Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

529 explain return path #627

Merged
merged 200 commits into from
Jun 24, 2024
Merged

529 explain return path #627

Show file tree
Hide file tree
Changes from 188 commits
Commits
Show all changes
200 commits
Select commit Hold shift + click to select a range
8677704
clarified comment
ShiriMoran May 27, 2024
bfc0a4d
clarified comment
ShiriMoran May 27, 2024
f638b28
added new structs and todos
ShiriMoran May 27, 2024
df17381
renaming towards refactoring
ShiriMoran May 27, 2024
79ee2ed
minor refactoring
ShiriMoran May 27, 2024
1b59966
minor refactoring
ShiriMoran May 27, 2024
8d59bdd
implemented computeAllowedStatefulConnections to replace computeAllow…
ShiriMoran May 27, 2024
ff9c768
new structs refactor
ShiriMoran May 27, 2024
e7fe4b9
printing functions for the new structs
ShiriMoran May 27, 2024
c0f0c32
fix bug
ShiriMoran May 28, 2024
7bfae63
grouping using new structs
ShiriMoran May 28, 2024
0f48c3d
remove debug print
ShiriMoran May 28, 2024
1811764
added todo
ShiriMoran May 28, 2024
a60ebf0
minor refactor
ShiriMoran May 28, 2024
129b8d1
working tests
ShiriMoran May 28, 2024
7d8c7f8
added todos
ShiriMoran May 28, 2024
962fa69
issues on loadBalancer understood and documented
ShiriMoran May 29, 2024
0b893ff
refactoring debug format (1)
ShiriMoran May 29, 2024
4d7681d
todo
ShiriMoran May 29, 2024
bbe4e40
json format uses new struct; SplitAllowedConnsToUnidirectionalAndBidi…
ShiriMoran May 29, 2024
fa07330
debug format uses new struct
ShiriMoran May 29, 2024
965f9eb
AllowedConnsCombinedStateful no longer used
ShiriMoran May 29, 2024
09ce513
Added AllowedConnsCombinedStateful, its computation and using it for …
ShiriMoran May 29, 2024
f485708
json format for subnets uses new structs
ShiriMoran May 29, 2024
7829f22
now hasStatelessConns can use the new struct
ShiriMoran May 29, 2024
19f9c6f
now ConnLabel can use the new struct and grouping's old groupedCommon…
ShiriMoran May 29, 2024
48e252d
func (connectivityMap GeneralConnectivityMap) getCombinedConnsStr() s…
ShiriMoran May 29, 2024
67886c8
transforming grouping_test.go
ShiriMoran May 29, 2024
16d8653
transforming grouping_test.go
ShiriMoran May 30, 2024
c1d3ec9
transforming grouping_test.go
ShiriMoran May 30, 2024
a70f5bd
transforming grouping_test.go
ShiriMoran May 30, 2024
ac7da41
transforming grouping_test.go
ShiriMoran May 30, 2024
88c6f44
replacing AllowedConnsCombined with AllowedConnsCombinedStateful
ShiriMoran May 30, 2024
e2e248d
replacing AllowedConnsCombined with AllowedConnsCombinedStateful
ShiriMoran May 30, 2024
8d66e85
commenting not used (should be rewritten) code
ShiriMoran May 30, 2024
9f32cf5
refactoring semantic diff to work with new structs
ShiriMoran May 30, 2024
294a00c
refactoring subnets diff tests to work with new structs
ShiriMoran May 30, 2024
6932b97
refactoring vsis diff tests to work with new structs
ShiriMoran May 30, 2024
a098f09
renaming
ShiriMoran May 30, 2024
ec0577e
added comment
ShiriMoran May 30, 2024
37fa3d9
AllowedConnsCombined no longer required in VPCConnectivity
ShiriMoran May 30, 2024
2caa9c2
lint
ShiriMoran May 30, 2024
714c1d4
lint
ShiriMoran May 30, 2024
8190e25
removed redundant todo
ShiriMoran May 30, 2024
c25c542
merge with main
