Skip to content

Commit

Permalink
Merge pull request #17099 from danwinship/egress-ip-fixes-2
Browse files Browse the repository at this point in the history
Automatic merge from submit-queue.

Fix up destination MAC of auto-egress-ip packets

Auto egress packets from pods on nodes other than the one with the egress IP were getting dropped. This turns out to be because the packets will be ignored if you output them on tun0 but they don't have tun0's MAC address as the destination MAC. (For local pods, the default route is via tun0, so the MAC is correct, but for remote pods, the default route is via the tun0 on their node, so the MAC was wrong for the node it eventually ended up on.) 

Also includes two other auto-egress-ip OVS flow fixes.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1501876
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1507871
  • Loading branch information
openshift-merge-robot authored Nov 1, 2017
2 parents 92e746a + 63fefef commit 6da6c87
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 5 deletions.
8 changes: 4 additions & 4 deletions pkg/network/node/egressip_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ func TestEgressIP(t *testing.T) {
err = assertFlowChanges(origFlows, flows,
flowChange{
kind: flowAdded,
match: []string{"table=100", "reg0=44", "0xac110066->pkt_mark", "output:2"},
match: []string{"table=100", "reg0=44", "0xac110066->pkt_mark", "goto_table:101"},
},
)
if err != nil {
Expand Down Expand Up @@ -195,7 +195,7 @@ func TestEgressIP(t *testing.T) {
err = assertFlowChanges(origFlows, flows,
flowChange{
kind: flowAdded,
match: []string{"table=100", "reg0=45", "0xac110067->pkt_mark", "output:2"},
match: []string{"table=100", "reg0=45", "0xac110067->pkt_mark", "goto_table:101"},
},
)
if err != nil {
Expand All @@ -216,7 +216,7 @@ func TestEgressIP(t *testing.T) {
err = assertFlowChanges(origFlows, flows,
flowChange{
kind: flowRemoved,
match: []string{"table=100", "reg0=44", "0xac110066->pkt_mark", "output:2"},
match: []string{"table=100", "reg0=44", "0xac110066->pkt_mark", "goto_table:101"},
},
)
if err != nil {
Expand Down Expand Up @@ -262,7 +262,7 @@ func TestEgressIP(t *testing.T) {
err = assertFlowChanges(origFlows, flows,
flowChange{
kind: flowRemoved,
match: []string{"table=100", "reg0=45", "0xac110067->pkt_mark", "output:2"},
match: []string{"table=100", "reg0=45", "0xac110067->pkt_mark", "goto_table:101"},
},
flowChange{
kind: flowAdded,
Expand Down
13 changes: 12 additions & 1 deletion pkg/network/node/ovscontroller.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,16 @@ import (

"k8s.io/apimachinery/pkg/util/sets"
kapi "k8s.io/kubernetes/pkg/api"

"github.com/vishvananda/netlink"
)

type ovsController struct {
ovs ovs.Interface
pluginId int
useConnTrack bool
localIP string
tunMAC string
}

const (
Expand Down Expand Up @@ -83,6 +86,13 @@ func (oc *ovsController) SetupOVS(clusterNetworkCIDR []string, serviceNetworkCID
if err != nil {
return err
}
if oc.tunMAC == "" {
link, err := netlink.LinkByName(Tun0)
if err != nil {
return err
}
oc.tunMAC = link.Attrs().HardwareAddr.String()
}

otx := oc.ovs.NewTransaction()

Expand All @@ -94,6 +104,7 @@ func (oc *ovsController) SetupOVS(clusterNetworkCIDR []string, serviceNetworkCID
for _, clusterCIDR := range clusterNetworkCIDR {
otx.AddFlow("table=0, priority=200, in_port=1, arp, nw_src=%s, nw_dst=%s, actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG0[],goto_table:10", clusterCIDR, localSubnetCIDR)
otx.AddFlow("table=0, priority=200, in_port=1, ip, nw_src=%s, actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG0[],goto_table:10", clusterCIDR)
otx.AddFlow("table=0, priority=200, in_port=1, ip, nw_dst=%s, actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG0[],goto_table:10", clusterCIDR)
}
otx.AddFlow("table=0, priority=150, in_port=1, actions=drop")
// tun0
Expand Down Expand Up @@ -693,7 +704,7 @@ func (oc *ovsController) UpdateNamespaceEgressRules(vnid uint32, nodeIP, egressH
otx.AddFlow("table=100, priority=100, reg0=%d, actions=drop", vnid)
} else if nodeIP == oc.localIP {
// Local Egress IP
otx.AddFlow("table=100, priority=100, reg0=%d, ip, actions=set_field:%s->pkt_mark,output:2", vnid, egressHex)
otx.AddFlow("table=100, priority=100, reg0=%d, ip, actions=set_field:%s->eth_dst,set_field:%s->pkt_mark,goto_table:101", vnid, oc.tunMAC, egressHex)
} else {
// Remote Egress IP; send via VXLAN
otx.AddFlow("table=100, priority=100, reg0=%d, ip, actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:%s->tun_dst,output:1", vnid, nodeIP)
Expand Down
1 change: 1 addition & 0 deletions pkg/network/node/ovscontroller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
func setupOVSController(t *testing.T) (ovs.Interface, *ovsController, []string) {
ovsif := ovs.NewFake(Br0)
oc := NewOVSController(ovsif, 0, true, "172.17.0.4")
oc.tunMAC = "c6:ac:2c:13:48:4b"
err := oc.SetupOVS([]string{"10.128.0.0/14"}, "172.30.0.0/16", "10.128.0.0/23", "10.128.0.1")
if err != nil {
t.Fatalf("Unexpected error setting up OVS: %v", err)
Expand Down

0 comments on commit 6da6c87

Please sign in to comment.