Use a generic pkt_mark to mark Egress traffic #7554
Description
In #7239, we introduced a pkt_mark EgressNoEncapReturnToRemoteMark, which is used in hybrid mode to forward Egress reply traffic back to remote via antrea-gw0 by policy-routing, ensuring connection symmetric even the route matching the Egress reply traffic presents in the main route table.
However, the pkt_mark is not very generic, as it only applies to traffic that meets all of the following conditions:
- The traffic mode is hybrid.
- The source is a remote Pod.
- The packets are Egress replies.
To improve readability and maintainability, we are considering introducing a more generic pkt_mark that marks all Egress traffic, regardless of the traffic mode.
This change would simplify logic but may introduce a slight performance penalty in encap mode, since the pkt_mark restoration would be performed even though it is unnecessary in encap mode.
From a quick test:
| Payload | encap | hybrid | hybrid/encap |
|---|---|---|---|
| TCP_STREAM | 3707.8 | 3578.6 | 0.97 |
| TCP_RR | 13972.5 | 14145.5 | 1.01 |
| TCP_CRR | 3622.3 | 3489.4 | 0.96 |
If the performance penalty is acceptable, we can do a small fix.