ShiriMoran Jun 2, 2024
d386048
operations on ExtendedSet
ShiriMoran Jun 2, 2024
ed0bc3e
using the operations where applicable
ShiriMoran Jun 2, 2024
ecf7dae
merge with main
ShiriMoran Jun 3, 2024
3606a03
removed non relevant todos
ShiriMoran Jun 3, 2024
369b62c
removed redundant code
ShiriMoran Jun 3, 2024
a8c9078
removed AllowedConnsCombined from VPCsubnetConnectivity
ShiriMoran Jun 3, 2024
2479faa
refactored LB abstraction
ShiriMoran Jun 3, 2024
35b57af
refactored LB abstraction
ShiriMoran Jun 3, 2024
23fd359
non-stateful additions verified (before the abstraction ignored them)
ShiriMoran Jun 3, 2024
6030570
non-stateful additions verified (before the abstraction ignored them)
ShiriMoran Jun 3, 2024
693e569
single one stateful abstraction addition - nonstateful were not handl…
ShiriMoran Jun 3, 2024
3a29755
changes due to addition in * - verified (on some of the diffs)
ShiriMoran Jun 3, 2024
f2bc4d0
enabling all tests
ShiriMoran Jun 3, 2024
baff1fb
cosmetics
ShiriMoran Jun 4, 2024
c2abe13
refactoring semantic diff leftovers
ShiriMoran Jun 4, 2024
068fdae
generics
haim-kermany Jun 4, 2024
7458b44
revert generics which is deferred to a later PR
ShiriMoran Jun 4, 2024
22ddf67
rename
ShiriMoran Jun 4, 2024
30a608b
CR: fix (e *ExtendedSet) Equal(other *ExtendedSet) bool
ShiriMoran Jun 5, 2024
f5cf007
CR: ExtendedSet -> SetWithStateful
ShiriMoran Jun 5, 2024
dd14e47
CR
ShiriMoran Jun 5, 2024
28eb3b5
CR
ShiriMoran Jun 5, 2024
5b0c3a9
CR: add NewStateWithStateful constructor and use it
ShiriMoran Jun 5, 2024
1e1cf11
lint
ShiriMoran Jun 5, 2024
c08bdb1
CR renaming
ShiriMoran Jun 5, 2024
4dca3a2
Merge branch 'main' into 255_stateful_connectivity_refactor
ShiriMoran Jun 5, 2024
ad8de35
added respondString() and todos
ShiriMoran Jun 5, 2024
6a2546e
CR: renaming
ShiriMoran Jun 5, 2024
70b7291
use constructor
ShiriMoran Jun 5, 2024
c02af67
CR renaming
ShiriMoran Jun 5, 2024
e342506
Merge remote-tracking branch 'origin/255_stateful_connectivity_refact…
ShiriMoran Jun 5, 2024
0772fe3
merge with main
ShiriMoran Jun 5, 2024
9d619e7
CR: avoid code duplication
ShiriMoran Jun 5, 2024
f8c6354
renaming
ShiriMoran Jun 5, 2024
f1a57d1
renaming
ShiriMoran Jun 5, 2024
a811a75
use constructors
ShiriMoran Jun 5, 2024
10e4c44
CR: avoid code duplication
ShiriMoran Jun 5, 2024
d7b9675
renaming extendedConn -> connWithStateful
ShiriMoran Jun 5, 2024
d5cdcca
renaming extendedConn -> connWithStateful
ShiriMoran Jun 5, 2024
7fba540
CR
ShiriMoran Jun 5, 2024
28782aa
CR: use constructor
ShiriMoran Jun 5, 2024
82dac8f
CR: use constructor
ShiriMoran Jun 5, 2024
5c6562c
renaming
ShiriMoran Jun 5, 2024
eb803d4
explainability should also use ConnWithStateful
ShiriMoran Jun 6, 2024
9ae5f78
Merge branch 'main' into 255_stateful_connectivity_refactor
ShiriMoran Jun 6, 2024
697d64f
to avoid *** added spaces
ShiriMoran Jun 6, 2024
dfc0079
Merge remote-tracking branch 'origin/255_stateful_connectivity_refact…
ShiriMoran Jun 6, 2024
bce123f
update unittest
ShiriMoran Jun 6, 2024
e42e816
update unittest
ShiriMoran Jun 6, 2024
c7eb91d
Merge branch 'main' into 255_stateful_connectivity_refactor
ShiriMoran Jun 6, 2024
fc2b4f1
temp - commenting maintest, not related to this PR, that fails. Do no…
ShiriMoran Jun 6, 2024
bb5b434
