Merge pull request #5346 from cathy-zhou/sdn-3180.upstream

trozet · web-flow · commit 3f0623628232 · 2025-07-15T15:40:58.000-04:00
VF gateway trigger errors message in updateServiceFlowCache
diff --git a/go-controller/pkg/node/default_node_network_controller.go b/go-controller/pkg/node/default_node_network_controller.go
@@ -1186,10 +1186,8 @@ func (nc *DefaultNodeNetworkController) Start(ctx context.Context) error {
 	// is not needed. Future upgrade flows will need to take DPUs into account.
 	if config.OvnKubeNode.Mode != types.NodeModeDPUHost {
 		if config.OvnKubeNode.Mode == types.NodeModeFull {
-			bridgeName := nc.Gateway.GetGatewayIface()
-			// Configure route for svc towards shared gw bridge
-			// Have to have the route to bridge for multi-NIC mode, where the default gateway may go to a non-OVS interface
-			if err := configureSvcRouteViaBridge(nc.routeManager, bridgeName); err != nil {
+			// Configure route for svc towards shared gateway interface
+			if err := configureSvcRouteViaInterface(nc.routeManager, nc.Gateway.GetGatewayIface(), DummyNextHopIPs()); err != nil {
 				return err
 			}
 		}
@@ -1655,10 +1653,6 @@ func getPMTUDKey(nodeName string) string {
 	return fmt.Sprintf("%s_pmtud", nodeName)
 }
 
-func configureSvcRouteViaBridge(routeManager *routemanager.Controller, bridge string) error {
-	return configureSvcRouteViaInterface(routeManager, bridge, DummyNextHopIPs())
-}
-
 // DummyNextHopIPs returns the fake next hops used for service traffic routing.
 // It is used in:
 // - br-ex, where we don't really care about the next hop GW in use as traffic is always routed to OVN
diff --git a/go-controller/pkg/node/gateway.go b/go-controller/pkg/node/gateway.go
@@ -465,7 +465,7 @@ func (g *gateway) GetGatewayBridgeIface() string {
 }
 
 func (g *gateway) GetGatewayIface() string {
-	return g.openflowManager.defaultBridge.getGatewayIface()
+	return g.openflowManager.defaultBridge.gwIface
 }
 
 // getMaxFrameLength returns the maximum frame size (ignoring VLAN header) that a gateway can handle
@@ -556,19 +556,11 @@ type bridgeConfiguration struct {
 	nextHops    []net.IP
 }
 
-func (b *bridgeConfiguration) getGatewayIface() string {
-	// If gwIface is set, then accelerated GW interface is present and we use it. If else use external bridge instead.
-	if b.gwIface != "" {
-		return b.gwIface
-	}
-	return b.bridgeName
-}
-
 // updateInterfaceIPAddresses sets and returns the bridge's current ips
 func (b *bridgeConfiguration) updateInterfaceIPAddresses(node *corev1.Node) ([]*net.IPNet, error) {
 	b.Lock()
 	defer b.Unlock()
-	ifAddrs, err := getNetworkInterfaceIPAddresses(b.getGatewayIface())
+	ifAddrs, err := getNetworkInterfaceIPAddresses(b.gwIface)
 	if err != nil {
 		return nil, err
 	}
diff --git a/go-controller/pkg/node/gateway_shared_intf.go b/go-controller/pkg/node/gateway_shared_intf.go
@@ -2476,15 +2476,15 @@ func newGateway(
 			// Delete stale masquerade resources if there are any. This is to make sure that there
 			// are no Linux resources with IP from old masquerade subnet when masquerade subnet
 			// gets changed as part of day2 operation.
-			if err := deleteStaleMasqueradeResources(gwBridge.getGatewayIface(), nodeName, watchFactory); err != nil {
+			if err := deleteStaleMasqueradeResources(gwBridge.gwIface, nodeName, watchFactory); err != nil {
 				return fmt.Errorf("failed to remove stale masquerade resources: %w", err)
 			}
 
-			if err := setNodeMasqueradeIPOnExtBridge(gwBridge.getGatewayIface()); err != nil {
-				return fmt.Errorf("failed to set the node masquerade IP on the ext bridge %s: %v", gwBridge.getGatewayIface(), err)
+			if err := setNodeMasqueradeIPOnExtBridge(gwBridge.gwIface); err != nil {
+				return fmt.Errorf("failed to set the node masquerade IP on the ext bridge %s: %v", gwBridge.gwIface, err)
 			}
 
-			if err := addMasqueradeRoute(routeManager, gwBridge.getGatewayIface(), nodeName, gwIPs, watchFactory); err != nil {
+			if err := addMasqueradeRoute(routeManager, gwBridge.gwIface, nodeName, gwIPs, watchFactory); err != nil {
 				return fmt.Errorf("failed to set the node masquerade route to OVN: %v", err)
 			}
 
@@ -2531,7 +2531,7 @@ func newGateway(
 			gw.openflowManager.requestFlowSync()
 		}
 
