[wip] Fix GARP sending 0.0.0.0 due to incorrect IPv4 byte extraction #2803
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
Enable tracking used MAC addresses with owner identification. Enabling MAC addresses conflict detection when multiple entities try to use the same address within the same network. The MAC manager will be integrated with cluster-manager's pod-allocator code in follow-up commits. Since pod-allocator run by multiple Goroutines, use Mutex to prevent race conditions on reserve and release MACs. Signed-off-by: Ram Lavi <[email protected]> Co-authored-by: Or Mergi <[email protected]>
Integrate the MAC manager to podAllocator, instantiate the MAC manager on primary L2 networks UDNs with persistentIPs enabled, when EnablePreconfiguredUDNAddresses is enabled. The pod-allocator is instantiated for each network, thus network isolation is maintained. MACs can reused in different UDNs. On pod allocation, record the used MAC address and its owner-id, if already used raise MAC conflict error. Compose the owner-id in the following format: <pod.metadata.namespace>/<metadata.name> E.g: Given pod namespace=blue, name=mypod, owner-id is blue/mypod To allow VM migration scenario, where two pods should use the same MAC, relax MAC conflicts by composing the owner-id from the associated VM name: <pod.metadata.namespace>/<VM name label value> E.g: Given pod namespace=blue, name=virt-launcher-myvm-abc123 VM name=myvm, owner id is "blue/mypod". The VM name is reflected by the "vm.kubevirt.io/name" label In addition, in a scenario of repeated request (same mac & owner) that was already handled, being rollback due to failure (e.g.: pod update failure), do not release the reserved MAC as part of the pod-allocation rollback. MAC addresses release on pod deletion, and initializing the MAC manager on start up will be done in follow-up commits. Signed-off-by: Ram Lavi <[email protected]> Co-authored-by: Or Mergi <[email protected]>
Emit pod event when MAC conflict is detected during pod allocation process. Avoid user-defined network name leak to pod events, as they are visible by non cluster-admin users. Signed-off-by: Or Mergi <[email protected]>
On pod deletion, remove the MAC address used by the pod from the MAC manager store. To allow VM migration scenario, do not release the MAC when there is at least one VM pod that is not in complete state. Resolve the VM pod owner-id by composing the owner-id from the associated VM name. Initializing the MAC manager on start up will be done in follow-up commits. Signed-off-by: Ram Lavi <[email protected]> Co-authored-by: Or Mergi <[email protected]>
Initialize the pod allocator MAC manager MACs of the network GW and management ports, preventing conflicts with new pods requesting those MACs. The MAC manager is instantiated on primary L2 UDNs with persistent IPs enabled, when EnablePreconfiguredUDNAddresses. The network logical switch has GW (.1) and management (.2) ports. Their MAC address is generated from the IP address. Calculate the GW and management MAC addresses from their IP addresses. Signed-off-by: Or Mergi <[email protected]> Co-authored-by: Ram Lavi <[email protected]>
Initialize the pod-allocator MAC manager with MACs of existing pods in the network. Preventing unexpected conflicts in scenarios where the control-plane restarts. The MAC manager is instantiated on primary L2 UDNs with persistent IPs enabled, when EnablePreconfiguredUDNAddresses. VMs can have multiple associated pods with the same MAC address (migration scenario). Allow VM associated pods have the same MAC, by composing the owner-id from the associated VM name. Signed-off-by: Ram Lavi <[email protected]>
Signed-off-by: Or Mergi <[email protected]>
Signed-off-by: Or Mergi <[email protected]>
In a scenario of primary CUDN where multiple NAD exist all with the same spec,
NetworkInfo.GetNADs return multiple NADs of the selected namespaces.
The GetPodNADToNetworkMappingWithActiveNetwork helper, assume the
active-network (NetworkInfo{}) consist of single NAD, and return
the mapping with the first NAD of the active-network it found.
This approach fall short when the given pod is connected to CUDN that span
over multiple namespaces, i.e.: active network consist of multiple NADs.
The helper return inconsistent mapping where the NAD key doesn't match
the pod namespace (NAD of another namespaces).
Chagne the helper to find the active-network matching NAD; the NAD that
reside at the same namespace as the given pod (matching namespace)
Change test to always set an appropriate namespace to the tested pod.
Extend the test suite to allow injecting multiple NADs for the
active-network, and simulating the CUDN use-case.
Signed-off-by: Or Mergi <[email protected]>
Not waiting for `killall` to terminate can cause the Kubevirt console expecter/matcher to incorrectly match the negative case. This occurs because the "Exit 1" string may prematurely appear in the output. Signed-off-by: Enrique Llorente <[email protected]>
…heck udn, primary, layer2: Detect MAC conflicts
kv, e2e: Add --wait to killall
docs: Add instructions for CI failures
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kyrtapz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
net.ParseIP() returns 16-byte IPv4-mapped IPv6 format where IPv4 bytes are at the END, not beginning. [4]byte(garp.IP) took wrong bytes. Fixed by calling To4() before, forcing validated creation via NewGARP(). Interface prevents bypassing extracting the correct IPv4 address. Signed-off-by: Patryk Diak <[email protected]>
IPv6 equivalent of GARP functionality for EgressIP failover. Sends unsolicited NAs when IPv6 addresses are added to secondary host interfaces. Signed-off-by: Patryk Diak <[email protected]>
|
/test images |
|
@kyrtapz: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ovn-kubernetes/ovn-kubernetes#5654