From 79ef817732b348c6f9924b99894dd421d6c23441 Mon Sep 17 00:00:00 2001 From: song jiang Date: Wed, 4 Feb 2026 14:29:52 +0000 Subject: [PATCH 1/2] Update instructions on external network --- .../networking/egress/external-network.mdx | 13 +++++++++++++ .../networking/egress/external-network.mdx | 13 +++++++++++++ .../networking/egress/external-network.mdx | 13 +++++++++++++ .../networking/egress/external-network.mdx | 13 +++++++++++++ 4 files changed, 52 insertions(+) diff --git a/calico-enterprise/networking/egress/external-network.mdx b/calico-enterprise/networking/egress/external-network.mdx index f899ba02c4..212b6be936 100644 --- a/calico-enterprise/networking/egress/external-network.mdx +++ b/calico-enterprise/networking/egress/external-network.mdx @@ -71,6 +71,19 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` +### Configure egress interface + +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. + +For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: + +```bash +kubectl patch felixconfiguration default --type='merge' -p \ + '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' +``` + +This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. + ### Create external network resources Add an `ExternalNetwork` resource to the cluster for each external networks. For example, to create an `ExternalNetwork` for `red` network. diff --git a/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx b/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx index f899ba02c4..212b6be936 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx @@ -71,6 +71,19 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` +### Configure egress interface + +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. + +For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: + +```bash +kubectl patch felixconfiguration default --type='merge' -p \ + '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' +``` + +This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. + ### Create external network resources Add an `ExternalNetwork` resource to the cluster for each external networks. For example, to create an `ExternalNetwork` for `red` network. diff --git a/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx b/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx index f899ba02c4..212b6be936 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx @@ -71,6 +71,19 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` +### Configure egress interface + +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. + +For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: + +```bash +kubectl patch felixconfiguration default --type='merge' -p \ + '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' +``` + +This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. + ### Create external network resources Add an `ExternalNetwork` resource to the cluster for each external networks. For example, to create an `ExternalNetwork` for `red` network. diff --git a/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx b/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx index f899ba02c4..212b6be936 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx @@ -71,6 +71,19 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` +### Configure egress interface + +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. + +For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: + +```bash +kubectl patch felixconfiguration default --type='merge' -p \ + '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' +``` + +This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. + ### Create external network resources Add an `ExternalNetwork` resource to the cluster for each external networks. For example, to create an `ExternalNetwork` for `red` network. From a0598c2d144b31457ded7ed0a77d60924a51fa23 Mon Sep 17 00:00:00 2001 From: song jiang Date: Wed, 4 Feb 2026 15:34:30 +0000 Subject: [PATCH 2/2] Review Markups --- calico-enterprise/networking/egress/external-network.mdx | 8 ++++---- .../version-3.21-2/networking/egress/external-network.mdx | 8 ++++---- .../version-3.22-2/networking/egress/external-network.mdx | 8 ++++---- .../version-3.23-1/networking/egress/external-network.mdx | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/calico-enterprise/networking/egress/external-network.mdx b/calico-enterprise/networking/egress/external-network.mdx index 212b6be936..14e16a36aa 100644 --- a/calico-enterprise/networking/egress/external-network.mdx +++ b/calico-enterprise/networking/egress/external-network.mdx @@ -71,18 +71,18 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` -### Configure egress interface +### Configure egress interfaces -To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a comma-separated list of interface names and/or regular expressions. Regular expressions must be wrapped in `/.../ `. For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: ```bash kubectl patch felixconfiguration default --type='merge' -p \ - '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' + '{"spec":{"egressIPHostIfacePattern":"/^ens2[01][./](100|200)$/"}}' ``` -This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. +This ensures that $[prodname] sets the `src_valid_mark` on interfaces matching the specified patterns, which is required for proper egress gateway functionality with external networks. ### Create external network resources diff --git a/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx b/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx index 212b6be936..14e16a36aa 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/networking/egress/external-network.mdx @@ -71,18 +71,18 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` -### Configure egress interface +### Configure egress interfaces -To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a comma-separated list of interface names and/or regular expressions. Regular expressions must be wrapped in `/.../ `. For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: ```bash kubectl patch felixconfiguration default --type='merge' -p \ - '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' + '{"spec":{"egressIPHostIfacePattern":"/^ens2[01][./](100|200)$/"}}' ``` -This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. +This ensures that $[prodname] sets the `src_valid_mark` on interfaces matching the specified patterns, which is required for proper egress gateway functionality with external networks. ### Create external network resources diff --git a/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx b/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx index 212b6be936..14e16a36aa 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/networking/egress/external-network.mdx @@ -71,18 +71,18 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` -### Configure egress interface +### Configure egress interfaces -To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a comma-separated list of interface names and/or regular expressions. Regular expressions must be wrapped in `/.../ `. For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: ```bash kubectl patch felixconfiguration default --type='merge' -p \ - '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' + '{"spec":{"egressIPHostIfacePattern":"/^ens2[01][./](100|200)$/"}}' ``` -This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. +This ensures that $[prodname] sets the `src_valid_mark` on interfaces matching the specified patterns, which is required for proper egress gateway functionality with external networks. ### Create external network resources diff --git a/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx b/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx index 212b6be936..14e16a36aa 100644 --- a/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx +++ b/calico-enterprise_versioned_docs/version-3.23-1/networking/egress/external-network.mdx @@ -71,18 +71,18 @@ kubectl patch felixconfiguration default --type='merge' -p \ '{"spec":{"externalNetworkSupport":"Enabled"}}' ``` -### Configure egress interface +### Configure egress interfaces -To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a regular expression that matches the names of the host interfaces to be used. +To configure which host interfaces should be used for egress traffic and have the `src_valid_mark` set, configure the `egressIPHostIfacePattern` field in the default **FelixConfiguration**. This field accepts a comma-separated list of interface names and/or regular expressions. Regular expressions must be wrapped in `/.../ `. For example, to configure interfaces matching the pattern `ens20` or `ens21` with VLAN IDs 100 or 200: ```bash kubectl patch felixconfiguration default --type='merge' -p \ - '{"spec":{"egressIPHostIfacePattern":"^ens2[01][./](100|200)$"}}' + '{"spec":{"egressIPHostIfacePattern":"/^ens2[01][./](100|200)$/"}}' ``` -This ensures that Calico sets the `src_valid_mark` on interfaces matching the specified regex pattern, which is required for proper egress gateway functionality with external networks. +This ensures that $[prodname] sets the `src_valid_mark` on interfaces matching the specified patterns, which is required for proper egress gateway functionality with external networks. ### Create external network resources