Skip to content

Commit

Permalink
Update Node's MAC address to the Node's annotation for direct routing
Browse files Browse the repository at this point in the history
To bypass Windows host network when forwarding Pod egress traffic in
noencap mode, antrea-agent needs to know peer Nodes' MAC addresses so
that it can configure Openflow rules which route the packets to underlay
network via uplink interface directly.

To discover the MAC addresses, the PR makes each antrea-agent report its
uplink's MAC address to the Node's annotation, then other agents can get
it when the NodeRouteController configures route/flows to this Node.
  • Loading branch information
tnqn committed May 11, 2021
1 parent e50142c commit 34effe8
Show file tree
Hide file tree
Showing 10 changed files with 55 additions and 6 deletions.
1 change: 1 addition & 0 deletions build/yamls/antrea-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2918,6 +2918,7 @@ rules:
- get
- watch
- list
- patch
- apiGroups:
- ""
resources:
Expand Down
1 change: 1 addition & 0 deletions build/yamls/antrea-eks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2918,6 +2918,7 @@ rules:
- get
- watch
- list
- patch
- apiGroups:
- ""
resources:
Expand Down
1 change: 1 addition & 0 deletions build/yamls/antrea-gke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2918,6 +2918,7 @@ rules:
- get
- watch
- list
- patch
- apiGroups:
- ""
resources:
Expand Down
1 change: 1 addition & 0 deletions build/yamls/antrea-ipsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2918,6 +2918,7 @@ rules:
- get
- watch
- list
- patch
- apiGroups:
- ""
resources:
Expand Down
1 change: 1 addition & 0 deletions build/yamls/antrea.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2918,6 +2918,7 @@ rules:
- get
- watch
- list
- patch
- apiGroups:
- ""
resources:
Expand Down
1 change: 1 addition & 0 deletions build/yamls/base/agent-rbac.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ rules:
- get
- watch
- list
- patch
- apiGroups:
- ""
resources:
Expand Down
27 changes: 25 additions & 2 deletions pkg/agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package agent

import (
"context"
"encoding/json"
"fmt"
"net"
"os"
Expand All @@ -25,8 +26,10 @@ import (

"github.com/containernetworking/plugins/pkg/ip"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
apitypes "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
clientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/util/retry"
"k8s.io/klog"

"github.com/vmware-tanzu/antrea/pkg/agent/cniserver"
Expand Down Expand Up @@ -637,11 +640,31 @@ func (i *Initializer) initNodeLocalConfig() error {

ipAddr, err := noderoute.GetNodeAddr(node)
if err != nil {
return fmt.Errorf("failed to obtain local IP address from k8s: %w", err)
return fmt.Errorf("failed to obtain local IP address from K8s: %w", err)
}
localAddr, localIntf, err := util.GetIPNetDeviceFromIP(ipAddr)
if err != nil {
return fmt.Errorf("failed to get local IPNet: %v", err)
return fmt.Errorf("failed to get local IPNet device with IP %v: %v", ipAddr, err)
}

// Update the Node's MAC address in the annotations of the Node. The MAC address will be used for direct routing by
// OVS in noencap case on Windows Nodes. As a mixture of Linux and Windows nodes is possible, Linux Nodes' MAC
// addresses should be reported too to make them discoverable for Windows Nodes.
if i.networkConfig.TrafficEncapMode.SupportsNoEncap() {
klog.Infof("Updating Node MAC annotation")
patch, _ := json.Marshal(map[string]interface{}{
"metadata": map[string]interface{}{
"annotations": map[string]string{
types.NodeMACAddressAnnotationKey: localIntf.HardwareAddr.String(),
},
},
})
if err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
_, err := i.client.CoreV1().Nodes().Patch(context.TODO(), nodeName, apitypes.MergePatchType, patch, metav1.PatchOptions{})
return err
}); err != nil {
return err
}
}

i.nodeConfig = &config.NodeConfig{
Expand Down
6 changes: 3 additions & 3 deletions pkg/agent/agent_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func (i *Initializer) prepareHostNetwork() error {
// Create HNS network.
subnetCIDR := i.nodeConfig.PodIPv4CIDR
if subnetCIDR == nil {
return fmt.Errorf("Failed to find valid IPv4 PodCIDR")
return fmt.Errorf("failed to find valid IPv4 PodCIDR")
}
return util.PrepareHNSNetwork(subnetCIDR, i.nodeConfig.NodeIPAddr, adapter)
}
Expand All @@ -82,7 +82,7 @@ func (i *Initializer) prepareOVSBridge() error {
hnsNetwork, err := hcsshim.GetHNSNetworkByName(util.LocalHNSNetwork)
defer func() {
// prepareOVSBridge only works on windows platform. The operation has a chance to fail on the first time agent
// starts up when OVS bridge uplink and local inteface have not been configured. If the operation fails, the
// starts up when OVS bridge uplink and local interface have not been configured. If the operation fails, the
// host can not communicate with external network. To make sure the agent can connect to API server in
// next retry, this step deletes OVS bridge and HNS network created previously which will restore the
// host network.
Expand Down Expand Up @@ -144,7 +144,7 @@ func (i *Initializer) prepareOVSBridge() error {

// Move network configuration of uplink interface to OVS bridge local interface.
// - The net configuration of uplink will be restored by OS if the attached HNS network is deleted.
// - When ovs-switchd is down, antrea-agent will disable OVS Extension. The OVS bridge local interface will work
// - When ovs-vswitchd is down, antrea-agent will disable OVS Extension. The OVS bridge local interface will work
// like a normal interface on host and is responsible for forwarding host traffic.
if err = util.EnableHostInterface(brName); err != nil {
return err
Expand Down
20 changes: 20 additions & 0 deletions pkg/agent/types/annotations.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
// Copyright 2021 Antrea Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package types

const (
// NodeMACAddressAnnotationKey represents the key of the Node's MAC address in the Annotations of the Node.
NodeMACAddressAnnotationKey string = "node.antrea.io/mac-address"
)
2 changes: 1 addition & 1 deletion pkg/agent/util/net_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -400,7 +400,7 @@ func GetLocalBroadcastIP(ipNet *net.IPNet) net.IP {
return lastAddr
}

// GetDefaultGatewayByInterfaceIndex returns the default gateway configured on the speicified interface.
// GetDefaultGatewayByInterfaceIndex returns the default gateway configured on the specified interface.
func GetDefaultGatewayByInterfaceIndex(ifIndex int) (string, error) {
cmd := fmt.Sprintf("$(Get-NetRoute -InterfaceIndex %d -DestinationPrefix 0.0.0.0/0 ).NextHop", ifIndex)
defaultGW, err := CallPSCommand(cmd)
Expand Down

0 comments on commit 34effe8

Please sign in to comment.