-		if err := addHostMACBindings(gwBridge.getGatewayIface()); err != nil {
+		if err := addHostMACBindings(gwBridge.gwIface); err != nil {
 			return fmt.Errorf("failed to add MAC bindings for service routing: %w", err)
 		}
 
@@ -2593,11 +2593,11 @@ func newNodePortWatcher(
 	subnets = append(subnets, config.Kubernetes.ServiceCIDRs...)
 	if config.Gateway.DisableForwarding {
 		if err := initExternalBridgeServiceForwardingRules(subnets); err != nil {
-			return nil, fmt.Errorf("failed to add accept rules in forwarding table for bridge %s: err %v", gwBridge.getGatewayIface(), err)
+			return nil, fmt.Errorf("failed to add accept rules in forwarding table for bridge %s: err %v", gwBridge.gwIface, err)
 		}
 	} else {
 		if err := delExternalBridgeServiceForwardingRules(subnets); err != nil {
-			return nil, fmt.Errorf("failed to delete accept rules in forwarding table for bridge %s: err %v", gwBridge.getGatewayIface(), err)
+			return nil, fmt.Errorf("failed to delete accept rules in forwarding table for bridge %s: err %v", gwBridge.gwIface, err)
 		}
 	}
 
@@ -2615,7 +2615,7 @@ func newNodePortWatcher(
 		gatewayIPv4:    gatewayIPv4,
 		gatewayIPv6:    gatewayIPv6,
 		ofportPhys:     ofportPhys,
-		gwBridge:       gwBridge.getGatewayIface(),
+		gwBridge:       gwBridge.bridgeName,
 		serviceInfo:    make(map[ktypes.NamespacedName]*serviceConfig),
 		nodeIPManager:  nodeIPManager,
 		ofm:            ofm,
diff --git a/go-controller/pkg/node/gateway_udn.go b/go-controller/pkg/node/gateway_udn.go
@@ -268,7 +268,7 @@ func NewUserDefinedNetworkGateway(netInfo util.NetInfo, node *corev1.Node, nodeL
 	if gw.openflowManager == nil {
 		return nil, fmt.Errorf("openflow manager has not been provided for network: %s", netInfo.GetNetworkName())
 	}
-	intfName := gw.openflowManager.defaultBridge.getGatewayIface()
+	intfName := gw.openflowManager.defaultBridge.gwIface
 	link, err := util.GetNetLinkOps().LinkByName(intfName)
 	if err != nil {
 		return nil, fmt.Errorf("unable to get link for %s, error: %v", intfName, err)
diff --git a/go-controller/pkg/node/gateway_udn_test.go b/go-controller/pkg/node/gateway_udn_test.go
@@ -343,7 +343,7 @@ func checkUDNSvcIsolationOVSFlows(flows []string, netConfig *bridgeUDNConfigurat
 
 func getDummyOpenflowManager() *openflowManager {
 	gwBridge := &bridgeConfiguration{
-		gwIface:    "",
+		gwIface:    "breth0",
 		bridgeName: "breth0",
 	}
 	ofm := &openflowManager{
diff --git a/go-controller/pkg/node/node_ip_handler_linux_test.go b/go-controller/pkg/node/node_ip_handler_linux_test.go
@@ -401,7 +401,7 @@ func configureKubeOVNContext(nodeName string, useNetlink bool) *testCtx {
 	mpmock := &nodemocks.ManagementPort{}
 	mpmock.On("GetAddresses").Return([]*net.IPNet{tc.mgmtPortIP4, tc.mgmtPortIP6})
 
-	fakeBridgeConfiguration := &bridgeConfiguration{bridgeName: "breth0"}
+	fakeBridgeConfiguration := &bridgeConfiguration{bridgeName: "breth0", gwIface: "breth0"}
 
 	k := &kube.Kube{KClient: tc.fakeClient}
 	tc.ipManager = newAddressManagerInternal(nodeName, k, mpmock, tc.watchFactory, fakeBridgeConfiguration, useNetlink)

