Implement traffic control interfaces via OVS

[hongliangl]

Signed-off-by: Hongliang Liu lhongliang@vmware.com

For #3324

[codecov-commenter]

Codecov Report

Merging #3580 (e984e42) into main (00f9d98) will decrease coverage by 0.88%.
The diff coverage is 9.09%.

@@            Coverage Diff             @@
##             main    #3580      +/-   ##
==========================================
- Coverage   64.58%   63.70%   -0.89%     
==========================================
  Files         278      278              
  Lines       39517    39604      +87     
==========================================
- Hits        25523    25229     -294     
- Misses      12011    12428     +417     
+ Partials     1983     1947      -36     

Flag	Coverage Δ
e2e-tests	50.13% <9.09%> (?)
kind-e2e-tests	50.51% <9.09%> (-1.75%)	⬇️
unit-tests	43.73% <8.08%> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/openflow/framework.go	87.00% <0.00%> (-2.70%)	⬇️
pkg/agent/openflow/pod_connectivity.go	42.26% <5.79%> (-26.06%)	⬇️
pkg/agent/openflow/client.go	70.70% <8.33%> (-1.64%)	⬇️
pkg/agent/openflow/pipeline.go	72.54% <100.00%> (-2.35%)	⬇️
pkg/controller/egress/store/egressgroup.go	1.72% <0.00%> (-54.32%)	⬇️
pkg/agent/route/route_linux.go	30.17% <0.00%> (-19.63%)	⬇️
pkg/agent/util/net.go	32.44% <0.00%> (-19.12%)	⬇️
pkg/agent/nodeportlocal/k8s/annotations.go	84.44% <0.00%> (-8.89%)	⬇️
pkg/agent/util/ipset/ipset.go	59.45% <0.00%> (-8.11%)	⬇️
pkg/agent/openflow/service.go	78.16% <0.00%> (-5.75%)	⬇️
... and 22 more

[hongliangl]

Before merging this PR, issue #3583 should be fixed.

[jianjuns]

Please add commit message to describe the change.

[tnqn]

LGTM overall

[wenyingd]

Question: A packet is either mirrored or redirected, but not both mirrored and redirected?

[hongliangl]

A packet should be either mirrored or redirected.

[wenyingd]

Using modifyFlows, it might delete the original tc flows which are not included in the flows generated by this call. I think your target is to append these flows in the cache but not overwrite?

[hongliangl]

Since a traffic rule could be updated, the original tc flows should be deleted and new flows should be installed. Flows in the cache should be also overwritten.

[wenyingd]

So do you mean InstallTrafficControlMarkFlows is called for both add and update case? And UninstallTrafficControlMarkFlows is called only when delete the tc configuration?

[hongliangl]

Yes

[wenyingd]

Why not go to stageSwitching since the dst MAC in the packet is set before output to the redirected port?

[hongliangl]

I'll update the comments here

// trafficControlReturnClassifierFlow generates the flow to mark the packets from traffic control return port and forward
// the packets to stageRouting directly. Note that, for the packets which are originally to be output to a tunnel port,
// value of NXM_NX_TUN_IPV4_DST for the returned packets needs to be loaded in stageRouting.

[hongliangl]

/test-all-features-conformance
/test-conformance
/test-e2e
/test-flexible-ipam-e2e
/test-ipv6-conformance
/test-ipv6-e2e
/test-ipv6-networkpolicy
/test-ipv6-only-conformance
/test-ipv6-only-e2e
/test-ipv6-only-networkpolicy
/test-multicluster-e2e
/test-networkpolicy
/test-windows-conformance
/test-windows-e2e
/test-windows-networkpolicy
/test-windows-proxyall-e2e
/test-integration

[tnqn]

LGTM, thanks

[hongliangl]

/test-ipv6-e2e
/test-ipv6-only-conformance

[hongliangl]

/test-ipv6-only-conformance

[hongliangl]

/test-ipv6-e2e

[hongliangl]

@jianjuns @wenyingd Do you have any further comments? Thanks.

[jianjuns]

@jianjuns @wenyingd Do you have any further comments? Thanks.
Not from me (I did go through one more time).

[tnqn]

tested the PR with a network analyzer and both mirroring and redirecting worked as expected, merging it.

[hongliangl]

Thanks for testing and merging this.