[WIP] Rework route programming to solve various problems #8393

fasaxc · 2024-01-05T15:35:17Z

Description

Will likely break this into smaller PRs before it's ready to merge...

Refactor RouteTable:
- Key kernel routes using same tuple as the kernel in a DeltaTracker. Aligning the keying means that conflicts can't occur at this layer.
- Resolve in-table conflicts in userspace; only the winning route gets put in the tracker.
- Figure out correct wildcarding of routes for deletion.
- Use RouteReplace to overwrite routes. Means that, if we do conflict with a route that appears to be a non-Calico route, we'll overwrite it. On balance I think this is the best thing to do; the number one cause of such problems is that Felix has been reconfigured and the old route was a Calico route from before the reconfiguration. If we've been configured to use the same IP space as something else then that's already broken.
Resolve conflicts between different routing table views by adding metric/priority to each view; from lowest metric (most preferred) to highest:
- Local workload routes.
- Cross-subnet routes
- VXLAN tunneled routes
- Default "blackhole" routes for IPAM blocks.
Routes with different metrics can co-exist in the kernel so the different views can't clobber each other, even transiently (and the behaviour during an overlay is sane).
Move VXLAN layer 2 handling to its own object, managed separately from the RouteTable. The L2 state is basically independent of Routes so there's no need to do it in the same object.
Move creation of cross-subnet routing table to main goroutine to avoid races. Fix handling of parent interface change.

Related issues/PRs

Todos

Tests
Documentation
Release note

Release Note

TBD

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

docs-pr-required: This change requires a change to the documentation that has not been completed yet.
docs-completed: This change has all necessary documentation completed.
docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

release-note-required: This PR has user-facing changes. Most PRs should have this label.
release-note-not-required: This PR has no user-facing changes.

Other optional labels:

cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

Previously, there were two problems: - The routing table was no updated to use the new parent. - Even after restarting felix, the routing table was unable to clean up the old routes. Fix is in two parts: - Add a default-enabled feature flag to force cleanup of conflicting routes. - Move creation of the no-encap routing table to the main loop and recreate it when the parent changes. Also noticed that KeepVXLANDeviceInSync could take a long time to respond to changes, add a kick channel. Move feature gates to the feature detector. Avoid needing to pass yet another object to 30 places.

Much cleaner, kernel does the conflict resolution.

…lict routes. Fix route deletion.

Covers case wehre RouteTable is created after start-of-day.

in all cases.

- Avoid using 'lo''s ifindex. - Make LinkNotFoundError valid.

… to program.

fasaxc · 2024-01-25T14:16:33Z

Closing in favour of #8418; I abandoned the routing metric idea so I don't think it's a good stepping stone

fasaxc added 20 commits November 30, 2023 14:56

Markups.

15501e8

Markups.

8c611e6

Markups.

1316c06

Only delete conflicting routes on retry.

c9c560a

Switch to RouteReplace.

4020b73

Much cleaner, kernel does the conflict resolution.

WIP on porting RouteTable to use DeltaTracker.

7230d00

WIP on delta tracker routing table.

7933580

WIP

f5e7825

Fixes, get route conflict test passing

3e8b88e

Add debug regex capabitlity to FV infra.

188603c

Add route metric support to route table, use to fix local/remote conf…

80dff05

…lict routes. Fix route deletion.

Move VXLAN FDB control to own object.

58015ec

Trigger FDB resync on iface up/down.

13087d3

Queue FDB resync on timer.

3ae61ba

Reinstate defensive load of link state in RouteTable

9bebc3e

Covers case wehre RouteTable is created after start-of-day.

Tune logging around VXLAN FDB.

15f6276

Merge remote-tracking branch 'origin/master' into route-delta-tracker

693a2e8

Fix read from incorrect map.

06bf761

Add grace period, WIP on fixing up wg tests.

aefb1db

marvin-tigera added this to the Calico v3.28.0 milestone Jan 5, 2024

marvin-tigera added release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Jan 5, 2024

Get dataplane tests passing.

b4dc142

fasaxc force-pushed the route-delta-tracker branch from 6fe2c60 to b4dc142 Compare January 5, 2024 16:00

fasaxc added docs-not-required Docs not required for this change and removed docs-pr-required Change is not yet documented labels Jan 5, 2024

fasaxc added 3 commits January 5, 2024 16:19

Fix unused code warnings.

f617750

WIP on fixing tests.

5140738

Track conntrack ownership to ensure cleanup happens

fc6c6c9

in all cases.

fasaxc added 8 commits January 8, 2024 15:14

Working through UT failures...

6a888a5

Adapt down interface tests to new behaviour.

03f68f0

Fix some wg tests.

4237917

- Avoid using 'lo''s ifindex. - Make LinkNotFoundError valid.

Fix ENODEV test.

4937c2a

Remove shell-out to ARP in favour of netlink.NeighSet.

813ddd2

Make static ARP optional, enable only for local workload table.

2919adc

Add inline retry to RouteTable.Apply(). Fixing lots of wireguard tests.

05df4f3

Fix wireguard tests

aeeac23

fasaxc force-pushed the route-delta-tracker branch 2 times, most recently from 6b2426c to a018495 Compare January 11, 2024 15:10

Remove NewWithShims.

f267890

fasaxc force-pushed the route-delta-tracker branch from a018495 to f267890 Compare January 11, 2024 15:18

fasaxc added 12 commits January 12, 2024 09:48

Fix IPv6 neighbour entries for VXLAN.

fef4a56

Add const for vxlan device names.

b0dee93

Better diags for adding ARP entruies.

c8e14c0

Tune some logging.

ed5c7fb

Merge remote-tracking branch 'origin/master' into route-delta-tracker

7b31c42

Improve handling of grace periods; expire them after receiving routes…

089e89b

… to program.

Fix ifindex conflicts in tests.

e195bfd

Fix that no-iface routs appeared to be for a down interface.

37b4579

Factor out conntrack deletion into new object.

1f50bef

Tweaks.

4e3380c

Fix that ARP entries were only created when the route changed.

173ee9d

Tweak ARP errors.

592ea68

fasaxc force-pushed the route-delta-tracker branch from abf2e64 to 592ea68 Compare January 18, 2024 16:44

Merge remote-tracking branch 'origin/master' into route-delta-tracker

cb799fc

fasaxc closed this Jan 25, 2024

marvin-tigera removed release-note-required Change has user-facing impact (no matter how small) docs-not-required Docs not required for this change labels Jan 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[WIP] Rework route programming to solve various problems #8393

[WIP] Rework route programming to solve various problems #8393

fasaxc commented Jan 5, 2024

fasaxc commented Jan 25, 2024

[WIP] Rework route programming to solve various problems #8393

[WIP] Rework route programming to solve various problems #8393

Conversation

fasaxc commented Jan 5, 2024

Description

Related issues/PRs

Todos

Release Note

Reminder for the reviewer

fasaxc commented Jan 25, 2024