Prefix on NIC v6 support

Author: kadevu

azure-ipam/ipam.go

@@ -130,30 +130,42 @@ func (p *IPAMPlugin) CmdAdd(args *cniSkel.CmdArgs) error {
 				IP:   net.ParseIP(ipNet.Addr().String()),
 				Mask: net.CIDRMask(ipNet.Bits(), 32), // nolint
 			}
-
-			ipConfig.Gateway = (*gatewayIP)[i]
 		} else {
 			ipConfig.Address = net.IPNet{
 				IP:   net.ParseIP(ipNet.Addr().String()),
 				Mask: net.CIDRMask(ipNet.Bits(), 128), // nolint
 			}
-
-			ipConfig.Gateway = (*gatewayIP)[i]
 		}
+		ipConfig.Gateway = (*gatewayIP)[i]
 		cniResult.IPs[i] = ipConfig
 	}
 
-	cniResult.Interfaces = make([]*types100.Interface, 1)
-	interfaceMap := make(map[string]bool)
-	cniResult.Interfaces = make([]*types100.Interface, 0, len(resp.PodIPInfo))
+	cniResult.Interfaces = []*types100.Interface{}
+	seenInterfaces := map[string]bool{}
+
 	for _, podIPInfo := range resp.PodIPInfo {
-		if _, exists := interfaceMap[podIPInfo.InterfaceName]; !exists {
-			cniResult.Interfaces = append(cniResult.Interfaces, &types100.Interface{
-				Name: podIPInfo.InterfaceName, // Populate interface name based on MacAddress
-				Mac:  podIPInfo.MacAddress,
-			})
-			interfaceMap[podIPInfo.InterfaceName] = true
+		if podIPInfo.MacAddress == "" {
+			continue
+		}
+
+		// Skip if interface already seen
+		// This is to avoid duplicate interfaces in the result
+		// which can happen if multiple IPs are assigned to the same interface
+		// or if multiple interfaces are assigned to the same pod
+		if seenInterfaces[podIPInfo.MacAddress] {
+			continue
+		}
+
+		infMac, err := net.ParseMAC(podIPInfo.MacAddress)
+		if err != nil {
+			p.logger.Error("Failed to parse interface MAC address", zap.Error(err), zap.String("macAddress", podIPInfo.MacAddress))
+			return cniTypes.NewError(cniTypes.ErrUnsupportedField, err.Error(), "failed to parse interface MAC address")
 		}
+
+		cniResult.Interfaces = append(cniResult.Interfaces, &types100.Interface{
+			Mac: infMac.String(),
+		})
+		seenInterfaces[podIPInfo.MacAddress] = true
 	}
 
 	// Get versioned result

azure-ipam/ipconfig/ipconfig.go

@@ -69,6 +69,8 @@ func ProcessIPConfigsResp(resp *cns.IPConfigsResponse) (*[]netip.Prefix, *[]net.
 	gatewaysIPs := make([]net.IP, len(resp.PodIPInfo))
 
 	for i := range resp.PodIPInfo {
+		var gatewayIP net.IP
+
 		podCIDR := fmt.Sprintf(
 			"%s/%d",
 			resp.PodIPInfo[i].PodIPConfig.IPAddress,
@@ -81,21 +83,14 @@ func ProcessIPConfigsResp(resp *cns.IPConfigsResponse) (*[]netip.Prefix, *[]net.
 		podIPNets[i] = podIPNet
 
 		if podIPNet.Addr().Is4() {
-			gatewayIP := net.ParseIP(resp.PodIPInfo[i].NetworkContainerPrimaryIPConfig.GatewayIPAddress)
-
-			if gatewayIP == nil {
-				return nil, nil, errors.New("cns returned invalid gateway IP address")
-			}
-			gatewaysIPs[i] = gatewayIP
+			gatewayIP = net.ParseIP(resp.PodIPInfo[i].NetworkContainerPrimaryIPConfig.GatewayIPAddress)
 		} else if podIPNet.Addr().Is6() {
-			gatewayIP := net.ParseIP(resp.PodIPInfo[i].NetworkContainerPrimaryIPConfig.GatewayIPv6Address)
+			gatewayIP = net.ParseIP(resp.PodIPInfo[i].NetworkContainerPrimaryIPConfig.GatewayIPv6Address)
+		}
 
-			if gatewayIP == nil {
-				return nil, nil, errors.New("cns returned invalid gateway IPv6 address")
-			}
+		if gatewayIP != nil {
 			gatewaysIPs[i] = gatewayIP
 		}
-
 	}
 
 	return &podIPNets, &gatewaysIPs, nil

cns/NetworkContainerContract.go

@@ -129,7 +129,6 @@ type CreateNetworkContainerRequest struct {
 	EndpointPolicies           []NetworkContainerRequestPolicies
 	NCStatus                   v1alpha.NCStatus
 	NetworkInterfaceInfo       NetworkInterfaceInfo //nolint // introducing new field for backendnic, to be used later by cni code
-	IPFamilies                 map[IPFamily]struct{}
 }
 
 func (req *CreateNetworkContainerRequest) Validate() error {

cns/kubecontroller/nodenetworkconfig/conversion_linux.go

@@ -15,7 +15,6 @@ import (
 //nolint:gocritic //ignore hugeparam
 func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPrefix netip.Prefix, subnet cns.IPSubnet) (*cns.CreateNetworkContainerRequest, error) {
 	secondaryIPConfigs := map[string]cns.SecondaryIPConfig{}
-	ipFamilies := map[cns.IPFamily]struct{}{}
 
