Enhance Egress support in Traceflow

- Add "EgressNodeIP" and "SrcPodIP" fields in Traceflow observations.

- Add "EgressNode" field in observations from Egress Node as well when
  Egress Node is different from source Node. Previously, "EgressNode" field
  was available only in observations from source Node.

Closes antrea-io#6099

Signed-off-by: Kumar Atish <kumar.atish@broadcom.com>

build/charts/antrea/crds/traceflow.yaml

@@ -456,6 +456,10 @@ spec:
                               type: string
                             egressNode:
                               type: string
+                            egressNodeIP:
+                              type: string
+                            srcPodIP:
+                              type: string
                 capturedPacket:
                   properties:
                     srcIP:

build/yamls/antrea-aks.yml

@@ -4993,6 +4993,10 @@ spec:
                               type: string
                             egressNode:
                               type: string
+                            egressNodeIP:
+                              type: string
+                            srcPodIP:
+                              type: string
                 capturedPacket:
                   properties:
                     srcIP:

build/yamls/antrea-crds.yml

@@ -4966,6 +4966,10 @@ spec:
                               type: string
                             egressNode:
                               type: string
+                            egressNodeIP:
+                              type: string
+                            srcPodIP:
+                              type: string
                 capturedPacket:
                   properties:
                     srcIP:

build/yamls/antrea-eks.yml

@@ -4993,6 +4993,10 @@ spec:
                               type: string
                             egressNode:
                               type: string
+                            egressNodeIP:
+                              type: string
+                            srcPodIP:
+                              type: string
                 capturedPacket:
                   properties:
                     srcIP:

build/yamls/antrea-gke.yml

@@ -4993,6 +4993,10 @@ spec:
                               type: string
                             egressNode:
                               type: string
+                            egressNodeIP:
+                              type: string
+                            srcPodIP:
+                              type: string
                 capturedPacket:
                   properties:
                     srcIP:

build/yamls/antrea-ipsec.yml

@@ -4993,6 +4993,10 @@ spec:
                               type: string
                             egressNode:
                               type: string
+                            egressNodeIP:
+                              type: string
+                            srcPodIP:
+                              type: string
                 capturedPacket:
                   properties:
                     srcIP:

build/yamls/antrea.yml

@@ -4993,6 +4993,10 @@ spec:
                               type: string
                             egressNode:
                               type: string
+                            egressNodeIP:
+                              type: string
+                            srcPodIP:
+                              type: string
                 capturedPacket:
                   properties:
                     srcIP:

pkg/agent/controller/traceflow/packetin.go

@@ -292,11 +292,11 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*crdv1beta1.Traceflo
 				}
 			}
 			if isRemoteEgress == 1 { // an Egress packet, currently on source Node and forwarded to Egress Node.
-				egressName, egressIP, egressNode, err := c.egressQuerier.GetEgress(ns, srcPod)
+				egressName, egressIP, egressNodeName, err := c.egressQuerier.GetEgress(ns, srcPod)
 				if err != nil {
 					return nil, nil, nil, err
 				}
-				obEgress := getEgressObservation(false, egressIP, egressName, egressNode)
+				obEgress := getEgressObservation(false, egressIP, egressName, egressNodeName, "", ipSrc)
 				obs = append(obs, *obEgress)
 			}
 			ob.TunnelDstIP = tunnelDstIP
@@ -312,9 +312,9 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*crdv1beta1.Traceflo
 				}
 			}
 			if pktMark != 0 { // Egress packet on Egress Node
-				egressName, egressIP, egressNode := "", "", ""
+				egressName, egressIP, egressNodeName := "", "", ""
 				if tunnelDstIP == "" { // Egress Node is Source Node of this Egress packet
-					egressName, egressIP, egressNode, err = c.egressQuerier.GetEgress(ns, srcPod)
+					egressName, egressIP, egressNodeName, err = c.egressQuerier.GetEgress(ns, srcPod)
 					if err != nil {
 						return nil, nil, nil, err
 					}
@@ -323,8 +323,9 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*crdv1beta1.Traceflo
 					if err != nil {
 						return nil, nil, nil, err
 					}
+					egressNodeName = c.nodeConfig.Name
 				}
-				obEgress := getEgressObservation(true, egressIP, egressName, egressNode)
+				obEgress := getEgressObservation(true, egressIP, egressName, egressNodeName, c.nodeConfig.NodeIPv4Addr.IP.String(), ipSrc)
 				obs = append(obs, *obEgress)
 			}
 			ob.Action = crdv1beta1.ActionForwardedOutOfOverlay
@@ -486,12 +487,14 @@ func parseCapturedPacket(pktIn *ofctrl.PacketIn) *crdv1beta1.Packet {
 	return &capturedPacket
 }
 