temp - commenting maintest, not related to this PR, that fails. Do no…
ShiriMoran Jun 6, 2024
3a721f1
temp - commenting maintest, not related to this PR, that fails. Do no…
ShiriMoran Jun 6, 2024
a48e8ec
renaming
ShiriMoran Jun 6, 2024
729268c
connWithStateful need not be exported
ShiriMoran Jun 7, 2024
c5a471b
non exporting functions that need to be exported (at the moment)
ShiriMoran Jun 9, 2024
abeef60
commets to Shiri
haim-kermany Jun 9, 2024
c991f05
added documentation
ShiriMoran Jun 9, 2024
3cdb8f8
Merge remote-tracking branch 'origin/255_stateful_connectivity_refact…
ShiriMoran Jun 9, 2024
e3b12aa
merged with Haim's comments
ShiriMoran Jun 9, 2024
260053f
unexport func that needs not be exported
ShiriMoran Jun 9, 2024
01936d3
unexport func that needs not be exported
ShiriMoran Jun 9, 2024
7317d71
CR renaming
ShiriMoran Jun 9, 2024
5a28f3d
CR minor refactoring
ShiriMoran Jun 9, 2024
d5382b9
CR minor refactoring and doc adding
ShiriMoran Jun 9, 2024
b1788dd
CR extracting detailConn code to a separate file
ShiriMoran Jun 9, 2024
d3b5919
minor refactoring
ShiriMoran Jun 9, 2024
231ad25
bug fix
ShiriMoran Jun 9, 2024
db8d8f8
bug fix
ShiriMoran Jun 9, 2024
cb681e8
CR refactor
ShiriMoran Jun 9, 2024
4b25b51
lint
ShiriMoran Jun 9, 2024
a8e2cbf
empy conn left out
haim-kermany Jun 9, 2024
1147db2
remove redundant (CR)
ShiriMoran Jun 9, 2024
2fdac9e
Merge remote-tracking branch 'origin/255_stateful_connectivity_refact…
ShiriMoran Jun 9, 2024
d72d2a5
CR refactoring
ShiriMoran Jun 9, 2024
9b26eb2
unexported functions
ShiriMoran Jun 9, 2024
684eeb3
CR
ShiriMoran Jun 9, 2024
827b31c
use String for allConn
ShiriMoran Jun 9, 2024
d2b3a0d
CR: enhanceString() of detailConn -> string()
ShiriMoran Jun 9, 2024
4bcd64b
CR: redundant code
ShiriMoran Jun 9, 2024
a1bd9ab
CR: redundant code
ShiriMoran Jun 9, 2024
43aca93
CR: renaming
ShiriMoran Jun 9, 2024
7f05179
CR: renaming
ShiriMoran Jun 9, 2024
466874d
stateful -> responsive
ShiriMoran Jun 9, 2024
1f8e1ab
stateful -> responsive
ShiriMoran Jun 9, 2024
41bd462
stateful -> responsive
ShiriMoran Jun 9, 2024
0cc032a
stateful -> responsive
ShiriMoran Jun 9, 2024
772e2be
stateful -> responsive
ShiriMoran Jun 9, 2024
a5cf61d
stateful -> responsive
ShiriMoran Jun 9, 2024
09f0553
stateful -> responsive
ShiriMoran Jun 9, 2024
0bf38b9
update main test
ShiriMoran Jun 9, 2024
cc717c7
undo committed by mistake
ShiriMoran Jun 9, 2024
a77190d
remove committed by mistake
ShiriMoran Jun 9, 2024
112140c
Merge remote-tracking branch 'origin/main' into 529_explain_return_path
ShiriMoran Jun 10, 2024
15865d5
merge with main fix
ShiriMoran Jun 10, 2024
b9703c8
Merge branch '255_stateful_connectivity_refactor' into 529_explain_re…
ShiriMoran Jun 10, 2024
5c0a3fe
printing improvement
ShiriMoran Jun 10, 2024
4b4b8cc
use the full connection struct
ShiriMoran Jun 6, 2024
e2fed91
added documentation
ShiriMoran Jun 6, 2024
64b591a
added printing of return path
ShiriMoran Jun 6, 2024
4407845
returned path verified
ShiriMoran Jun 6, 2024
b2d30f6
returned path verified
ShiriMoran Jun 6, 2024
c55a0ea
returned path verified
ShiriMoran Jun 6, 2024
77d81a3
returned path verified
ShiriMoran Jun 6, 2024
6052796
returned path verified
ShiriMoran Jun 6, 2024
a2dcb67
returned path verified
ShiriMoran Jun 6, 2024
