Preview Tool

Cisco Bug: CSCvs41278 - SNAT is applied to all Namespaces

Last Modified

May 16, 2020

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases


Description (partial)

If you create a SNAT policy like this:
apiVersion: aci.snat/v1
kind: SnatPolicy
  name: snat-nettools
   namespace: nettool

The expected behaviour is that ACI CNI will enable source NAT for every POD associated to an external service in the specified namespace. 

This seems to works correctly in the cluster as the "kubectl describe snatpolicy output" is correct (i.e. only the services in the specified namespace are listed) however aci-container-controller will program the SNAT port ranges in every filter for the exposed services on APIC.

Snat Policy is selecting only the namespace
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.