-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not delete IPv6 link-local route in reconciler #5483
Conversation
pkg/agent/route/route_linux.go
Outdated
// A route destined to an IPv6 link-local CIDR is always system auto-generated along with a link-local | ||
// address, which is not configured by antrea and is supposed to be ignored in the "deletion" list. | ||
// Such routes are helpful in some case, e.g., IPv6 NDP. | ||
if route.Dst.IP != nil && route.Dst.IP.IsLinkLocalUnicast() && route.Dst.IP.To4() == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IPNet won't have a nil IP
, the first check can be removed. L902 never check it as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, updated.
b46b3f2
to
1375b18
Compare
pkg/wfp/interfaces.go
Outdated
@@ -0,0 +1,62 @@ | |||
package wfp |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove the file
To prevent regression in the future, can we improve |
1375b18
to
d6d97e6
Compare
/test-all |
pkg/agent/route/route_linux.go
Outdated
// A route destined to an IPv6 link-local CIDR is always system auto-generated along with a link-local | ||
// address, which is not configured by antrea and is supposed to be ignored in the "deletion" list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should also add the route to
antrea/pkg/agent/route/route_linux.go
Lines 280 to 285 in 99a5f25
gwAutoconfRoutes = append(gwAutoconfRoutes, &netlink.Route{ | |
LinkIndex: c.nodeConfig.GatewayConfig.LinkIndex, | |
Dst: c.nodeConfig.PodIPv6CIDR, | |
Src: c.nodeConfig.GatewayConfig.IPv6, | |
Scope: netlink.SCOPE_LINK, | |
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated.
d6d97e6
to
df41b48
Compare
/test-ipv6-all |
/test-conformance |
/test-ipv6-only-e2e |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, one question
Please update the commit message to reflect the actual change: it will restore the link-local route if it doesn't exist. |
df41b48
to
521ea55
Compare
8c037f6
to
006fb1e
Compare
/test-all |
006fb1e
to
a081673
Compare
/test-all |
The IPv6 e2e failure is not related with this change, using another issue #5492 to track it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall, one nit.
a081673
to
b5f844e
Compare
pkg/agent/route/route_linux.go
Outdated
// The system auto-generated IPv6 link-local route always uses "fe80::/64" | ||
// as the destination regardless of the interface's global address's mask. | ||
llRouteDstv6 := "fe80::/64" | ||
_, llrCIDR, _ := net.ParseCIDR(llRouteDstv6) | ||
routeKey := func(r *netlink.Route) string { | ||
if r.Dst.String() == llRouteDstv6 { | ||
// Use "$Dst_$linkIndex" as the key of IPv6 link-local route because | ||
// such route entry is auto-configured on each net interface. | ||
return fmt.Sprintf("%s_%d", r.Dst.String(), r.LinkIndex) | ||
} | ||
return r.Dst.String() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can make it more generic, instead of making a map with different kinds of keys and later compare the values, the routes could be saved in a set, item of which contains only the fields we care about:
type routeKey struct {
LinkIndex int
Dst string
Gw string
}
routeKeys := sets.New[routeKey]()
for _, route := range routeList {
routeKeys.Insert(routeKey{
LinkIndex: route.LinkIndex,
Dst: route.Dst.String(),
Gw: route.Gw.String(),
})
}
restoreRoute := func(route *netlink.Route) bool {
if routeKeys.Has(routeKey{
LinkIndex: route.LinkIndex,
Dst: route.Dst.String(),
Gw: route.Gw.String(),
}) {
return true
}
if err := c.netlink.RouteReplace(route); err != nil {
klog.ErrorS(err, "Failed to sync route", "Route", route)
return false
}
return true
}
b5f844e
to
bd0ba05
Compare
pkg/agent/route/route_linux.go
Outdated
// The system auto-generated IPv6 link-local route always uses "fe80::/64" | ||
// as the destination regardless of the interface's global address's mask. | ||
llRouteDstv6 := "fe80::/64" | ||
_, llrCIDR, _ := net.ParseCIDR(llRouteDstv6) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Static value could be declared as global variable to avoid repeated parse, following
antrea/pkg/agent/route/route_linux.go
Line 88 in 99b539d
globalVMAC, _ = net.ParseMAC("aa:bb:cc:dd:ee:ff") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated
In the existing code, the IPv6 link-local route on antrea-gw0 is deleted in route reconcile, which results in the IPv6 Neighbor Solicitation sent from Pod's link-local address is dropped on the Node by kenel reverse path filtering, and Pod would mark the antrea-gw0 as a "FAILED" neighbor. Then the Pod's accross Node traffic or the Pod-to-external traffic does not work as expected. This change includes, 1. Do not delete IPv6 link-local routes in the reconcile function, 2. Restore IPv6 link-local route in syncRoute function. Signed-off-by: wenyingd <wenyingd@vmware.com>
bd0ba05
to
f23830a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/test-all |
/test-ipv6-e2e |
In the existing code, the IPv6 link-local route on antrea-gw0 is deleted in
route reconcile, which results in the IPv6 Neighbor Solicitation sent from Pod's
link-local address is dropped on the Node by kenel reverse path filtering, and
Pod would mark the antrea-gw0 as a "FAILED" neighbor. Then the Pod's accross
Node traffic or the Pod-to-external traffic does not work as expected.
This change includes,
Fix: #5482