Add new ipip backend #842
Add new ipip backend #842
Conversation
There was a problem hiding this comment.
Thanks for your contribution! I've taken a quick look and I have a few comments. I'll take a more thorough look next week.
Could you also add IPIP to the end to end tests. It should be as simple as just adding a few lines like this to https://github.com/coreos/flannel/blob/master/dist/functional-test.sh#L88 and to functional-test-k8s.sh
backend/ipip/ipip.go
Outdated
| } | ||
|
|
||
| func New(sm subnet.Manager, extIface *backend.ExternalInterface) (backend.Backend, error) { | ||
| if !extIface.ExtAddr.Equal(extIface.IfaceAddr) { |
There was a problem hiding this comment.
Are you sure you want this check?
There was a problem hiding this comment.
I don't have an environment to test this and currently removed this check.
backend/ipip/ipip.go
Outdated
|
|
||
| const ( | ||
| backendType = "ipip" | ||
| tunnelName = "tunl0" |
There was a problem hiding this comment.
Vxlan uses flannel.<VNI> for the tunnel device and UDP uses flannel0 I think it would be good if IPIP also used flannel in the tunnel device name. Maybe just flannel.ipip
There was a problem hiding this comment.
Instead of using tunl0 device, created a new flanneld.ipip ipip device. As a effect of this we should set flanneld.ipip‘s local ip to public ip, or kernel will forward packets to tunl0.
There was a problem hiding this comment.
I don't understand your comment about setting the IP address for flanneld.ipip to the public. Could you explain some more?
There was a problem hiding this comment.
tunl0 is an namespace default device with IPIP attributes local=any and remote=any.
If we create another IPIP device flannel.ipip with local=any and remote=any. It seems when receiving IPIP protocol packets, kernel will forward them to tunl0 as a fallback device instead of flannel.ipip. See https://github.com/torvalds/linux/blob/master/net/ipv4/ip_tunnel.c#L85-L96 .
So we have two options here, either rename tunl0 to flannel.ipip or setting local attribute of flannel.ipip to distinguish these two devices. Considering tunl0 might be used by user, so I choose the later option.
backend/ipip/ipip.go
Outdated
| const ( | ||
| backendType = "ipip" | ||
| tunnelName = "tunl0" | ||
| tunnelMaxMTU = 1480 |
There was a problem hiding this comment.
Why do you have a maximum MTU?
There was a problem hiding this comment.
Made 1480 as a default MTU and made MTU configurable.
Documentation/backends.md
Outdated
| @@ -115,4 +115,5 @@ IPIP kind of tunnels is the simplest one. It has the lowest overhead, but can in | |||
|
|
|||
| Type: | |||
| * `Type` (string): `ipip` | |||
| * `MTU` (number): The mtu of ipip device. Defaults to 1480. | |||
There was a problem hiding this comment.
Can you write a little more here to help guide users. Why is this this value? Why and when would a user want to change it? And what value would they change it to?
dist/functional-test.sh
Outdated
| @@ -110,6 +116,12 @@ test_udp_perf() { | |||
| perf | |||
| } | |||
|
|
|||
| test_ipip_perf() { | |||
| write_config_etcd ipip | |||
| create_ping_dest | |||
|
I added a few more comments (including this one which might be hidden #842 (comment)) |
chenchun
force-pushed
the
iptun
branch
3 times, most recently
from
fb2550f to
399f1ce
Compare
|
@tomdee PTAL |
backend/ipip/ipip.go
Outdated
| @@ -0,0 +1,176 @@ | |||
| // Copyright 2015 flannel authors | |||
There was a problem hiding this comment.
Can you update the copyright lines to 2017 please.
|
Hi @chenchun I want to make sure I understand the design for this fully before merging it. If I understand your comment (#842 (comment)) and the code correctly then you're not setting a "remote" but you are setting the "local" address to the public IP. Can you confirm what effects this has? Which address will be used as the source IP address for packets that originate from the host network namespace? And what if the public IP isn't the same as an IP address on the host, then you can't actually use it? I also have some questions about the MTU settings. On the vxlan backend, the vxlan tunnel device is associated with a physical ethernet device on the host. This is what is used to determine the MTU value to use. Flanneld will always have an interface that it chooses (specified with the So maybe the best option would be to "local" address to the address of the interface that flannel selects and also use that as the for the MTU? |
|
When I run your code I'm seeing two IPIP devices, is that expected? |
|
Also, one final request: Would you mind adding some comments to your code explain why it's written like it is. For some examples of the style, see the vxlan code - e.g. https://github.com/coreos/flannel/blob/master/backend/vxlan/device.go#L108 |
My mistake. I originally had a check if PublicIP is the same as IfaceAddr and I assumed they are equal. Now that I removed this check, I will change the "local" address to the IfaceAddr.