1d0d72d
returned path verified
ShiriMoran Jun 6, 2024
5dc568c
returned path verified
ShiriMoran Jun 6, 2024
0b8da9c
returned path verified
ShiriMoran Jun 6, 2024
3405c6d
returned path verified
ShiriMoran Jun 6, 2024
00f8c3d
returned path verified
ShiriMoran Jun 6, 2024
cb58c83
returned path verified
ShiriMoran Jun 6, 2024
784f46a
returned path verified
ShiriMoran Jun 6, 2024
0f836c6
return path basic info print
ShiriMoran Jun 10, 2024
2b0fc5f
added structs for respond rules
ShiriMoran Jun 10, 2024
c192604
added computation of RespondRules still not checked
ShiriMoran Jun 10, 2024
2251942
added computation of RespondRules still not checked
ShiriMoran Jun 10, 2024
226f0ad
preparation to group also by respondRules
ShiriMoran Jun 11, 2024
0036c05
Added printing of respond path. Still needs to verify tests one by on…
ShiriMoran Jun 11, 2024
becb133
wording of printing header
ShiriMoran Jun 13, 2024
f157d55
only tcp rules are relevant for the response
ShiriMoran Jun 13, 2024
c5da48e
added test of partly enabled respond
ShiriMoran Jun 13, 2024
08c6179
fix typo
ShiriMoran Jun 13, 2024
38313be
lint
ShiriMoran Jun 13, 2024
f16b152
lint
ShiriMoran Jun 13, 2024
6347200
merge with main
ShiriMoran Jun 13, 2024
8252cff
clarified doc
ShiriMoran Jun 13, 2024
7894059
fix merge
ShiriMoran Jun 13, 2024
17fe312
lint
ShiriMoran Jun 13, 2024
f4e70d2
Merge branch 'main' into 529_explain_return_path
ShiriMoran Jun 17, 2024
b0c5f4c
CR: use parm instead of receiver
ShiriMoran Jun 17, 2024
36dbb70
Merge remote-tracking branch 'origin/529_explain_return_path' into 52…
ShiriMoran Jun 17, 2024
7f2dece
undoing CR change - should not be part of this PR (if we do it)
ShiriMoran Jun 17, 2024
e141800
CR- should not bea receiver
ShiriMoran Jun 17, 2024
ee528f6
CR - have a documented func for hasTCPComponent()
ShiriMoran Jun 17, 2024
27ab1af
CR - add documentation
ShiriMoran Jun 17, 2024
5bd3803
CR - add documentation
ShiriMoran Jun 17, 2024
2c7af98
CR - dup code into func
ShiriMoran Jun 17, 2024
829d2c5
minor reorgs
ShiriMoran Jun 17, 2024
b09d0b3
CR
ShiriMoran Jun 17, 2024
0d02701
CR
ShiriMoran Jun 17, 2024
f2fefe3
renaming
haim-kermany Jun 17, 2024
eb8950d
Merge branch 'main' into 529_explain_return_path
ShiriMoran Jun 18, 2024
bb4ee46
CR: change wording
ShiriMoran Jun 18, 2024
8cd4cd4
Merge remote-tracking branch 'origin/529_explain_return_path' into 52…
ShiriMoran Jun 18, 2024
1510e5d
merge with main
ShiriMoran Jun 19, 2024
b3c4e9f
switching src dst ports for responsive
ShiriMoran Jun 20, 2024
06155e0
partial respond test
ShiriMoran Jun 20, 2024
4026b2c
fine tuned cofig test file so that respond in the presence of differe…
ShiriMoran Jun 20, 2024
eff5896
wording
ShiriMoran Jun 20, 2024
3d17e34
added test in which specific tcp ports are queried and this effects t…
ShiriMoran Jun 20, 2024
2a25276
CR: wording
ShiriMoran Jun 24, 2024
545e220
CR: add test in which connection is partly in both directions
ShiriMoran Jun 24, 2024
c330b87
enhance test
ShiriMoran Jun 24, 2024
e1099dd
Merge branch 'main' into 529_explain_return_path
ShiriMoran Jun 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,844 changes: 1,844 additions & 0 deletions pkg/ibmvpc/examples/input/input_sg_testing1_new_respond_partly.json
View file
Open in desktop

