Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cni: add promiscous mode knob #98

Merged
merged 1 commit into from
Apr 3, 2023
Merged

cni: add promiscous mode knob #98

merged 1 commit into from
Apr 3, 2023

Conversation

maiqueb
Copy link
Collaborator

@maiqueb maiqueb commented Mar 31, 2023

What this PR does / why we need it:
This PR adds a know allowing users to configure the pod side of the veth as promiscous, which would allow the attached VM to be discovered via LLDP.

Special notes for your reviewer:
Fixes: #97

Release note:

Add a `promiscMode` knob to the CNI configuration

@kubevirt-bot kubevirt-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Mar 31, 2023
@kubevirt-bot kubevirt-bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M labels Mar 31, 2023
@maiqueb
Copy link
Collaborator Author

maiqueb commented Mar 31, 2023

@fizzers123 would you be willing to give this PR a test drive and see if it fixes your reported issue ? (#97)

@fizzers123
Copy link

I got it running, unfortunately, the interface option "PROMISC" doesn't seem to be set.

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: macvtap-deviceplugin-config
data:
  DP_MACVTAP_CONF: |
    [
        {
            "name"     : "ens18",
            "lowerDevice"   : "ens18",
            "mode"     : "bridge",
            "capacity" : 50,
            "promiscMode": true
        }
    ]
netns: cni-31c38ac8-26bc-002f-8d53-061e0cadd567
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: k6t-eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc fq_codel master k6t-eth0 state UP mode DEFAULT group default qlen 1000
    link/ether 66:c7:5a:52:17:de brd ff:ff:ff:ff:ff:ff
905: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether fa:d2:7a:69:2e:a8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
908: eth0@if909: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP mode DEFAULT group default
    link/ether 00:00:00:f2:1a:71 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    alias 4c3119146502_c

Here is the container I build to deploy it: https://hub.docker.com/r/fizzers123/macvtap-cni/tags
I hope I did everything correctly.

@maiqueb
Copy link
Collaborator Author

maiqueb commented Mar 31, 2023
edited

I got it running, unfortunately, the interface option "PROMISC" doesn't seem to be set.

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: macvtap-deviceplugin-config
data:
  DP_MACVTAP_CONF: |
    [
        {
            "name"     : "ens18",
            "lowerDevice"   : "ens18",
            "mode"     : "bridge",
            "capacity" : 50,
            "promiscMode": true
        }
    ]
netns: cni-31c38ac8-26bc-002f-8d53-061e0cadd567
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: k6t-eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc fq_codel master k6t-eth0 state UP mode DEFAULT group default qlen 1000
    link/ether 66:c7:5a:52:17:de brd ff:ff:ff:ff:ff:ff
905: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether fa:d2:7a:69:2e:a8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
908: eth0@if909: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP mode DEFAULT group default
    link/ether 00:00:00:f2:1a:71 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    alias 4c3119146502_c

Here is the container I build to deploy it: https://hub.docker.com/r/fizzers123/macvtap-cni/tags I hope I did everything correctly.

Ah you are configuring the device plugin. You should configure the CNI configuration instead, i.e. the net-attach-def, as per the docs.

I'd say it would be something like:

apiVersion: k8s.cni.cncf.io/v1
metadata:
  name: dataplane
  annotations:
    k8s.v1.cni.cncf.io/resourceName: macvtap.network.kubevirt.io/dataplane
spec:
  config: '{
      "cniVersion": "0.3.1",
      "name": "dataplane",
      "type": "macvtap",
      "mtu": 1500,
      "promiscMode": true # <==== this one!!!
    }'

@fizzers123
Copy link

Whoops, my bad.

It works now as expected. LLDP works as well :)

netns: cni-9803963c-7aa0-cda9-b8ba-262be2a185d1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: k6t-eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc fq_codel master k6t-eth0 state UP mode DEFAULT group default qlen 1000
    link/ether 8a:35:b8:db:53:3b brd ff:ff:ff:ff:ff:ff
917: net1@if2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 3e:ea:93:94:eb:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
920: eth0@if921: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP mode DEFAULT group default
    link/ether 00:00:00:0f:b8:e2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    alias 2542dd38a1ff_c

image

Thanks a lot for your dedication!

phoracek
phoracek approved these changes Apr 3, 2023
View reviewed changes
Copy link
Member

@phoracek phoracek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/cni/plugin_test.go Outdated Show resolved Hide resolved
@maiqueb
cni: add promiscous mode knob
f1a6be8 
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
phoracek
phoracek approved these changes Apr 3, 2023
View reviewed changes
Copy link
Member

@phoracek phoracek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@kubevirt-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maiqueb, phoracek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Apr 3, 2023
@kubevirt-bot kubevirt-bot merged commit 3e2ecd0 into kubevirt:main Apr 3, 2023
@maiqueb maiqueb deleted the add-promisc-knob branch April 3, 2023 08:52
This was referenced Apr 3, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phoracek phoracek phoracek approved these changes

Assignees

@phoracek phoracek

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

MacVtap L2 Network connectivity (LLDP) only working while running tcpdump
4 participants
@maiqueb @fizzers123 @kubevirt-bot @phoracek