1 Answer
- Newest
- Most votes
- Most comments
1
Hello,
Your understanding is correct, it is explained here
By default, the source IPv4 address of each pod that communicates with resources outside of the VPC is translated through network address translation (NAT) to the primary IP address of the primary network interface attached to the node. You can change this behavior to instead have a NAT device in a private subnet translate each pod's IPv4 address to the NAT device's IPv4 address.
The fact that Ping (echo
and echo-reply
) is working I think the VPN is setup properly. You may want to look at this link which explains SNAT in detail and inbound/outbound traffic to and from PODs.
Relevant content
- Accepted Answerasked 3 months ago
- asked 2 years ago
- asked 7 days ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Thank you, that brought me closer to a solution. I have set up a (public) NAT gateway in a public subnet and use it for NAT for pods in a private subnet. However the behavior is the same: Ping works and TCP does not.
tcpdump
andtraceroute
show that the traffic is going through the NAT gateway and the VPN tunnel. Somewhere along the way the answer gets lost/discarded. I assume now the issue is no more EKS related as the NAT works fine for pings and non-VPN connections.