I agree.
Yes, this is expected. tunl0 is created by the ipip kernel module itself and it is not used by this ipip backend. |
chenchun
force-pushed
the
iptun
branch
2 times, most recently
from
e039ff7 to
eb0f9b4
Compare
|
The last update removed MTU param from backend configuration. We may not need it since we calculate it based on |
backend/ipip/ipip.go
Outdated
| } | ||
|
|
||
| // Don't set remote attribute making flannel.ipip an one to many tunnel device. | ||
| if (ipip.Local != nil && !ipip.Local.Equal(be.extIface.IfaceAddr)) || (ipip.Remote != nil && ipip.Remote.String() != "0.0.0.0") { |
There was a problem hiding this comment.
I don't think that just returning an error here is good enough. If there's a flannel.ipip that isn't an ipip device then it wasn't created by flannel, so in that case it's best to just return an error. But in this case, the local address can change between flannel restarts, so flannel should be able to recreate the device and not just return an error. You should follow similar logic to vxlan (see the ensureLink function), it should delete and recreate the device if the config changes
backend/ipip/ipip.go
Outdated
| oldMTU := link.Attrs().MTU | ||
| if oldMTU > expectMTU || oldMTU == 0 { | ||
| glog.Infof("current MTU of %s is %d, setting it to %d", tunnelName, oldMTU, expectMTU) | ||
| err := netlink.LinkSetMTU(link, expectMTU) |
There was a problem hiding this comment.
Does this need to explicitly set the link to down first?
There was a problem hiding this comment.
I couldn't find any reference that saying setting down the link first. I think changing MTU on the fly is ok.
From http://linux-ip.net/html/tools-ip-link.html
B.3.5. Using ip link set to change the MTU
The remaining options to the ip link command cannot be used while the interface is in an UP state.
backend/ipip/ipip.go
Outdated
| return nil, fmt.Errorf("failed to set %v UP: %v", tunnelName, err) | ||
| } | ||
|
|
||
| existingAddrs, err := netlink.AddrList(link, netlink.FAMILY_V4) |
There was a problem hiding this comment.
I think this next section of code is identical to the vxlan code, could you extract the code into a common package?
backend/ipip/ipip_network.go
Outdated
| @@ -0,0 +1,216 @@ | |||
| // Copyright 2017 flannel authors | |||
There was a problem hiding this comment.
Much of this file is the same as the host-gw code. It would be great if the common code could be pulled out (and then it could be shared by the vxlan code too but I would do that in a followup PR).
There was a problem hiding this comment.
Added RouteNetwork in common.go.
|
Hi @chenchun I've looked at this code some more and realized how similar so much of is it to existing flannel code. It would be great to refactor and pull out the common code. A few other things that need to happen before this can be released (but not necessarily before this PR is merged)
|
chenchun
force-pushed
the
iptun
branch
5 times, most recently
from
517827a to
0444147
Compare
chenchun
force-pushed
the
iptun
branch
3 times, most recently
from
efadee3 to
df5617a
Compare
Signed-off-by: forrestchen <forrestchen@tencent.com> Signed-off-by: Chun Chen <ramichen@tencent.com> IPIP backend update - Rename ipip device to flannel.ipip - Add tests for ipip backend - Add mtu config to ipip backend - Fix invalid use of EEXIST - Remove the equal check of `IfaceAddr` and `ExtAddr` - Set MTU to 20 less than the MTU of the selected iface (specified with the --iface option) Update according to the review - Recreate flannel.ipip device if local address changes - Add `EnsureV4AddressOnLink` - Update ipip document to describe that the tunl0 device will be created but that's not a bug Merge hostgw network with ipip network
|
@chenchun and @ChenLingPeng I rebased and squashed your commits and added another commit to the PR just to make some small markups. Your original commits are at https://github.com/tomdee/flannel/tree/iptun-orig if you still want them. |
|
Ausome! Thanks for making this happen. |
Signed-off-by: forrestchen forrestchen@tencent.com
Signed-off-by: Chun Chen ramichen@tencent.com
@ChenLingPeng