Large diffs are not rendered by default.

20 changes: 11 additions & 9 deletions pkg/ibmvpc/examples/out/explain_out/GroupingExternalSG1_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,12 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 2, direction: outbound, conns: protocol: udp, dstPorts: 1-65535, remote: 161.26.0.0/16, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow rules
index: 0, direction: outbound , src: 0.0.0.0/0 , dst: 0.0.0.0/0, conn: all, action: allow
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 2, direction: outbound, conns: protocol: udp, dstPorts: 1-65535, remote: 161.26.0.0/16, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow rules
index: 0, direction: outbound , src: 0.0.0.0/0 , dst: 0.0.0.0/0, conn: all, action: allow

------------------------------------------------------------------------------------------------------------------------

Expand All @@ -31,10 +32,11 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky blocks connection since there are no relevant allow rules
network ACL acl1-ky allows connection with the following allow rules
index: 0, direction: outbound , src: 0.0.0.0/0 , dst: 0.0.0.0/0, conn: all, action: allow
Path enabled by the following rules:
Egress:
security group sg1-ky blocks connection since there are no relevant allow rules
network ACL acl1-ky allows connection with the following allow rules
index: 0, direction: outbound , src: 0.0.0.0/0 , dst: 0.0.0.0/0, conn: all, action: allow

------------------------------------------------------------------------------------------------------------------------

49 changes: 30 additions & 19 deletions pkg/ibmvpc/examples/out/explain_out/IksNodeToIksNode_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Explaining connectivity from 192.168.8.4 (iks-node[192.168.8.4]) to 192.168.4.4
==========================================================================================================================

Allowed connections from iks-node[192.168.8.4] to iks-node[192.168.4.4]: All Connections
The TCP sub-connection is responsive

Path:
iks-node[192.168.8.4] -> security group[kube-clusterid:1, ky-test-default-sg] -> ky-test-private-subnet-3 -> network ACL ky-test-private-2-others-acl ->
Expand All @@ -10,25 +11,35 @@ Path:

Details:
~~~~~~~~
Egress:
security group kube-clusterid:1 allows connection with the following allow rules
index: 8, direction: outbound, conns: protocol: all, remote: kube-clusterid:1 (192.168.0.4/32,192.168.4.4/32,192.168.8.4/32,192.168.16.4/32,192.168.20.4/32,192.168.24.4/32,192.168.32.4/32,192.168.36.4/32,192.168.40.4/32), local: 0.0.0.0/0
security group ky-test-default-sg allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL ky-test-private-2-others-acl allows connection with the following allow rules
index: 6, direction: outbound , src: 0.0.0.0/0 , dst: 192.168.0.0/20, conn: all, action: allow

Ingress:
network ACL ky-test-private-2-others-acl allows connection with the following allow rules
index: 2, direction: inbound , src: 192.168.0.0/20 , dst: 0.0.0.0/0, conn: all, action: allow
security group kube-clusterid:1 allows connection with the following allow rules
index: 3, direction: inbound, conns: protocol: tcp, dstPorts: 30000-32767, remote: 0.0.0.0/0, local: 0.0.0.0/0
index: 4, direction: inbound, conns: protocol: udp, dstPorts: 30000-32767, remote: 0.0.0.0/0, local: 0.0.0.0/0
index: 6, direction: inbound, conns: protocol: icmp, icmpType: protocol: ICMP icmp-type: 8, remote: 0.0.0.0/0, local: 0.0.0.0/0
index: 7, direction: inbound, conns: protocol: all, remote: kube-clusterid:1 (192.168.0.4/32,192.168.4.4/32,192.168.8.4/32,192.168.16.4/32,192.168.20.4/32,192.168.24.4/32,192.168.32.4/32,192.168.36.4/32,192.168.40.4/32), local: 0.0.0.0/0
security group ky-test-default-sg allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: ky-test-default-sg (192.168.0.4/32,192.168.4.4/32,192.168.8.4/32,192.168.16.4/32,192.168.20.4/32,192.168.24.4/32,192.168.32.4/32,192.168.36.4/32,192.168.40.4/32), local: 0.0.0.0/0
index: 2, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
Path enabled by the following rules:
Egress:
security group kube-clusterid:1 allows connection with the following allow rules
index: 8, direction: outbound, conns: protocol: all, remote: kube-clusterid:1 (192.168.0.4/32,192.168.4.4/32,192.168.8.4/32,192.168.16.4/32,192.168.20.4/32,192.168.24.4/32,192.168.32.4/32,192.168.36.4/32,192.168.40.4/32), local: 0.0.0.0/0
security group ky-test-default-sg allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL ky-test-private-2-others-acl allows connection with the following allow rules
index: 6, direction: outbound , src: 0.0.0.0/0 , dst: 192.168.0.0/20, conn: all, action: allow

Ingress:
network ACL ky-test-private-2-others-acl allows connection with the following allow rules
index: 2, direction: inbound , src: 192.168.0.0/20 , dst: 0.0.0.0/0, conn: all, action: allow
security group kube-clusterid:1 allows connection with the following allow rules
index: 3, direction: inbound, conns: protocol: tcp, dstPorts: 30000-32767, remote: 0.0.0.0/0, local: 0.0.0.0/0
index: 4, direction: inbound, conns: protocol: udp, dstPorts: 30000-32767, remote: 0.0.0.0/0, local: 0.0.0.0/0
index: 6, direction: inbound, conns: protocol: icmp, icmpType: protocol: ICMP icmp-type: 8, remote: 0.0.0.0/0, local: 0.0.0.0/0
index: 7, direction: inbound, conns: protocol: all, remote: kube-clusterid:1 (192.168.0.4/32,192.168.4.4/32,192.168.8.4/32,192.168.16.4/32,192.168.20.4/32,192.168.24.4/32,192.168.32.4/32,192.168.36.4/32,192.168.40.4/32), local: 0.0.0.0/0
security group ky-test-default-sg allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: ky-test-default-sg (192.168.0.4/32,192.168.4.4/32,192.168.8.4/32,192.168.16.4/32,192.168.20.4/32,192.168.24.4/32,192.168.32.4/32,192.168.36.4/32,192.168.40.4/32), local: 0.0.0.0/0
index: 2, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0

TCP respond enabled by the following rules:
Egress:
network ACL ky-test-private-2-others-acl allows connection with the following allow rules
index: 6, direction: outbound , src: 0.0.0.0/0 , dst: 192.168.0.0/20, conn: all, action: allow

Ingress:
network ACL ky-test-private-2-others-acl allows connection with the following allow rules
index: 2, direction: inbound , src: 192.168.0.0/20 , dst: 0.0.0.0/0, conn: all, action: allow

------------------------------------------------------------------------------------------------------------------------

Expand Down
11 changes: 6 additions & 5 deletions pkg/ibmvpc/examples/out/explain_out/NACLExternal1_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,12 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow rules
