Enable IPv6 on OVS internal port if needed in bridging mode #5409
Conversation
antoninbas
force-pushed
the
do-not-move-uplink-ipv6-addresses-in-bridging-mode
branch
from
cdef240 to
5c3d447
Compare
|
Is it possible to check the "sysctl parameter" or some other flag and then move IPv6 addresses on success and log a warning on failure? |
|
@gran-vmv we can use sysctl, which is why I wrote in the comment:
However, can you clarify why moving the IPv6 address is needed with the current code? I saw a couple of TODOs in the code for IPv6. For example, IPv6 routes are not currently handled (saved / restored): antrea/pkg/agent/agent_linux.go Lines 141 to 146 in 35c113b |
For current change, I think it is acceptable, but we might add this in release notes since this is a behavior change. |
|
I spent more time thinking about this today. In the end, I think that it makes more sense to do the sysctl approach right away. Not moving the IPv6 address could mean an unexpected loss of IPv6 connectivity for users. I will update the PR. |
antoninbas
force-pushed
the
do-not-move-uplink-ipv6-addresses-in-bridging-mode
branch
from
5c3d447 to
01de22d
Compare
antoninbas
changed the title
antoninbas
force-pushed
the
do-not-move-uplink-ipv6-addresses-in-bridging-mode
branch
from
01de22d to
fce3cbd
Compare
|
/test-flexible-ipam-e2e |
antoninbas
force-pushed
the
do-not-move-uplink-ipv6-addresses-in-bridging-mode
branch
from
fce3cbd to
d7c2d91
Compare
|
/test-flexible-ipam-e2e |
1 similar comment
|
/test-flexible-ipam-e2e |
|
In commit message:
"such an situation" |
The uplink interface may have an IPv6 address, while the interface created by OVS for the internal port may not support IPv6. For example, such a situation has been observed in a Kind cluster, with IPv6 enabled on the uplink but disbled by default on new interfaces: ``` root@kind-worker:/# sysctl net.ipv6.conf.all.disable_ipv6 net.ipv6.conf.all.disable_ipv6 = 1 root@kind-worker:/# sysctl net.ipv6.conf.default.disable_ipv6 net.ipv6.conf.default.disable_ipv6 = 1 root@kind-worker:/# sysctl net.ipv6.conf.eth0.disable_ipv6 net.ipv6.conf.eth0.disable_ipv6 = 0 ``` When we detect that uplink addresses include an IPv6 address, we will now ensure that IPv6 is enabled on the bridge port (using sysctl), before attempting to move the addresses over. If it fails, we will proceed with the rest of the initialization, but moving the IP addresses to the bridge is very likely to be unsuccessful in that case. We also make bridge cleanup more robust, by saving all uplink IP addresses in the uplink config, and using the saved values to restore the uplink interface. This ensures that cleanup can succeed, even if bridge configuration failed half-way, as was the case in antrea-io#5368. Fixes antrea-io#5368 Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas
force-pushed
the
do-not-move-uplink-ipv6-addresses-in-bridging-mode
branch
from
d7c2d91 to
0aa1261
Compare
|
/test-all |
antoninbas
added
area/ipam
|
I will backport to 1.13 |
antoninbas
deleted the
do-not-move-uplink-ipv6-addresses-in-bridging-mode
branch
Enable IPv6 on OVS internal port if needed in bridging mode
The uplink interface may have an IPv6 address, while the interface
created by OVS for the internal port may not support IPv6. For example,
such a situation has been observed in a Kind cluster, with IPv6 enabled
on the uplink but disabled by default on new interfaces:
When we detect that uplink addresses include an IPv6 address, we will
now ensure that IPv6 is enabled on the bridge port (using sysctl),
before attempting to move the addresses over. If it fails, we will
proceed with the rest of the initialization, but moving the IP addresses
to the bridge is very likely to be unsuccessful in that case.
We also make bridge cleanup more robust, by saving all uplink IP
addresses in the uplink config, and using the saved values to restore
the uplink interface. This ensures that cleanup can succeed, even if
bridge configuration failed half-way, as was the case in #5368.
Fixes #5368
Signed-off-by: Antonin Bas abas@vmware.com