Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix potential blackholing/looping traffic when link-local was used and refresh ipv6 neighbor to avoid CPU hit #1904

Merged
merged 4 commits into from
Aug 12, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions build_debian.sh
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_notify 1
set /files/etc/sysctl.conf/net.ipv4.conf.all.arp_ignore 2

set /files/etc/sysctl.conf/net.ipv4.neigh.default.base_reachable_time_ms 1800000
set /files/etc/sysctl.conf/net.ipv6.neigh.default.base_reachable_time_ms 1800000

set /files/etc/sysctl.conf/net.ipv6.conf.default.forwarding 1
set /files/etc/sysctl.conf/net.ipv6.conf.all.forwarding 1
Expand Down
1 change: 1 addition & 0 deletions dockers/docker-orchagent/Dockerfile.j2
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ RUN apt-get update

RUN apt-get install -f -y ifupdown arping libdbus-1-3 libdaemon0 libjansson4

RUN apt-get install -f -y ndisc6
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add this into vs docker? we need to replicate same env in the vs.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

## Install redis-tools dependencies
## TODO: implicitly install dependencies
RUN apt-get -y install libjemalloc1
Expand Down
34 changes: 32 additions & 2 deletions files/scripts/arp_update
Original file line number Diff line number Diff line change
@@ -1,10 +1,28 @@
#!/bin/bash
#
# usage:
# arp_update: Send gratuitous ARP requests to VLAN member neighbors to refresh
# the neighbors state.
# arp_update:
# Send ipv6 multicast pings to all "UP" L3 interfaces including vlan interfaces to
# refresh link-local addresses from neighbors.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a concern if the vlan have many neighbors? one multicast ping will get reply from all neighbors?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, by standard all neighbors should reply to ff02::1, so it will get reply from all neighbors.
Also verified it and it worked as expected.

# Send gratuitous ARP/NDP requests to VLAN member neighbors to refresh
# the ipv4/ipv6 neighbors state.

while /bin/true; do
# find L3 interfaces which are UP, send ipv6 multicast pings
echo "{% for (name, prefix) in INTERFACE %} {{name}} {% endfor %}" > /tmp/intf_tmp.j2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would need to handle PORTCHANNEL_INTERFACE as well

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Zhen. Can we concatenate INTERFACE and PC_INTERFACE and do one for-loop. It will avoid the duplicate code.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

INTERFACE=`sonic-cfggen -d -t /tmp/intf_tmp.j2`
echo "{% for (name, prefix) in PORTCHANNEL_INTERFACE %} {{name}} {% endfor %}" > /tmp/pc_intf_tmp.j2
PC_INTERFACE=`sonic-cfggen -d -t /tmp/pc_intf_tmp.j2`

ALL_INTERFACE="$INTERFACE $PC_INTERFACE"
for intf in $ALL_INTERFACE; do
ping6cmd="ping6 -I $intf -n -q -i 0 -c 1 -W 0 ff02::1 >/dev/null"
intf_up=$(ip link show $intf | grep "state UP")
if [[ -n "$intf_up" ]]; then
eval $ping6cmd
fi
done

VLAN=`sonic-cfggen -d -v 'VLAN.keys() | join(" ") if VLAN'`
for vlan in $VLAN; do
# generate a list of arping commands:
Expand All @@ -15,6 +33,18 @@ while /bin/true; do
ipcmd="ip -4 neigh show | grep $vlan | cut -d ' ' -f 1,3 | $arpingcmd"

eval `eval $ipcmd`

# send ipv6 multicast pings to Vlan interfaces to get/refresh link-local addrs
ping6cmd="ping6 -I $vlan -n -q -i 0 -c 1 -W 0 ff02::1 >/dev/null"
eval $ping6cmd

# generate a list of ndisc6 commands (exclude link-local addrs since it is done above):
# ndisc6 -q -w 0 -1 <IP 1> <VLAN interface>;
# ndisc6 -q -w 0 -1 <IP 2> <VLAN interface>;
# ...
ndisc6cmd="sed -e 's/^/ndisc6 -q -w 0 -1 /' -e 's/$/;/'"
ip6cmd="ip -6 neigh show | grep -v fe80 | grep $vlan | cut -d ' ' -f 1,3 | $ndisc6cmd"
eval `eval $ip6cmd`
done
sleep 300
done
1 change: 1 addition & 0 deletions platform/vs/docker-sonic-vs/Dockerfile.j2
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ RUN apt-get update

RUN apt-get install -y net-tools \
arping \
ndisc6 \
ethtool \
tcpdump \
ifupdown \
Expand Down