Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add multi IP support for SBR #623

Merged
merged 2 commits into from
May 19, 2021

Conversation

anuragensemble
Copy link
Contributor

@anuragensemble anuragensemble commented Apr 27, 2021

[sbr]: Use different tableID for every ipCfg
Move default table routes which match the ipCfg config

This allows SBR plugin to accommodate for multi-ip interfaces

Fixes #581

Signed-off-by: Anurag Dwivedi anuragensemble1@gmail.com

       Move default table routes which  match the ipCfg config

    This allows SBR plugin to accommodate for multi-ip interfaces

    Fixes containernetworking#581

Signed-off-by: Anurag Dwivedi <anuragensemble1@gmail.com>
@anuragensemble anuragensemble marked this pull request as ready for review April 27, 2021 07:09
@squeed
Copy link
Member

squeed commented Apr 28, 2021

hey @plwhite can you give this a look-over? Thanks!

@plwhite
Copy link
Contributor

plwhite commented May 3, 2021

Sorry, I've been out of office for a couple of days, but will get to this in the next day or so.

@squeed
Copy link
Member

squeed commented May 5, 2021

You need to fix gofmt, FYI.

Table: 101,
LinkIndex: expNet1.Routes[i].LinkIndex})
} else {
// All 192.168.1.x routes expected in tabele 100
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trivial typo: "tabele" should be "table"

Table: 101,
LinkIndex: expNet1.Routes[0].LinkIndex})

// 2 Rules will ve created for each IP address. (100, 101)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trivial typo: "ve" should be "be"


// Use a different table for each ipCfg
table++
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the other places where a table ID is generated there are a few lines of code to make sure that the table isn't already in use. I think you strictly ought to do that here - i.e. take the little bit of code around firstTableID and turn it into a simple subroutine so it does the same checks in both places.

This is unlikely to go wrong, but if it does it would be horrible to have to figure out.

@plwhite
Copy link
Contributor

plwhite commented May 7, 2021

Sorry for the delay - generally looks good to me. I've added a few notes, mostly about comments but one minor code issue.

I think this merits updating the docs at https://www.cni.dev/plugins/current/meta/sbr/ - just a couple of lines explaining what the expected behaviour for routes and rules is with multiple IP addresses on an interface.

@anuragensemble
Copy link
Contributor Author

Thanks @squeed and @plwhite . Was away for a few days. Will update the request in a day or two.

       Check tableID not in use for every ipCfg

       This allows SBR plugin to accommodate for multi-ip interfaces

       Fixes containernetworking#581

Signed-off-by: Anurag Dwivedi <anuragensemble1@gmail.com>
@anuragensemble
Copy link
Contributor Author

Hi, @squeed and @plwhite , I have updated the review. Please review at your convenience.

Post confirmation I can add a few lines in the doc about multi-ip scenario (The behavior remains consistent with the current definition, just a footnote about separating the routes meant for different IPs on a single interface into different routing tables as well. )

@plwhite
Copy link
Contributor

plwhite commented May 17, 2021

LGTM - thanks for the updates.

@squeed
Copy link
Member

squeed commented May 19, 2021

/lgtm (assuming CI passes)

@dcbw dcbw merged commit 6618a0a into containernetworking:master May 19, 2021
@dcbw
Copy link
Member

dcbw commented May 19, 2021

Thanks!

@svallala
Copy link

svallala commented May 20, 2021

@anuragensemble @plwhite @squeed, seems like an issue with this check in. I have a Pod with 2 interfaces.

[root@c-2-server-01 /]# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0@if325: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP
inet6 fd74:ca9b:3a09:868c:172:18:0:41c/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::2881:62ff:fe79:14ab/64 scope link
valid_lft forever preferred_lft forever
39: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 state UP qlen 1000
inet6 fd74:ca9b:3a09:868e:c0:a8:c:71/64 scope global
valid_lft forever preferred_lft forever
inet6 fd74:ca9b:3a09:8660:c0:a8:1:70/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::84d7:58ff:fe91:384/64 scope link
valid_lft forever preferred_lft forever

Each of the IPs here has a default gateway, rightly eth0 is added to the default gateway

[root@c-2-server-01 /]# ip -6 route
fd74:ca9b:3a09:868c:172:18:0:41c dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::ecee:eeff:feee:eeee dev eth0 metric 1024 pref medium

Each IP subnet for interface eth1, has a default gateway and rightly there are two additional routing tables, that is what your change is fixing.

[root@c-2-server-01 /]# ip -6 rule
0: from all lookup local
32764: from fd74:ca9b:3a09:868e:c0:a8:c:71 lookup 101
32765: from fd74:ca9b:3a09:8660:c0:a8:1:70 lookup 100
32766: from all lookup main

[root@c-2-server-01 /]# ip -6 route show table 100
fd74:ca9b:3a09:8660::/64 dev eth1 proto kernel metric 256 pref medium
fd74:ca9b:3a09:868e::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fd74:ca9b:3a09:8660::1 dev eth1 metric 1024 pref medium

[root@c-2-server-01 /]# ip -6 route show table 101
fd74:ca9b:3a09:8660::/64 dev eth1 proto kernel metric 256 pref medium
fd74:ca9b:3a09:868e::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default via fd74:ca9b:3a09:868e::1 dev eth1 metric 1024 pref medium

The issue here is that for table 100 where the source lookup is fd74:ca9b:3a09:8660:c0:a8:1:70, it should not have a route entry for fd74:ca9b:3a09:868e::/64 subnet, same is the case with table 101.