 	// in the case of vnet prefix on swift v2 the primary IP is a /32 and should not be added to secondary IP configs
 	if !primaryIPPrefix.IsSingleIP() {
@@ -46,13 +45,6 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre
 					NCVersion: int(nc.Version),
 				}
 			}
-
-			// adds the IPFamily of the secondary CIDR to the set
-			if cidrPrefix.Addr().Is4() {
-				ipFamilies[cns.IPv4Family] = struct{}{}
-			} else {
-				ipFamilies[cns.IPv6Family] = struct{}{}
-			}
 		}
 	}
 
@@ -67,8 +59,7 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre
 			GatewayIPAddress:   nc.DefaultGateway,
 			GatewayIPv6Address: nc.DefaultGatewayV6,
 		},
-		NCStatus:   nc.Status,
-		IPFamilies: ipFamilies,
+		NCStatus: nc.Status,
 		NetworkInterfaceInfo: cns.NetworkInterfaceInfo{
 			MACAddress: nc.MacAddress,
 		},

cns/restserver/internalapi_test.go

@@ -8,7 +8,6 @@ import (
 	"fmt"
 	"math/rand"
 	"net"
-	"net/netip"
 	"os"
 	"reflect"
 	"strconv"
@@ -914,23 +913,12 @@ func generateNetworkContainerRequest(secondaryIps map[string]cns.SecondaryIPConf
 	ipSubnet.IPAddress = primaryIP
 	ipSubnet.PrefixLength = subnetPrfixLength
 	ipConfig.IPSubnet = ipSubnet
-	
-	ipFamilies := map[cns.IPFamily]struct{}{}
-	for _, secIPConfig := range secondaryIps {
-		IP, _ := netip.ParseAddr(secIPConfig.IPAddress)
-		if IP.Is4() {
-			ipFamilies[cns.IPv4Family] = struct{}{}
-		} else {
-			ipFamilies[cns.IPv6Family] = struct{}{}
-		}
-	}
 
 	req := cns.CreateNetworkContainerRequest{
 		NetworkContainerType: dockerContainerType,
 		NetworkContainerid:   ncID,
 		IPConfiguration:      ipConfig,
 		Version:              ncVersion,
-		IPFamilies:           ipFamilies,
 	}
 
 	ncVersionInInt, _ := strconv.Atoi(ncVersion)

cns/restserver/ipam.go

@@ -25,7 +25,6 @@ var (
 	ErrStoreEmpty             = errors.New("empty endpoint state store")
 	ErrParsePodIPFailed       = errors.New("failed to parse pod's ip")
 	ErrNoNCs                  = errors.New("no NCs found in the CNS internal state")
-	ErrNoIPFamilies           = errors.New("No IP Families found on NCs")
 	ErrOptManageEndpointState = errors.New("CNS is not set to manage the endpoint state")
 	ErrEndpointStateNotFound  = errors.New("endpoint state could not be found in the statefile")
 	ErrGetAllNCResponseEmpty  = errors.New("failed to get NC responses from statefile")
@@ -107,7 +106,6 @@ func (service *HTTPRestService) requestIPConfigHandlerHelper(ctx context.Context
 	}
 
 	podIPInfoResult = append(podIPInfoResult, podIPInfo...)
-
 	return &cns.IPConfigsResponse{
 		Response: cns.Response{
 			ReturnCode: types.Success,
@@ -1003,8 +1001,20 @@ func (service *HTTPRestService) AssignAvailableIPConfigs(podInfo cns.PodInfo) ([
 
 	// Gets the IPFamilies from all NCs and store them in a map. This will be used to determine the number of IPs to return
 	for ncID := range service.state.ContainerStatus {
-		for ipFamily := range service.state.ContainerStatus[ncID].CreateNetworkContainerRequest.IPFamilies {
-			ipFamilies[ipFamily] = struct{}{}
+		if len(ipFamilies) == 2 {
+			break
+		}
+
+		for _, secIPConfig := range service.state.ContainerStatus[ncID].CreateNetworkContainerRequest.SecondaryIPConfigs {
+			if len(ipFamilies) == 2 {
+				break
+			}
+
+			if net.ParseIP(secIPConfig.IPAddress).To4() != nil {
+				ipFamilies[cns.IPv4Family] = struct{}{}
+			} else {
+				ipFamilies[cns.IPv6Family] = struct{}{}
+			}
 		}
 	}
 
@@ -1034,7 +1044,7 @@ func (service *HTTPRestService) AssignAvailableIPConfigs(podInfo cns.PodInfo) ([
 			ipStateFamily = cns.IPv6Family
 		}
 
