Dev/exclude subnets from traffic shaping2 #921
Conversation
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
956ad1c
to
c1af94f
Compare
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
6 times, most recently
from
2424028
to
644ebf7
Compare
|
@oOraph thanks for this! And very good catch w.r.t. Ginkgo Measure. Can you check the lint error? |
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
644ebf7
to
6021f78
Compare
@squeed Done :) |
There was a problem hiding this comment.
Hi @oOraph I have a question about the design of the PR.
As far as I understood, this PR is going to introduce folloiwng tc filtering config.
tc qdisc add dev <interfaceName> root handle 1: htb default 30
tc class add dev <interfaceName> parent 1: classid 1:30 htb rate <rateInBits> burst <burstInBits>
tc class add dev <interfaceName> parent 1: classid 1:1 htb rate 100000000000
tc filter add dev <interfaceName> parent 1: protocol <protocol> prio 16 u32 match ip dst <subnet> flowid 1:1
It might be good to have, however, on the otherside, user may want to do opposite configurations (adding 'target CIDR' for rate limit), such as
tc qdisc add dev <interfaceName> root handle 1: htb default 30
tc class add dev <interfaceName> parent 1: classid 1:1 htb rate <rateInBits> burst <burstInBits>
tc class add dev <interfaceName> parent 1: classid 1:30 htb rate 100000000000
tc filter add dev <interfaceName> parent 1: protocol <protocol> prio 16 u32 match ip dst <subnet> flowid 1:1
Your proposed config may not fit second one. Is there any way to enhance your desin to support second config and more flexible tc configurations?
plugins/meta/bandwidth/main.go
Outdated
| for _, subnet := range subnets { | ||
| _, _, err := net.ParseCIDR(subnet) | ||
| if err != nil { | ||
| return fmt.Errorf("bad subnet provided %s, details %s", subnet, err) |
There was a problem hiding this comment.
how about to use %q for subnet (to double quote) and %v for error, to fit to other Errorf in the file?
plugins/meta/bandwidth/main.go
Outdated
| err = validateSubnets(bandwidth.NonShapedSubnets) | ||
| if err != nil { | ||
| return err | ||
| } |
There was a problem hiding this comment.
Minor, but we could change as other code does
plugins/plugins/meta/bandwidth/main.go
Lines 67 to 69 in 9d9ec6e
if err = validateSubnets(bandwidth.NonShapedSubnets); err != nil {
return err
}
|
|
||
| } | ||
|
|
||
| protocol := syscall.ETH_P_ALL |
There was a problem hiding this comment.
why protocol is all, instead of ip' or ipv6' (as you commented just above?)
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
6021f78
to
729c1d1
Compare
|
@s1061123 , about #921 (review) |
|
@oOraph Thank you to incorporate my comments! I will review code tomorrow again! |
There was a problem hiding this comment.
Hi, almost code is reasonable to me. BTW, could you provide document for that, in https://github.com/containernetworking/cni.dev ?
| var err error | ||
|
|
||
| name := "myBWnet" |
There was a problem hiding this comment.
how about to embedded the name in cni config directly (in line 47)?
| It("Should fail if specified ShapedSubnets are not valid CIDRs", func() { | ||
| err := validateSubnets([]string{}, []string{"10.0.0.0/8", "hello"}) | ||
| Expect(err).To(HaveOccurred()) | ||
| }) |
There was a problem hiding this comment.
Thank you for improve unit tests. However, on the other side, this file is now the biggest file in the repository. Could you split into several _test.go file for ease of maintenance, if you don't mind it?
There was a problem hiding this comment.
done, split the file in three:
gathered all "functional" tests in one file (tests checking the effectiveness of the shaping)
all config related tests in another
left all other tests together in the original test file
|
|
||
| // cmd = exec.Command("/usr/sbin/tc", "filter", "add", "dev", interfaceName, "parent", "1:", "protocol", protocol, | ||
| // "prio", "16", "u32", "match", "ip", "dst", subnet, "flowid", "1:1") | ||
|
|
There was a problem hiding this comment.
May remove this empty line (line:225)
| } | ||
|
|
||
| // Now add filters to redirect subnets to the class 1 if excluded instead of the default one (30) | ||
|
|
There was a problem hiding this comment.
May remove this empty line (line:220)
| keepBytes = 4 | ||
| // prio/pref needs to be changed if we change the protocol, looks like we cannot mix protocols with the same pref | ||
| prio = 16 | ||
|
|
There was a problem hiding this comment.
May remove this empty line (line:249)
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
e7ee85a
to
2e3f7d6
Compare
done -> containernetworking/cni.dev#130 |
oOraph
changed the title
|
Hello @s1061123 @MikeZappa87 :). Do you still see anything wrong or missing with this pr ? |
| @@ -0,0 +1,563 @@ | |||
| // Copyright 2018 CNI authors | |||
There was a problem hiding this comment.
Fix copyright year: 2018 -> 2023
| @@ -0,0 +1,824 @@ | |||
| // Copyright 2018 CNI authors | |||
There was a problem hiding this comment.
Fix copyright year: 2018 -> 2023
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
2e3f7d6
to
3d93935
Compare
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
3d93935
to
21cabd1
Compare
There was a problem hiding this comment.
/lgtm
Could you please address doc changes in another PR in doc repo, https://github.com/containernetworking/cni.dev?
Sure it's already done here: |
oOraph
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
21cabd1
to
adcf445
Compare
|
just rebased on upstream/main to fix lint issue |
|
This looks good. I did not run the plugin though. |
what changed: we had to refactor the bandwidth plugin and switch from a classless qdisc (tbf) to a classful qdisc (htb). subnets are to be provided in config or runtimeconfig just like other parameters unit and integration tests were also adapted in consequence unrelated changes: test fixes: the most important tests were just silently skipped due to ginkgo Measure deprecation (the ones actually checking the effectiveness of the traffic control) Signed-off-by: Raphael <oOraph@users.noreply.github.com>
…rom shaping Signed-off-by: Raphael <oOraph@users.noreply.github.com>
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
even if json unmarshalling in golang with the standard libs is case unsensitive regarding the keys Signed-off-by: Raphael <oOraph@users.noreply.github.com>
Signed-off-by: Tomofumi Hayashi <tohayash@redhat.com>
s1061123
force-pushed
the
dev/exclude_subnets_from_traffic_shapping2
branch
from
adcf445
to
ccc1cfa
Compare
|
Hi all, I am curious why we need to create ifb devices and tc rules in host-side network namespace, rather than in container-side. |
Hello @nayihz :). If I understand correctly what you mean we need to apply tc rules on host side because the container side is the user side and we do not want them to arbitrarily edit/cancel them. |
|
@s1061123 @MikeZappa87 thanks for merging. Maybe we should also merge the doc wdyt ? |
bandwidth: possibility to exclude some subnets from traffic shapping
what changed:
we had to refactor the bandwidth plugin and switch from a classless qdisc (tbf)
to a classful qdisc (htb).
subnets are to be provided in config or runtimeconfig just like other parameters
unit and integration tests were also adapted in consequence
unrelated changes:
test fixes: the most important tests were just silently skipped due to ginkgo Measure deprecation
(the ones actually checking the effectiveness of the traffic control)