Move VXLAN L2 programming to its own object. #8449
Conversation
marvin-tigera
added
release-note-required
- Remove special-case L2 logic in the RouteTable. - Add new VXLANFDB object to manage it.
Realised that the old API could result in closing a Handle before we'd finished trying to use it.
fasaxc
added
docs-not-required
fasaxc
force-pushed
the
vxlan-fdb
branch
2 times, most recently
from
d72e02c to
64bc9c2
Compare
| @@ -506,18 +507,22 @@ func NewIntDataplaneDriver(config Config) *InternalDataplane { | |||
| var routeTableVXLAN routetable.RouteTableInterface | |||
| if !config.RouteSyncDisabled { | |||
| log.Debug("RouteSyncDisabled is false.") | |||
| routeTableVXLAN = routetable.New([]string{"^vxlan.calico$"}, 4, true, config.NetlinkTimeout, | |||
| routeTableVXLAN = routetable.New([]string{"^vxlan.calico$"}, 4, config.NetlinkTimeout, | |||
There was a problem hiding this comment.
Should build the regex here from VXLANIfaceNameV4, and similarly below for the v6 case.
| @@ -140,7 +151,6 @@ func newVXLANManager( | |||
| brt = routetable.New( | |||
There was a problem hiding this comment.
It looks messy, in the v6 case, to construct a v4 route table and then immediately discard it. Is it worth fixing that too while you're here?
| func (t *mockVXLANFDB) SetVTEPs(targets []vxlanfdb.VTEP) { | ||
| log.WithFields(log.Fields{ | ||
| "targets": targets, | ||
| }).Debug("SetL2Routes") |
| @@ -127,6 +127,8 @@ const ( | |||
| FailNextRouteDel | |||
| FailNextAddARP | |||
| FailNextNeighSet | |||
| FailNextNeighDel | |||
| FailNextNeighList | |||
There was a problem hiding this comment.
Note, if my counting is correct, we're now using 31 bits here. Only one more spare? Or are we OK to go past 32?
There was a problem hiding this comment.
I'll bump it up to a uint64.
| } | ||
| } | ||
|
|
||
| func (d *MockNetlinkDataplane) ExpectNeighs(family int, neigh3s ...netlink.Neigh) { |
|
|
||
| type VTEP struct { | ||
| // HostIP is the node's real IP address; the IP that we send the | ||
| // VXLAN packets to. |
There was a problem hiding this comment.
Can you add "remote" here, if this really means the remote node's IP address.
| // kernel what MAC address to use for the inner ethernet frame inside the | ||
| // VXLAN packet. FDB entries tell the kernel what IP address to use for the | ||
| // outer IP header, given a particular inner MAC. So, ARP maps IP->(inner)MAC; | ||
| // FDB maps (inner)MAC->(outer)IP. |
There was a problem hiding this comment.
This is incredibly useful, but I think it could be even better if you added the remote VXLAN route to complete the overall process:
<pod block CIDR> via <VXLAN device> gw <tunnel IP> onlink- ARP table resolves
<tunnel IP>to a (fictitious!)<tunnel MAC> - FDB table maps
<tunnel MAC>to remote node IP.
Maybe also helpful to point out that the MAC is fictitious. (Assuming I'm right about that!)
There was a problem hiding this comment.
The tunnel MAC is actually used in the packet. I think we usually derive it from the IP address but we also support carrying it in the datamodel.
| @@ -522,3 +523,34 @@ func SafeParseLogLevel(logLevel string) log.Level { | |||
| } | |||
| return defaultedLevel | |||
| } | |||
|
|
|||
| // TestingTWriter adapts a *testing.T as a Writer so it can be used as a target | |||
| // for logrus. | |||
There was a problem hiding this comment.
Could do with more exposition about how this is helpful, and maybe point to an example.
There was a problem hiding this comment.
Need copyright update - do you not have a commit hook to check this?
| log.WithField("entry", entry).Debug("Deleting ARP entry.") | ||
| } | ||
| neigh := entryToNeigh(entry) | ||
| if err := nl.NeighDel(neigh); err != nil && !errors.Is(err, unix.ENOENT) { |
There was a problem hiding this comment.
IIUC, here is where the point that you mentioned comes into play, about NeighDel on a constructed neigh, instead of on one returned by NeighList. Am I right that you could eliminate this delta by passing the whole neigh as the value of the delta tracker, instead of ipMacMapping? If so, I suppose the advantage of ipMacMapping is that you can use the same value for both trackers, whereas with the whole neigh you'd need two slightly different neighs.
I think the code is OK as it is; just commenting to check my understanding, and to point out the possibility in case it was appealing.
There was a problem hiding this comment.
Yes, exactly, I could keep the value read from the dataplane but then I'd need a custom comparison function in the DeltaTracker, which adds a few more corner cases to think about.
Description
Related issues/PRs
CORE-9902
Todos
Release Note
Reminder for the reviewer
Make sure that this PR has the correct labels and milestone set.
Every PR needs one
docs-*label.docs-pr-required: This change requires a change to the documentation that has not been completed yet.docs-completed: This change has all necessary documentation completed.docs-not-required: This change has no user-facing impact and requires no docs.Every PR needs one
release-note-*label.release-note-required: This PR has user-facing changes. Most PRs should have this label.release-note-not-required: This PR has no user-facing changes.Other optional labels:
cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.