-		key := ipState.NCID + string(ipStateFamily)
+		key := generateAssignedIPKey(ipState.NCID, ipStateFamily)
 
 		// check if the IP with the same family type exists already
 		if _, ncIPFamilyAlreadyMarkedForAssignment := ipsToAssign[key]; ncIPFamilyAlreadyMarkedForAssignment {
@@ -1054,8 +1064,8 @@ func (service *HTTPRestService) AssignAvailableIPConfigs(podInfo cns.PodInfo) ([
 	// Checks to make sure we found one IP for each NCxIPFamily
 	if len(ipsToAssign) != numberOfIPs {
 		for ncID := range service.state.ContainerStatus {
-			for ipFamily := range service.state.ContainerStatus[ncID].CreateNetworkContainerRequest.IPFamilies {
-				if _, found := ipsToAssign[ncID+string(ipFamily)]; found {
+			for ipFamily := range ipFamilies {
+				if _, found := ipsToAssign[generateAssignedIPKey(ncID, ipFamily)]; found {
 					continue
 				}
 				return podIPInfo, errors.Errorf("not enough IPs available of type %s for %s, waiting on Azure CNS to allocate more with NC Status: %s",
@@ -1099,6 +1109,10 @@ func (service *HTTPRestService) AssignAvailableIPConfigs(podInfo cns.PodInfo) ([
 	return podIPInfo, nil
 }
 
+func generateAssignedIPKey(ncID string, ipFamily cns.IPFamily) string {
+	return fmt.Sprintf("%s_%s", ncID, string(ipFamily))
+}
+
 // If IPConfigs are already assigned to the pod, it returns that else it returns the available ipconfigs.
 func requestIPConfigsHelper(service *HTTPRestService, req cns.IPConfigsRequest) ([]cns.PodIpInfo, error) {
 	// check if ipconfigs already assigned to this pod and return if exists or error

cns/restserver/restserver.go

@@ -92,7 +92,6 @@ type HTTPRestService struct {
 	PnpIDByMacAddress          map[string]string
 	imdsClient                 imdsClient
 	nodesubnetIPFetcher        *nodesubnet.IPFetcher
-	IPFamilies                 []cns.IPFamily
 }
 
 type CNIConflistGenerator interface {

cns/restserver/util.go

@@ -171,8 +171,6 @@ func (service *HTTPRestService) saveNetworkContainerGoalState(req cns.CreateNetw
 		hostVersion = "-1"
 	}
 
-	hostVersion = req.Version
-
 	// Remove the auth token before saving the containerStatus to cns json file
 	createNetworkContainerRequest := req
 	createNetworkContainerRequest.AuthorizationToken = ""
@@ -848,7 +846,7 @@ func (service *HTTPRestService) populateIPConfigInfoUntransacted(ipConfigStatus
 	podIPInfo.HostPrimaryIPInfo.Subnet = primaryHostInterface.Subnet
 	podIPInfo.HostPrimaryIPInfo.Gateway = primaryHostInterface.Gateway
 	podIPInfo.MacAddress = ncStatus.CreateNetworkContainerRequest.NetworkInterfaceInfo.MACAddress
-	podIPInfo.NICType = cns.InfraNIC // Update this to DelegatedNIC when it is Prefix on NIC v6
+	podIPInfo.NICType = cns.InfraNIC
 
 	return nil
 }

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/avast/retry-go/v3 v3.1.1
 	github.com/avast/retry-go/v4 v4.6.1
 	github.com/billgraziano/dpapi v0.5.0
-	github.com/containernetworking/cni v1.2.3
+	github.com/containernetworking/cni v1.2.2
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/golang/mock v1.6.0
@@ -25,7 +25,7 @@ require (
 	github.com/microsoft/ApplicationInsights-Go v0.4.4
 	github.com/nxadm/tail v1.4.11
 	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/gomega v1.36.0
+	github.com/onsi/gomega v1.33.1
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.21.1
@@ -202,5 +202,3 @@ retract (
 	v1.16.15 // typo in the version number.
 	v1.15.22 // typo in the version number.
 )
-
-replace github.com/Azure/azure-container-networking => ./azure-container-networking

go.sum

@@ -88,10 +88,8 @@ github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151X
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
 github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso=
 github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g=
-github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8FuJbEslXM=
-github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M=
-github.com/containernetworking/plugins v1.6.2 h1:pqP8Mq923TLyef5g97XfJ/xpDeVek4yF8A4mzy9Tc4U=
-github.com/containernetworking/plugins v1.6.2/go.mod h1:SP5UG3jDO9LtmfbBJdP+nl3A1atOtbj2MBOYsnaxy64=
+github.com/containernetworking/cni v1.2.2 h1:9IbP6KJQQxVKo4hhnm8r50YcVKrJbJu3Dqw+Rbt1vYk=
+github.com/containernetworking/cni v1.2.2/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M=
 github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc=
 github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
@@ -299,8 +297,8 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU=
 github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg=
-github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.10.0 h1:Gwkk+PTu/nfOwNMtUB/mRUv0X7ewW5dO4AERT1ThVKo=
 github.com/onsi/gomega v1.10.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=