olehpalii-nc commented on PR #922: URL: https://github.com/apache/apisix-helm-chart/pull/922#issuecomment-4600627308
``` The East-West Traffic Problem The biggest issue I observed with a global, ingress-wide PPv2 setup involves East-West (inter-cluster) traffic: If you target an Ingress that has PPv2 enabled globally, internal cluster communication will fail. The internal Kubernetes routing mechanism short-circuits the traffic and bypasses the cloud load balancer entirely. Consequently, the internal service receives plain HTTP/S traffic without the expected PPv2 initial handshake. Because APISIX's NGINX cannot parse this raw traffic on a PPv2-designated port, the connection fails. ``` I was able to overcome that particular problem by setting `oci.oraclecloud.com/ingress-ip-mode: "proxy"` ([Specifying_IPMode](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic_Specifying_IPMode)). Other than that, I can confirm that ApiSix installed from helm chart with changes from this PR works well with OCI Network Load Balancer with PPv2 protocol enabled. It would be nice to have this PR finalized and merged so we can use upstream chart instead of relying on local copy. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