-func getEgressObservation(isEgressNode bool, egressIP, egressName, egressNode string) *crdv1beta1.Observation {
+func getEgressObservation(isEgressNode bool, egressIP, egressName, egressNodeName, egressNodeIP, srcPodIP string) *crdv1beta1.Observation {
 	ob := new(crdv1beta1.Observation)
 	ob.Component = crdv1beta1.ComponentEgress
 	ob.EgressIP = egressIP
 	ob.Egress = egressName
-	ob.EgressNode = egressNode
+	ob.EgressNode = egressNodeName
+	ob.EgressNodeIP = egressNodeIP
+	ob.SrcPodIP = srcPodIP
 	if isEgressNode {
 		ob.Action = crdv1beta1.ActionMarkedForSNAT
 	} else {

pkg/agent/controller/traceflow/packetin_test.go

@@ -39,9 +39,10 @@ import (
 )
 
 var (
-	egressName = "dummyEgress"
-	egressIP   = "192.168.100.100"
-	egressNode = "fakeEgressNode"
+	egressName     = "dummyEgress"
+	egressIP       = "192.168.100.100"
+	egressNodeName = "fakeEgressNode"
+	egressNodeIP   = "192.168.100.101"
 )
 
 func prepareMockTables() {
@@ -209,8 +210,8 @@ func getTestPacketBytes(dstIP string) []byte {
 		Protocol: uint8(8),
 		DSCP:     1,
 		Length:   20,
-		NWSrc:    net.IP(pod1IPv4),
-		NWDst:    net.IP(dstIP),
+		NWSrc:    net.ParseIP(pod1IPv4),
+		NWDst:    net.ParseIP(dstIP),
 	}
 	ethernetPkt := protocol.NewEthernet()
 	ethernetPkt.HWSrc = pod1MAC
@@ -288,6 +289,9 @@ func TestParsePacketIn(t *testing.T) {
 				GatewayConfig: &config.GatewayConfig{
 					OFPort: 2,
 				},
+				NodeIPv4Addr: &net.IPNet{
+					IP: net.ParseIP(egressNodeIP),
+				},
 			},
 			tfState: &traceflowState{
 				name:     "traceflow-pod-to-ipv4",
@@ -304,7 +308,7 @@ func TestParsePacketIn(t *testing.T) {
 				},
 			},
 			expectedCalls: func(npQuerierq *queriertest.MockAgentNetworkPolicyInfoQuerier, egressQuerier *queriertest.MockEgressQuerier) {
-				egressQuerier.EXPECT().GetEgress(pod1.Namespace, pod1.Name).Return(egressName, egressIP, egressNode, nil)
+				egressQuerier.EXPECT().GetEgress(pod1.Namespace, pod1.Name).Return(egressName, egressIP, egressNodeName, nil)
 			},
 			expectedTf: &crdv1beta1.Traceflow{
 				ObjectMeta: metav1.ObjectMeta{
@@ -331,11 +335,13 @@ func TestParsePacketIn(t *testing.T) {
 						Action:    crdv1beta1.ActionForwarded,
 					},
 					{
-						Component:  crdv1beta1.ComponentEgress,
-						Action:     crdv1beta1.ActionMarkedForSNAT,
-						Egress:     egressName,
-						EgressIP:   egressIP,
-						EgressNode: egressNode,
+						Component:    crdv1beta1.ComponentEgress,
+						Action:       crdv1beta1.ActionMarkedForSNAT,
+						Egress:       egressName,
+						EgressIP:     egressIP,
+						EgressNode:   egressNodeName,
+						EgressNodeIP: egressNodeIP,
+						SrcPodIP:     pod1IPv4,
 					},
 					{
 						Component:     crdv1beta1.ComponentForwarding,
@@ -371,7 +377,7 @@ func TestParsePacketIn(t *testing.T) {
 				},
 			},
 			expectedCalls: func(npQuerierq *queriertest.MockAgentNetworkPolicyInfoQuerier, egressQuerier *queriertest.MockEgressQuerier) {
-				egressQuerier.EXPECT().GetEgress(pod1.Namespace, pod1.Name).Return(egressName, egressIP, egressNode, nil)
+				egressQuerier.EXPECT().GetEgress(pod1.Namespace, pod1.Name).Return(egressName, egressIP, egressNodeName, nil)
 			},
 			expectedTf: &crdv1beta1.Traceflow{
 				ObjectMeta: metav1.ObjectMeta{
@@ -402,7 +408,8 @@ func TestParsePacketIn(t *testing.T) {
 						Action:     crdv1beta1.ActionForwardedToEgressNode,
 						Egress:     egressName,
 						EgressIP:   egressIP,
-						EgressNode: egressNode,
+						EgressNode: egressNodeName,
+						SrcPodIP:   pod1IPv4,
 					},
 					{
 						Component:     crdv1beta1.ComponentForwarding,
@@ -423,6 +430,10 @@ func TestParsePacketIn(t *testing.T) {
 				GatewayConfig: &config.GatewayConfig{
 					OFPort: 2,
 				},
+				NodeIPv4Addr: &net.IPNet{
+					IP: net.ParseIP(egressNodeIP),
+				},
+				Name: egressNodeName,
 			},
 			tfState: &traceflowState{
 				name: "traceflow-pod-to-ipv4",
@@ -465,9 +476,12 @@ func TestParsePacketIn(t *testing.T) {
 						Action:    crdv1beta1.ActionReceived,
 					},
 					{
-						Component: crdv1beta1.ComponentEgress,
-						Action:    crdv1beta1.ActionMarkedForSNAT,
-						EgressIP:  egressIP,
+						Component:    crdv1beta1.ComponentEgress,
+						Action:       crdv1beta1.ActionMarkedForSNAT,
+						EgressIP:     egressIP,
+						EgressNode:   egressNodeName,
+						EgressNodeIP: egressNodeIP,
+						SrcPodIP:     pod1IPv4,
 					},
 					{
 						Component:     crdv1beta1.ComponentForwarding,

