Allow setting of EC2 Security group connection tracking configurable idle timeouts in AWS VPC CNI
youwalther65 opened this issue · 11 comments
What would you like to be added:
AWS just released EC2 Security group connection tracking adds support for configurable idle timeouts.
Modifying these parameters requires EC2 API calls. It would be great if AWS VPC CNI can automatically implement custom configuration of these idle timeouts for newly provisioned ENI, it manages.
Why is this needed:
Avoid conntrack (connection tracking) issues leading to paket loss etc.
For whomever works on this, ENI options are specified on create here: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/pkg/awsutils/awsutils.go#L786
The data-structure chain from aws-sdk-go(https://raw.githubusercontent.com/aws/aws-sdk-go/main/service/ec2/api.go) is:
CreateNetworkInterfaceInput -> ConnectionTrackingSpecification -> ConnectionTrackingSpecificationRequest
I would like to try and implement this, any guidance is highly appreciated as this is my first issue
@bawejahritik thank you for the offer! We are currently discussing internally when to pick this up, as we want to limit the number of new environment variables that we introduce until we have a chance to clean existing ones up.
Thank you for your response, is there anything else I can work on which is a good first issue?
Would love to contribute
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days
@jdn5126 Any news regarding AWS internal decision?
@youwalther65 I no longer work for AWS, so I cannot answer this
cc: @orsenthil
Any news regarding AWS internal decision?
No news yet. this is desirable feature that we will bring it up for prioritization.
bump, please add