Non-Translated CIDR Blocks for External Communication
In a CCE cluster using the VPC network model, if a container in the cluster needs to access external networks, the source pod IP address must be masqueraded as the IP address of the node where the pod resides through SNAT. After the configuration, the node will not use SNAT in the CIDR block by default.
By default, nodes in a cluster do not perform SNAT on packets destined for 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 that is detected by yangtse as a private CIDR block. Instead, these packets are directly transferred using the upper-layer VPC. (The three CIDR blocks are considered as internal networks in the cluster and are reachable at Layer 3 by default.)
Value Range
Standard CIDR blocks, which must be unique
Default Value
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
Modifiable
Yes
Scope
CCE standard clusters using the VPC model
Suggestions
Unless otherwise specified, keep the default settings.
To enable cross-node pod access, the CIDR block of the node where the target pod runs must be added.
Similarly, to enable cross-ECS pod access in a VPC, the CIDR block of the ECS where the target pod runs must be added.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
