 0

TCP 10.233.62.201:10254 rr

-> 10.233.97.113:10254 Masq 1 0 0

-> 10.233.101.241:10254 Masq 1 0 0

-> 10.233.127.125:10254 Masq 1 0 0

TCP 10.233.62.201:10255 rr

-> 10.233.97.113:10255 Masq 1 0 0

-> 10.233.101.241:10255 Masq 1 0 0

-> 10.233.127.125:10255 Masq 1 0 0

TCP 10.233.62.221:8080 rr

-> 10.233.98.112:8080 Masq 1 0 0

TCP 10.233.63.4:443 rr

-> 10.233.97.104:10250 Masq 1 0 0

-> 10.233.101.208:10250 Masq 1 0 0

-> 10.233.127.169:10250 Masq 1 0 0

TCP 10.233.63.181:9502 rr persistent 10800

-> 10.233.67.200:9502 Masq 1 0 0

-> 10.233.97.65:9502 Masq 1 0 0

-> 10.233.98.110:9502 Masq 1 0 0

-> 10.233.101.130:9502 Masq 1 0 0

-> 10.233.101.195:9502 Masq 1 0 0

-> 10.233.120.212:9502 Masq 1 0 0

-> 10.233.127.85:9502 Masq 1 0 0

-> 10.233.127.178:9502 Masq 1 0 0

TCP 10.233.101.192:30195 rr

-> 10.233.98.79:3128 Masq 1 0 0

-> 10.233.101.141:3128 Masq 1 0 0

-> 10.233.120.234:3128 Masq 1 0 0

TCP 10.233.101.192:30222 rr

-> 10.233.97.68:8000 Masq 1 0 0

-> 10.233.98.124:8000 Masq 1 0 0

-> 10.233.120.202:8000 Masq 1 0 0

TCP 10.233.101.192:30379 rr

-> 10.233.97.73:9543 Masq 1 0 0

-> 10.233.98.73:9543 Masq 1 0 0

-> 10.233.101.231:9543 Masq 1 0 0

TCP 10.233.101.192:30390 rr

-> 10.233.98.111:24224 Masq 1 0 0

-> 10.233.127.154:24224 Masq 1 0 0

TCP 10.233.101.192:30477 rr

-> 10.233.67.204:9000 Masq 1 0 0

-> 10.233.101.133:9000 Masq 1 0 0

-> 10.233.127.142:9000 Masq 1 0 0

TCP 10.233.101.192:31122 rr

-> 10.233.97.68:9443 Masq 1 0 0

-> 10.233.98.124:9443 Masq 1 0 0

-> 10.233.120.202:9443 Masq 1 0 0

TCP 10.233.101.192:31292 rr

-> 10.233.67.204:8000 Masq 1 0 0

-> 10.233.101.133:8000 Masq 1 0 0

-> 10.233.127.142:8000 Masq 1 0 0

TCP 10.233.101.192:31707 rr

-> 10.233.98.111:9880 Masq 1 0 0

-> 10.233.127.154:9880 Masq 1 0 0

TCP 10.233.101.192:31796 rr

-> 10.233.67.204:9443 Masq 1 0 0

-> 10.233.101.133:9443 Masq 1 0 0

-> 10.233.127.142:9443 Masq 1 0 0

TCP 10.233.101.192:31937 rr

-> 10.233.97.68:8443 Masq 1 0 0

-> 10.233.98.124:8443 Masq 1 0 0

-> 10.233.120.202:8443 Masq 1 0 0

TCP 10.233.101.192:32058 rr

-> 10.233.97.68:9000 Masq 1 0 0

-> 10.233.98.124:9000 Masq 1 0 0

-> 10.233.120.202:9000 Masq 1 0 0

TCP 10.233.101.192:32679 rr

-> 10.233.67.204:8443 Masq 1 0 0

-> 10.233.101.133:8443 Masq 1 0 0

-> 10.233.127.142:8443 Masq 1 0 0

UDP 10.233.0.3:53 rr

-> 10.233.64.65:53 Masq 1 0 5186

-> 10.233.111.194:53 Masq 1 0 5110

root@ems203-w2:/home/labadmin# iptables -t nat -L KUBE-SERVICES -n -v

Chain KUBE-SERVICES (2 references)

pkts bytes target prot opt in out source destination

2 120 RETURN 0 -- * * 127.0.0.0/8 0.0.0.0/0

0 0 KUBE-LOAD-BALANCER 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* Kubernetes service lb portal */ match-set KUBE-LOAD-BALANCER dst,dst