I think traffic will still flow fine, but it is not correct that the directly connected networks are spanning both tables. I stand corrected if this is expected behavior since the interface does have the subnet.

Regards
Shravan

@anuragensemble
Copy link
Contributor Author

@svallala , Can you please share the network-attachment-definition spec for the above case. In the recent update we are performing subnet matching on the routes added by the previous plugin (+ by interface creation) and moving them into their respective routing tables.

Requesting the full NAD spec to make a more informed comment about the validity of the logic.

@svallala
Copy link

svallala commented May 25, 2021

@anuragensemble, please find the NAD. If you are looking for the IP addresses allocated, you might not get that information. Sending you the IPAM response that the plugin would have received.

apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
annotations:
k8s.v1.cni.cncf.io/resourceName: intel.com/enp175s0f0_iavf
creationTimestamp: "2021-05-25T04:44:37Z"
generation: 1
labels:
robin.io/cni: sriov
robin.io/domain: ROBIN
managedFields:

  • apiVersion: k8s.cni.cncf.io/v1
    fieldsType: FieldsV1
    fieldsV1:
    f:metadata:
    f:annotations:
    .: {}
    f:k8s.v1.cni.cncf.io/resourceName: {}
    f:labels:
    .: {}
    f:robin.io/cni: {}
    f:robin.io/domain: {}
    f:spec:
    .: {}
    f:config: {}
    manager: kubectl-create
    operation: Update
    time: "2021-05-25T04:44:37Z"
    name: c-1-server-01-net1
    namespace: t001-u000003
    resourceVersion: "1537546"
    uid: b38b79ba-639a-4e00-b609-026f6eeef145
    spec:
    config: '{ "cniVersion": "0.3.1", "name": "sriov-network", "plugins": [ { "type":
    "sriov", "vlan": 20, "ippool": "sriov7", "ipam": { "type": "robin-ipam" }, {"type": "sbr"} ] }'

IPAM Response

{"cniVersion": "0.3.1", "dns": {}, "ips": [{"version": "6", "address": "fd74:ca9b:3a09:8687:00c0:00a8:0001:0089/64", "gateway": "fd74:ca9b:3a09:8687:00c0:00a8:0001:0001"}, {"version": "6", "address": "fd74:ca9b:3a09:868e:00c0:00a8:000b:009c/64", "gateway": "fd74:ca9b:3a09:868e::0001"}]}

@svallala
Copy link

@anuragensemble I don't see the subnet check in the code before adding the routes. Can you point me to the snippet where the subnet check is performed.

I still see following behavior with the latest code

4: eth0@if15806: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP
inet6 fd74:ca9b:3a09:868c:172:18:0:7b06/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::b024:2cff:fef5:a2ed/64 scope link
valid_lft forever preferred_lft forever
80: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 state UP qlen 1000
inet6 fd74:ca9b:3a09:868d:c0:a8:b:91/64 scope global
valid_lft forever preferred_lft forever
inet6 fd74:ca9b:3a09:868a:c0:a8:1:6d/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::78cc:44ff:fec7:c19a/64 scope link
valid_lft forever preferred_lft forever

[root@sbr-1-9899bcc95-bhb9j pktgen]# ip -6 route
fd74:ca9b:3a09:868c:172:18:0:7b06 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::ecee:eeff:feee:eeee dev eth0 metric 1024 pref medium
[root@sbr-1-9899bcc95-bhb9j pktgen]# ip -6 rule
0: from all lookup local
32764: from fd74:ca9b:3a09:868d:c0:a8:b:91 lookup 101
32765: from fd74:ca9b:3a09:868a:c0:a8:1:6d lookup 100
32766: from all lookup main

[root@sbr-1-9899bcc95-bhb9j pktgen]# ip -6 route show table 100
fd74:ca9b:3a09:868a::/64 dev eth1 proto kernel metric 256 mtu 9000 pref medium
fd74:ca9b:3a09:868d::/64 dev eth1 proto kernel metric 256 mtu 9000 pref medium
fe80::/64 dev eth1 proto kernel metric 256 mtu 9000 pref medium

[root@sbr-1-9899bcc95-bhb9j pktgen]# ip -6 route show table 101
fd74:ca9b:3a09:868a::/64 dev eth1 proto kernel metric 256 mtu 9000 pref medium
fd74:ca9b:3a09:868d::/64 dev eth1 proto kernel metric 256 mtu 9000 pref medium
fe80::/64 dev eth1 proto kernel metric 256 mtu 9000 pref medium
default via fd74:ca9b:3a09:868d::1 dev eth1 metric 1024 pref medium

As you can see the last two tables have a route entry that should not be present.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
5 participants