pkg/apis/crd/v1beta1/types.go

@@ -1173,6 +1173,10 @@ type Observation struct {
 	EgressIP    string `json:"egressIP,omitempty" yaml:"egressIP,omitempty"`
 	// EgressNode is the name of the Egress Node.
 	EgressNode string `json:"egressNode,omitempty" yaml:"egressNode,omitempty"`
+	// EgressNodeIP is the IP of Egress Node.
+	EgressNodeIP string `json:"egressNodeIP,omitempty" yaml:"egressNodeIP,omitempty"`
+	// SrcPodIP is the IP of source Pod.
+	SrcPodIP string `json:"srcPodIP,omitempty" yaml:"srcPodIP,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

test/e2e/traceflow_test.go

@@ -2072,7 +2072,7 @@ func testTraceflowEgress(t *testing.T, data *TestData) {
 	egressIP := nodeIP(0)
 	externalDstIP := "1.1.1.1"
 
-	localPodNames, _, localCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, egressNode)
+	localPodNames, localPodIPs, localCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, egressNode)
 	defer localCleanupFn()
 
 	matchExpressions := []metav1.LabelSelectorRequirement{
@@ -2118,11 +2118,13 @@ func testTraceflowEgress(t *testing.T, data *TestData) {
 						Action:    v1beta1.ActionForwarded,
 					},
 					{
-						Component:  v1beta1.ComponentEgress,
-						Action:     v1beta1.ActionMarkedForSNAT,
-						Egress:     egress.Name,
-						EgressIP:   egressIP,
-						EgressNode: egressNode,
+						Component:    v1beta1.ComponentEgress,
+						Action:       v1beta1.ActionMarkedForSNAT,
+						Egress:       egress.Name,
+						EgressIP:     egressIP,
+						EgressNode:   egressNode,
+						EgressNodeIP: egressIP,
+						SrcPodIP:     localPodIPs[0].IPv4.String(),
 					},
 					{
 						Component:     v1beta1.ComponentForwarding,
@@ -2140,7 +2142,7 @@ func testTraceflowEgress(t *testing.T, data *TestData) {
 
 	skipIfNumNodesLessThan(t, 2)
 	remoteNode := nodeName(1)
-	remotePodNames, _, remoteCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, remoteNode)
+	remotePodNames, remotePodIPs, remoteCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, remoteNode)
 	defer remoteCleanupFn()
 
 	toUpdate := egress.DeepCopy()
@@ -2195,6 +2197,7 @@ func testTraceflowEgress(t *testing.T, data *TestData) {
 						Egress:     egress.Name,
 						EgressIP:   egressIP,
 						EgressNode: egressNode,
+						SrcPodIP:   remotePodIPs[0].IPv4.String(),
 					},
 					{
 						Component:     v1beta1.ComponentForwarding,
@@ -2211,9 +2214,12 @@ func testTraceflowEgress(t *testing.T, data *TestData) {
 						Action:    v1beta1.ActionReceived,
 					},
 					{
-						Component: v1beta1.ComponentEgress,
-						Action:    v1beta1.ActionMarkedForSNAT,
-						EgressIP:  egressIP,
+						Component:    v1beta1.ComponentEgress,
+						Action:       v1beta1.ActionMarkedForSNAT,
+						EgressIP:     egressIP,
+						EgressNode:   egressNode,
+						EgressNodeIP: egressIP,
+						SrcPodIP:     remotePodIPs[0].IPv4.String(),
 					},
 					{
 						Component:     v1beta1.ComponentForwarding,
@@ -2344,10 +2350,12 @@ func compareObservations(expected v1beta1.NodeResult, actual v1beta1.NodeResult)
 		if exObs[i].Component != acObs[i].Component ||
 			exObs[i].ComponentInfo != acObs[i].ComponentInfo ||
 			exObs[i].Pod != acObs[i].Pod ||
+			exObs[i].SrcPodIP != acObs[i].SrcPodIP ||
 			exObs[i].TranslatedDstIP != acObs[i].TranslatedDstIP ||
 			exObs[i].EgressIP != acObs[i].EgressIP ||
 			exObs[i].Egress != acObs[i].Egress ||
 			exObs[i].EgressNode != acObs[i].EgressNode ||
+			exObs[i].EgressNodeIP != acObs[i].EgressNodeIP ||
 			exObs[i].Action != acObs[i].Action ||
 			exObs[i].NetworkPolicy != acObs[i].NetworkPolicy ||
 			exObs[i].NetworkPolicyRule != acObs[i].NetworkPolicyRule {