index: 1, direction: outbound , src: 10.240.10.0/24 , dst: 161.26.0.0/16, conn: protocol: udp, srcPorts: 1-65535, dstPorts: 1-65535, action: allow
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow rules
index: 1, direction: outbound , src: 10.240.10.0/24 , dst: 161.26.0.0/16, conn: protocol: udp, srcPorts: 1-65535, dstPorts: 1-65535, action: allow

------------------------------------------------------------------------------------------------------------------------

9 changes: 5 additions & 4 deletions pkg/ibmvpc/examples/out/explain_out/NACLExternal2_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,11 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky blocks connection since there are no relevant allow rules
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky blocks connection since there are no relevant allow rules

------------------------------------------------------------------------------------------------------------------------

20 changes: 11 additions & 9 deletions pkg/ibmvpc/examples/out/explain_out/NACLGrouping_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,12 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow rules
index: 1, direction: outbound , src: 10.240.10.0/24 , dst: 161.26.0.0/16, conn: protocol: udp, srcPorts: 1-65535, dstPorts: 1-65535, action: allow
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow rules
index: 1, direction: outbound , src: 10.240.10.0/24 , dst: 161.26.0.0/16, conn: protocol: udp, srcPorts: 1-65535, dstPorts: 1-65535, action: allow

------------------------------------------------------------------------------------------------------------------------

Expand All @@ -31,10 +32,11 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky blocks connection since there are no relevant allow rules
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky blocks connection since there are no relevant allow rules

------------------------------------------------------------------------------------------------------------------------

1 change: 1 addition & 0 deletions pkg/ibmvpc/examples/out/explain_out/NACLInternal1_all_vpcs_explain.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Explaining connectivity from 10.240.10.4 (vsi1-ky[10.240.10.4]) to vsi2-ky withi
==============================================================================================

Allowed connections from vsi1-ky[10.240.10.4] to vsi2-ky[10.240.20.4]: protocol: TCP,UDP
The TCP sub-connection is responsive

Path:
vsi1-ky[10.240.10.4] -> security group sg1-ky -> subnet1-ky -> network ACL acl1-ky ->
Expand Down
35 changes: 23 additions & 12 deletions pkg/ibmvpc/examples/out/explain_out/NACLInternal1_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Explaining connectivity from vsi1-ky to 10.240.20.4 (vsi2-ky[10.240.20.4]) withi
==============================================================================================

Allowed connections from vsi1-ky[10.240.10.4] to vsi2-ky[10.240.20.4]: protocol: TCP,UDP
The TCP sub-connection is responsive

Path:
vsi1-ky[10.240.10.4] -> security group sg1-ky -> subnet1-ky -> network ACL acl1-ky ->
Expand All @@ -10,18 +11,28 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow and deny rules
index: 0, direction: outbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: protocol: icmp, action: deny
index: 2, direction: outbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: all, action: allow

Ingress:
network ACL acl2-ky allows connection with the following allow rules
index: 6, direction: inbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: all, action: allow
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky allows connection with the following allow and deny rules
index: 0, direction: outbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: protocol: icmp, action: deny
index: 2, direction: outbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: all, action: allow

Ingress:
network ACL acl2-ky allows connection with the following allow rules
index: 6, direction: inbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: all, action: allow
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0

TCP respond enabled by the following rules:
Egress:
network ACL acl2-ky allows connection with the following allow rules
