fix: skip reserved IPs (#2060)

Co-authored-by: Jaeryn <[email protected]>

Author: jaer-tsun

cns/kubecontroller/nodenetworkconfig/conversion_linux_test.go

@@ -35,3 +35,63 @@ var validOverlayRequest = &cns.CreateNetworkContainerRequest{
 		},
 	},
 }
+
+var validVNETBlockRequest = &cns.CreateNetworkContainerRequest{
+	Version: strconv.FormatInt(version, 10),
+	IPConfiguration: cns.IPConfiguration{
+		GatewayIPAddress: vnetBlockDefaultGateway,
+		IPSubnet: cns.IPSubnet{
+			PrefixLength: uint8(vnetBlockSubnetPrefixLen),
+			IPAddress:    vnetBlockPrimaryIP,
+		},
+	},
+	NetworkContainerid:   ncID,
+	NetworkContainerType: cns.Docker,
+	// Ignore first IP in first CIDR Block, i.e. 10.224.0.4
+	SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{
+		"10.224.0.5": {
+			IPAddress: "10.224.0.5",
+			NCVersion: version,
+		},
+		"10.224.0.6": {
+			IPAddress: "10.224.0.6",
+			NCVersion: version,
+		},
+		"10.224.0.7": {
+			IPAddress: "10.224.0.7",
+			NCVersion: version,
+		},
+		"10.224.0.8": {
+			IPAddress: "10.224.0.8",
+			NCVersion: version,
+		},
+		"10.224.0.9": {
+			IPAddress: "10.224.0.9",
+			NCVersion: version,
+		},
+		"10.224.0.10": {
+			IPAddress: "10.224.0.10",
+			NCVersion: version,
+		},
+		"10.224.0.11": {
+			IPAddress: "10.224.0.11",
+			NCVersion: version,
+		},
+		"10.224.0.12": {
+			IPAddress: "10.224.0.12",
+			NCVersion: version,
+		},
+		"10.224.0.13": {
+			IPAddress: "10.224.0.13",
+			NCVersion: version,
+		},
+		"10.224.0.14": {
+			IPAddress: "10.224.0.14",
+			NCVersion: version,
+		},
+		"10.224.0.15": {
+			IPAddress: "10.224.0.15",
+			NCVersion: version,
+		},
+	},
+}

cns/kubecontroller/nodenetworkconfig/conversion_test.go

@@ -117,66 +117,6 @@ var validVNETBlockNC = v1alpha.NetworkContainer{
 	Version:            version,
 }
 
-var validVNETBlockRequest = &cns.CreateNetworkContainerRequest{
-	Version: strconv.FormatInt(version, 10),
-	IPConfiguration: cns.IPConfiguration{
-		GatewayIPAddress: vnetBlockDefaultGateway,
-		IPSubnet: cns.IPSubnet{
-			PrefixLength: uint8(vnetBlockSubnetPrefixLen),
-			IPAddress:    vnetBlockPrimaryIP,
-		},
-	},
-	NetworkContainerid:   ncID,
-	NetworkContainerType: cns.Docker,
-	// Ignore first IP in first CIDR Block, i.e. 10.224.0.4
-	SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{
-		"10.224.0.5": {
-			IPAddress: "10.224.0.5",
-			NCVersion: version,
-		},
-		"10.224.0.6": {
-			IPAddress: "10.224.0.6",
-			NCVersion: version,
-		},
-		"10.224.0.7": {
-			IPAddress: "10.224.0.7",
-			NCVersion: version,
-		},
-		"10.224.0.8": {
-			IPAddress: "10.224.0.8",
-			NCVersion: version,
-		},
-		"10.224.0.9": {
-			IPAddress: "10.224.0.9",
-			NCVersion: version,
-		},
-		"10.224.0.10": {
-			IPAddress: "10.224.0.10",
-			NCVersion: version,
-		},
-		"10.224.0.11": {
-			IPAddress: "10.224.0.11",
-			NCVersion: version,
-		},
-		"10.224.0.12": {
-			IPAddress: "10.224.0.12",
-			NCVersion: version,
-		},
-		"10.224.0.13": {
-			IPAddress: "10.224.0.13",
-			NCVersion: version,
-		},
-		"10.224.0.14": {
-			IPAddress: "10.224.0.14",
-			NCVersion: version,
-		},
-		"10.224.0.15": {
-			IPAddress: "10.224.0.15",
-			NCVersion: version,
-		},
-	},
-}
-
 func TestCreateNCRequestFromDynamicNC(t *testing.T) {
 	tests := []struct {
 		name    string

cns/kubecontroller/nodenetworkconfig/conversion_windows.go

@@ -10,23 +10,19 @@ import (
 )
 
 // createNCRequestFromStaticNCHelper generates a CreateNetworkContainerRequest from a static NetworkContainer.
-// If the NC's DefaultGateway is empty, it will set the 0th IP as the gateway IP and all remaining IPs as
-// secondary IPs. If the gateway is not empty, it will not reserve the 0th IP and add it as a secondary IP.
+// If the NC's DefaultGateway is empty and nc type is overlay, it will set the 2nd IP (*.1) as the gateway IP and all remaining IPs as
+// secondary IPs. If the gateway is not empty, it will not reserve the 2nd IP and add it as a secondary IP.
 //
 //nolint:gocritic //ignore hugeparam
 func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPrefix netip.Prefix, subnet cns.IPSubnet) (*cns.CreateNetworkContainerRequest, error) {
 	secondaryIPConfigs := map[string]cns.SecondaryIPConfig{}
-
-	// if NC DefaultGateway is empty, set the 0th IP to the gateway and add the rest of the IPs
-	// as secondary IPs
-	startingAddr := primaryIPPrefix.Masked().Addr() // the masked address is the 0th IP in the subnet
+	// the masked address is the 0th IP in the subnet and startingAddr is the 2nd IP (*.1)
+	startingAddr := primaryIPPrefix.Masked().Addr().Next()
+	lastAddr := startingAddr
+	// if NC DefaultGateway is empty, set the 2nd IP (*.1) to the gateway and add the rest of the IPs as secondary IPs
 	if nc.DefaultGateway == "" && nc.Type == v1alpha.Overlay {
-		// assign 0th IP to the default gateway
 		nc.DefaultGateway = startingAddr.String()
 		startingAddr = startingAddr.Next()
-	} else if nc.Type == v1alpha.VNETBlock {
-		// skipping 0th IP for the Primary IP of NC
-		startingAddr = startingAddr.Next()
 	}
 
 	// iterate through all IP addresses in the subnet described by primaryPrefix and
@@ -36,6 +32,7 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre
 			IPAddress: addr.String(),
 			NCVersion: int(nc.Version),
 		}
+		lastAddr = addr
 	}
 
 	if nc.Type == v1alpha.VNETBlock {
@@ -53,10 +50,13 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre
 					IPAddress: addr.String(),
 					NCVersion: int(nc.Version),
 				}
+				lastAddr = addr
 			}
 		}
 	}
 
+	delete(secondaryIPConfigs, lastAddr.String())
+
 	return &cns.CreateNetworkContainerRequest{
 		SecondaryIPConfigs:   secondaryIPConfigs,
 		NetworkContainerid:   nc.ID,

cns/kubecontroller/nodenetworkconfig/conversion_windows_test.go

@@ -13,21 +13,69 @@ var validOverlayRequest = &cns.CreateNetworkContainerRequest{
 			PrefixLength: uint8(subnetPrefixLen),
 			IPAddress:    primaryIP,
 		},
-		GatewayIPAddress: "10.0.0.0",
+		GatewayIPAddress: "10.0.0.1",
 	},
 	NetworkContainerid:   ncID,
 	NetworkContainerType: cns.Docker,
 	SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{
-		"10.0.0.1": {
-			IPAddress: "10.0.0.1",
-			NCVersion: version,
-		},
 		"10.0.0.2": {
 			IPAddress: "10.0.0.2",
+			NCVersion: 0,
+		},
+	},
+}
+
+var validVNETBlockRequest = &cns.CreateNetworkContainerRequest{
+	Version: strconv.FormatInt(version, 10),
+	IPConfiguration: cns.IPConfiguration{
+		GatewayIPAddress: vnetBlockDefaultGateway,
+		IPSubnet: cns.IPSubnet{
+			PrefixLength: uint8(vnetBlockSubnetPrefixLen),
+			IPAddress:    vnetBlockPrimaryIP,
+		},
+	},
+	NetworkContainerid:   ncID,
+	NetworkContainerType: cns.Docker,
+	// Ignore first IP in first CIDR Block, i.e. 10.224.0.4
+	SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{
+		"10.224.0.5": {
+			IPAddress: "10.224.0.5",
+			NCVersion: version,
+		},
+		"10.224.0.6": {
+			IPAddress: "10.224.0.6",
+			NCVersion: version,
+		},
+		"10.224.0.7": {
+			IPAddress: "10.224.0.7",
+			NCVersion: version,
+		},
+		"10.224.0.8": {
+			IPAddress: "10.224.0.8",
+			NCVersion: version,
+		},
+		"10.224.0.9": {
+			IPAddress: "10.224.0.9",
+			NCVersion: version,
+		},
+		"10.224.0.10": {
+			IPAddress: "10.224.0.10",
+			NCVersion: version,
+		},
+		"10.224.0.11": {
+			IPAddress: "10.224.0.11",
+			NCVersion: version,
+		},
+		"10.224.0.12": {
+			IPAddress: "10.224.0.12",
+			NCVersion: version,
+		},
+		"10.224.0.13": {
+			IPAddress: "10.224.0.13",
 			NCVersion: version,
 		},
-		"10.0.0.3": {
-			IPAddress: "10.0.0.3",
+		"10.224.0.14": {
+			IPAddress: "10.224.0.14",
 			NCVersion: version,
 		},
 	},