This is an automatically generated e-mail. To reply, visit:

(Updated Oct. 17, 2016, 1:42 p.m.)

Review request for mesos, Jie Yu and Qian Zhang.


Made `CNI_CONTAINTERID` a required env variable for the plugin.

Bugs: MESOS-6023

Repository: mesos


Added the logic for installing and removing DNAT rules.

Diffs (updated)


Diff: https://reviews.apache.org/r/51617/diff/


Ran the CNI plugin against a network namespace with the following JSON input:
    "name": "mynet",
    "type": "port-mapper",
    "chain": "MESOS-TEST",
    "excludeDevices": ["mesos-cni0"],
    "delegate": {
      "type" : "bridge",
      "bridge": "cni0",
      "isGateway": true,
      "ipMasq": true,
      "ipam": {
          "type": "host-local",
          "subnet": "",
          "routes": [
            { "dst": "" }
    "args" : {
      "org.apache.mesos" : {
        "network_info" : {
          "port_mappings": {
            "host_port" : 8080,
            "container_port" : 9000

Used the ADD command to test that the CNI plugin correctly invokes the delegate 
plugin (a CNI bridge plugin in this case) and also inserts the correct iptable 
entries for the given port mapping. After running this plugin, this was the 
output of the `iptables -t nat -S MESOS-TEST` command:
sudo iptables -t nat -S MESOS-TEST
-A MESOS-TEST ! -i mesos-cni0 -p tcp -m tcp --dport 8080 -j DNAT 

Ran a python HTTP server in this network namespace and verified that DNAT works 
from outside the box. Was able to connect to port 9000 of this server, by 
connecting to port 8080 on the host.

Used the DEL command to test the CNI plugin correctly deletes the DNAT rule and 
chain, if there are no DNAT rules exist in the chain. After running the DEL 
command (by injecting `NetworkInfo` into the above JSON schema) verified the 
chain and the DNAT rule is deleted from iptables.

Apart from these tests ran a single node cluster and did an end-to-end test 
with a modified `mesos-execute` binary that can setup port-mapping.


Avinash sridharan

Reply via email to