Score:0

What happens to open TCP sessions when a DNAT endpoint is removed in iptables

ng flag

In Kubernetes, when kube-proxy is configured in iptables mode, it will create DNAT rules to forward packets to the service endpoints (the pod IPs). If the service changes its endpoints, and one endpoint is removed, would that affect existing open TCP sockets, or is the kernel stateful in a way that remembers those sessions and they are kept alive until closed by one of the two peers?

ng flag
I ended up doing some testing on Kubernetes backed by AWS ALB, and looks like the connection is kept alive even after the service endpoint (and related iptables DNAT rule), so I guess it means that the linux networking subsystem is stateful and remembers sessions.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.