0 0 KUBE-MARK-MASQ 0 -- * * !10.233.64.0/18 0.0.0.0/0 /* Kubernetes service cluster ip + port for masquerade purpose */ match-set KUBE-CLUSTER-IP dst,dst

530 60710 KUBE-NODE-PORT 0 -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

522 60230 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 match-set KUBE-CLUSTER-IP dst,dst

0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 match-set KUBE-LOAD-BALANCER dst,dst

root@ems203-w2:/home/labadmin# ip route

default via 172.27.71.254 dev ens3 proto static

10.233.64.64/26 via 10.233.64.64 dev vxlan.calico onlink

10.233.67.192/26 via 10.233.67.192 dev vxlan.calico onlink

10.233.97.64/26 via 10.233.97.64 dev vxlan.calico onlink

10.233.98.64/26 via 10.233.98.64 dev vxlan.calico onlink

10.233.100.128/26 via 10.233.100.128 dev vxlan.calico onlink

10.233.101.128/26 via 10.233.101.128 dev vxlan.calico onlink

blackhole 10.233.101.192/26 proto 80

10.233.101.193 dev cali1f09b9e1390 scope link

10.233.101.195 dev calie083c95ac45 scope link

10.233.101.198 dev cali155bf63513d scope link

10.233.101.199 dev calia82ed2696df scope link

10.233.101.200 dev cali2777b76197a scope link

10.233.101.205 dev cali818a40c40ed scope link

10.233.101.206 dev cali6ecfa090efe scope link

10.233.101.207 dev calid59337ade1f scope link

10.233.101.208 dev calia4615945250 scope link

10.233.101.209 dev cali0f32613a9ab scope link

10.233.101.211 dev cali4ae6faf6470 scope link

10.233.101.212 dev cali58b617f0ef3 scope link

10.233.101.214 dev calicfc3e443c49 scope link

10.233.101.216 dev cali22780897181 scope link

10.233.101.217 dev calib09f4e39b7e scope link

10.233.101.218 dev cali470f3ddc9be scope link

10.233.101.219 dev cali687859f7245 scope link

10.233.101.224 dev caliaa479e31ff6 scope link

10.233.101.226 dev caliefec913c9d0 scope link

10.233.101.229 dev cali6bdfde429f7 scope link

10.233.101.230 dev cali74947c003b7 scope link

10.233.101.231 dev cali2c800707bb1 scope link

10.233.101.232 dev calid75bed34513 scope link

10.233.101.233 dev cali2f4c0198040 scope link

10.233.101.235 dev cali816a97ec07b scope link

10.233.101.236 dev cali59ae0e814a8 scope link

10.233.101.237 dev caliadd5feb5e43 scope link

10.233.101.239 dev cali073880f7acd scope link

10.233.101.241 dev cali7093c615468 scope link

10.233.101.243 dev calie5d48dc1215 scope link

10.233.101.244 dev califd25324b2bf scope link

10.233.101.245 dev calif1b691ce995 scope link

10.233.101.250 dev cali37fbe19b8be scope link

10.233.101.252 dev calic2533184009 scope link

10.233.101.254 dev cali03723fd519f scope link

10.233.101.255 dev cali8f543f66935 scope link

10.233.111.192/26 via 10.233.111.192 dev vxlan.calico onlink

10.233.120.192/26 via 10.233.120.192 dev vxlan.calico onlink

10.233.127.64/26 via 10.233.127.64 dev vxlan.calico onlink

10.233.127.128/26 via 10.233.127.128 dev vxlan.calico onlink

172.27.68.0/22 dev ens3 proto kernel scope link src 172.27.69.40

root@ems203-w2:/home/labadmin#

Search This Blog

K8s_POD_to_service

Comments

Post a Comment

Popular posts from this blog

gNMI_with_grafana on containerlabs

EVPN Route type-1 & type-4 in action

Network Automation with ROBOT Framework