From 4a3d0c2d3d1e244d81b8433849ccec16fb289d43 Mon Sep 17 00:00:00 2001 From: Zhonghu Xu Date: Tue, 24 Sep 2019 02:02:16 +0800 Subject: [PATCH] Should not use loopback addresses (#5036) * fix multi cluster dns docs * fix multi cluster dns docs * ignore multicast spelling check --- .spelling | 1 + .../2019/multicluster-version-routing/index.md | 7 ++++--- .../setup/install/multicluster/gateways/index.md | 14 ++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.spelling b/.spelling index 5a46e1d730..777270d013 100644 --- a/.spelling +++ b/.spelling @@ -345,6 +345,7 @@ misordered Mitigations MongoDB mongodb +multicast Multicloud multicloud Multicluster diff --git a/content/en/blog/2019/multicluster-version-routing/index.md b/content/en/blog/2019/multicluster-version-routing/index.md index 11b6e0555d..1b2e4d04f4 100644 --- a/content/en/blog/2019/multicluster-version-routing/index.md +++ b/content/en/blog/2019/multicluster-version-routing/index.md @@ -299,7 +299,7 @@ spec: protocol: http resolution: DNS addresses: - - 127.255.0.3 + - 224.0.0.3 endpoints: - address: ${CLUSTER2_GW_ADDR} labels: @@ -326,8 +326,9 @@ spec: EOF {{< /text >}} -The address `127.255.0.3` of the service entry can be any arbitrary unallocated IP. -Using an IP from the loopback range 127.0.0.0/8 is a good choice. +The address `224.0.0.3` of the service entry can be any arbitrary unallocated IP. +Note that loopback range `127.0.0.0/8` should not be used, as it will influence outbound traffic. +Using an IP from the multicast range 224.0.0.0/4 is a good choice. Check out the [gateway-connected multicluster example](/docs/setup/install/multicluster/gateways/#configure-the-example-services) for more details. diff --git a/content/en/docs/setup/install/multicluster/gateways/index.md b/content/en/docs/setup/install/multicluster/gateways/index.md index ef016f1b61..7b922b9544 100644 --- a/content/en/docs/setup/install/multicluster/gateways/index.md +++ b/content/en/docs/setup/install/multicluster/gateways/index.md @@ -264,10 +264,8 @@ running in a second cluster. Before you begin: {{< /tip >}} If the global services have actual VIPs, you can use those, but otherwise we suggest - using IPs from the loopback range `127.0.0.0/8` that are not already allocated. - These IPs are non-routable outside of a pod. - In this example we'll use IPs in `127.255.0.0/16` which avoids conflicting with - well known IPs such as `127.0.0.1` (`localhost`). + using IPs from the multicast range `224.0.0.0/4` that are not already allocated. + These IPs are not loopback addresses and are non-routable outside of a pod. Application traffic for these IPs will be captured by the sidecar and routed to the appropriate remote service. @@ -294,7 +292,7 @@ running in a second cluster. Before you begin: # must be unique for each remote service, within a given cluster. # This address need not be routable. Traffic for this IP will be captured # by the sidecar and routed appropriately. - - 127.255.0.2 + - 224.0.0.2 endpoints: # This is the routable address of the ingress gateway in cluster2 that # sits in front of sleep.foo service. Traffic from the sidecar will be @@ -365,7 +363,7 @@ spec: protocol: http resolution: STATIC addresses: - - 127.255.0.2 + - 224.0.0.2 endpoints: - address: ${CLUSTER2_GW_ADDR} network: external @@ -399,7 +397,7 @@ spec: protocol: http resolution: DNS addresses: - - 127.255.0.2 + - 224.0.0.2 endpoints: - address: ${CLUSTER2_GW_ADDR} network: external @@ -459,7 +457,7 @@ spec: addresses: # the IP address to which httpbin.bar.global will resolve to # must be unique for each service. - - 127.255.0.2 + - 224.0.0.2 endpoints: - address: ${CLUSTER2_GW_ADDR} labels: