Disable RA for interfaces created by CNI (#567)

Author: tamilmani1989

network/bridge_networkclient_linux.go

@@ -39,7 +39,11 @@ func (client *LinuxBridgeClient) CreateBridge() error {
 		},
 	}
 
-	return netlink.AddLink(&link)
+	if err := netlink.AddLink(&link); err != nil {
+		return err
+	}
+
+	return epcommon.DisableRAForInterface(client.bridgeName)
 }
 
 func (client *LinuxBridgeClient) DeleteBridge() error {

network/epcommon/endpoint_common.go

@@ -31,6 +31,7 @@ const (
 	enableIPForwardCmd   = "sysctl -w net.ipv4.ip_forward=1"
 	toggleIPV6Cmd        = "sysctl -w net.ipv6.conf.all.disable_ipv6=%d"
 	enableIPV6ForwardCmd = "sysctl -w net.ipv6.conf.all.forwarding=1"
+	disableRACmd         = "sysctl -w net.ipv6.conf.%s.accept_ra=0"
 )
 
 func getPrivateIPSpace() []string {
@@ -71,6 +72,10 @@ func CreateEndpoint(hostVethName string, containerVethName string) error {
 		return err
 	}
 
+	if err := DisableRAForInterface(hostVethName); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -87,6 +92,10 @@ func SetupContainerInterface(containerVethName string, targetIfName string) erro
 		return err
 	}
 
+	if err := DisableRAForInterface(targetIfName); err != nil {
+		return err
+	}
+
 	// Bring the interface back up.
 	log.Printf("[net] Setting link %v state up.", targetIfName)
 	return netlink.SetLinkState(targetIfName, true)
@@ -228,3 +237,13 @@ func AddSnatRule(match string, ip net.IP) error {
 	target := fmt.Sprintf("SNAT --to %s", ip.String())
 	return iptables.InsertIptableRule(version, iptables.Nat, iptables.Postrouting, match, target)
 }
+
+func DisableRAForInterface(ifName string) error {
+	cmd := fmt.Sprintf(disableRACmd, ifName)
+	out, err := platform.ExecuteCommand(cmd)
+	if err != nil {
+		log.Errorf("[net] Diabling ra failed with err: %v out: %v", err, out)
+	}
+
+	return err
+}

network/ovs_networkclient_linux.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 
 	"github.com/Azure/azure-container-networking/log"
+	"github.com/Azure/azure-container-networking/network/epcommon"
 	"github.com/Azure/azure-container-networking/ovsctl"
 )
 
@@ -72,6 +73,10 @@ func (client *OVSNetworkClient) CreateBridge() error {
 		}
 	}()
 
+	if err := epcommon.DisableRAForInterface(client.bridgeName); err != nil {
+		return err
+	}
+
 	return updateOVSConfig(ovsOpt)
 }
 

network/ovssnat/ovssnat.go

@@ -342,6 +342,10 @@ func CreateSnatBridge(snatBridgeIP string, mainInterface string) error {
 		return nil
 	}
 
+	if err := epcommon.DisableRAForInterface(SnatBridgeName); err != nil {
+		return err
+	}
+
 	vethLink := netlink.VEthLink{
 		LinkInfo: netlink.LinkInfo{
 			Type: netlink.LINK_TYPE_VETH,
@@ -356,6 +360,14 @@ func CreateSnatBridge(snatBridgeIP string, mainInterface string) error {
 		return err
 	}
 
+	if err := epcommon.DisableRAForInterface(azureSnatVeth0); err != nil {
+		return err
+	}
+
+	if err := epcommon.DisableRAForInterface(azureSnatVeth1); err != nil {
+		return err
+	}
+
 	log.Printf("Assigning %v on snat bridge", snatBridgeIP)
 
 	ip, addr, _ := net.ParseCIDR(snatBridgeIP)