index: 2, direction: outbound , src: 10.240.20.0/24 , dst: 10.240.10.0/24, conn: all, action: allow

Ingress:
network ACL acl1-ky allows connection with the following allow rules
index: 4, direction: inbound , src: 10.240.20.0/24 , dst: 10.240.10.0/24, conn: all, action: allow

------------------------------------------------------------------------------------------------------------------------

33 changes: 22 additions & 11 deletions pkg/ibmvpc/examples/out/explain_out/NACLInternal2_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Explaining connectivity from vsi2-ky to 10.240.10.4 (vsi1-ky[10.240.10.4]) withi
==============================================================================================

Allowed connections from vsi2-ky[10.240.20.4] to vsi1-ky[10.240.10.4]: All Connections
The TCP sub-connection is responsive

Path:
vsi2-ky[10.240.20.4] -> security group sg1-ky -> subnet2-ky -> network ACL acl2-ky ->
Expand All @@ -10,17 +11,27 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl2-ky allows connection with the following allow rules
index: 2, direction: outbound , src: 10.240.20.0/24 , dst: 10.240.10.0/24, conn: all, action: allow

Ingress:
network ACL acl1-ky allows connection with the following allow rules
index: 4, direction: inbound , src: 10.240.20.0/24 , dst: 10.240.10.0/24, conn: all, action: allow
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl2-ky allows connection with the following allow rules
index: 2, direction: outbound , src: 10.240.20.0/24 , dst: 10.240.10.0/24, conn: all, action: allow

Ingress:
network ACL acl1-ky allows connection with the following allow rules
index: 4, direction: inbound , src: 10.240.20.0/24 , dst: 10.240.10.0/24, conn: all, action: allow
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0

TCP respond enabled by the following rules:
Egress:
network ACL acl1-ky allows connection with the following allow rules
index: 2, direction: outbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: all, action: allow

Ingress:
network ACL acl2-ky allows connection with the following allow rules
index: 6, direction: inbound , src: 10.240.10.0/24 , dst: 10.240.20.0/24, conn: all, action: allow

------------------------------------------------------------------------------------------------------------------------

21 changes: 11 additions & 10 deletions pkg/ibmvpc/examples/out/explain_out/NACLInternal3_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,17 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky blocks connection since there are no relevant allow rules

Ingress:
network ACL acl3-ky allows connection with the following allow rules
index: 2, direction: inbound , src: 10.240.10.0/24 , dst: 0.0.0.0/0, conn: all, action: allow
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
network ACL acl1-ky blocks connection since there are no relevant allow rules

Ingress:
network ACL acl3-ky allows connection with the following allow rules
index: 2, direction: inbound , src: 10.240.10.0/24 , dst: 0.0.0.0/0, conn: all, action: allow
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0

------------------------------------------------------------------------------------------------------------------------

14 changes: 8 additions & 6 deletions pkg/ibmvpc/examples/out/explain_out/NACLInternal4_all_vpcs_explain_debug.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ Explaining connectivity from vsi3b-ky to vsi3a-ky within test-vpc1-ky
=====================================================================

Allowed connections from vsi3b-ky[10.240.30.6] to vsi3a-ky[10.240.30.5]: All Connections
The TCP sub-connection is responsive

Path:
vsi3b-ky[10.240.30.6] -> security group sg1-ky ->
Expand All @@ -10,13 +11,14 @@ Path:

Details:
~~~~~~~~
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
Path enabled by the following rules:
Egress:
security group sg1-ky allows connection with the following allow rules
index: 0, direction: outbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0

Ingress:
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0
Ingress:
security group sg1-ky allows connection with the following allow rules
index: 1, direction: inbound, conns: protocol: all, remote: 0.0.0.0/0, local: 0.0.0.0/0

------------------------------------------------------------------------------------------------------------------------

Loading