Original file line number	Diff line number	Diff line change
`@@ -2476,15 +2476,15 @@ func newGateway(`
`2476`	`2476`	`// Delete stale masquerade resources if there are any. This is to make sure that there`
`2477`	`2477`	`// are no Linux resources with IP from old masquerade subnet when masquerade subnet`
`2478`	`2478`	`// gets changed as part of day2 operation.`
`2479`		`- if err := deleteStaleMasqueradeResources(gwBridge.getGatewayIface(), nodeName, watchFactory); err != nil {`
	`2479`	`+ if err := deleteStaleMasqueradeResources(gwBridge.gwIface, nodeName, watchFactory); err != nil {`
`2480`	`2480`	`return fmt.Errorf("failed to remove stale masquerade resources: %w", err)`
`2481`	`2481`	`}`
`2482`	`2482`
`2483`		`- if err := setNodeMasqueradeIPOnExtBridge(gwBridge.getGatewayIface()); err != nil {`
`2484`		`- return fmt.Errorf("failed to set the node masquerade IP on the ext bridge %s: %v", gwBridge.getGatewayIface(), err)`
	`2483`	`+ if err := setNodeMasqueradeIPOnExtBridge(gwBridge.gwIface); err != nil {`
	`2484`	`+ return fmt.Errorf("failed to set the node masquerade IP on the ext bridge %s: %v", gwBridge.gwIface, err)`
`2485`	`2485`	`}`
`2486`	`2486`
`2487`		`- if err := addMasqueradeRoute(routeManager, gwBridge.getGatewayIface(), nodeName, gwIPs, watchFactory); err != nil {`
	`2487`	`+ if err := addMasqueradeRoute(routeManager, gwBridge.gwIface, nodeName, gwIPs, watchFactory); err != nil {`
`2488`	`2488`	`return fmt.Errorf("failed to set the node masquerade route to OVN: %v", err)`
`2489`	`2489`	`}`
`2490`	`2490`
`@@ -2531,7 +2531,7 @@ func newGateway(`
`2531`	`2531`	`gw.openflowManager.requestFlowSync()`
`2532`	`2532`	`}`
`2533`	`2533`
`2534`		`- if err := addHostMACBindings(gwBridge.getGatewayIface()); err != nil {`
	`2534`	`+ if err := addHostMACBindings(gwBridge.gwIface); err != nil {`
`2535`	`2535`	`return fmt.Errorf("failed to add MAC bindings for service routing: %w", err)`
`2536`	`2536`	`}`
`2537`	`2537`
`@@ -2593,11 +2593,11 @@ func newNodePortWatcher(`
`2593`	`2593`	`subnets = append(subnets, config.Kubernetes.ServiceCIDRs...)`
`2594`	`2594`	`if config.Gateway.DisableForwarding {`
`2595`	`2595`	`if err := initExternalBridgeServiceForwardingRules(subnets); err != nil {`
`2596`		`- return nil, fmt.Errorf("failed to add accept rules in forwarding table for bridge %s: err %v", gwBridge.getGatewayIface(), err)`
	`2596`	`+ return nil, fmt.Errorf("failed to add accept rules in forwarding table for bridge %s: err %v", gwBridge.gwIface, err)`
`2597`	`2597`	`}`
`2598`	`2598`	`} else {`
`2599`	`2599`	`if err := delExternalBridgeServiceForwardingRules(subnets); err != nil {`
`2600`		`- return nil, fmt.Errorf("failed to delete accept rules in forwarding table for bridge %s: err %v", gwBridge.getGatewayIface(), err)`
	`2600`	`+ return nil, fmt.Errorf("failed to delete accept rules in forwarding table for bridge %s: err %v", gwBridge.gwIface, err)`
`2601`	`2601`	`}`
`2602`	`2602`	`}`
`2603`	`2603`
`@@ -2615,7 +2615,7 @@ func newNodePortWatcher(`
`2615`	`2615`	`gatewayIPv4: gatewayIPv4,`
`2616`	`2616`	`gatewayIPv6: gatewayIPv6,`
`2617`	`2617`	`ofportPhys: ofportPhys,`
`2618`		`- gwBridge: gwBridge.getGatewayIface(),`
	`2618`	`+ gwBridge: gwBridge.bridgeName,`
`2619`	`2619`	`serviceInfo: make(map[ktypes.NamespacedName]*serviceConfig),`
`2620`	`2620`	`nodeIPManager: nodeIPManager,`
`2621`	`2621`	`ofm: ofm,`
Original file line number	Diff line number	Diff line change
`@@ -268,7 +268,7 @@ func NewUserDefinedNetworkGateway(netInfo util.NetInfo, node *corev1.Node, nodeL`
`268`	`268`	`if gw.openflowManager == nil {`
`269`	`269`	`return nil, fmt.Errorf("openflow manager has not been provided for network: %s", netInfo.GetNetworkName())`
`270`	`270`	`}`
`271`		`- intfName := gw.openflowManager.defaultBridge.getGatewayIface()`
	`271`	`+ intfName := gw.openflowManager.defaultBridge.gwIface`
`272`	`272`	`link, err := util.GetNetLinkOps().LinkByName(intfName)`
`273`	`273`	`if err != nil {`
`274`	`274`	`return nil, fmt.Errorf("unable to get link for %s, error: %v", intfName, err)`
Original file line number	Diff line number	Diff line change
`@@ -343,7 +343,7 @@ func checkUDNSvcIsolationOVSFlows(flows []string, netConfig *bridgeUDNConfigurat`
`343`	`343`
`344`	`344`	`func getDummyOpenflowManager() *openflowManager {`
`345`	`345`	`gwBridge := &bridgeConfiguration{`
`346`		`- gwIface: "",`
	`346`	`+ gwIface: "breth0",`
`347`	`347`	`bridgeName: "breth0",`
`348`	`348`	`}`
`349`	`349`	`ofm := &openflowManager{`