Skip removing vnet namespace in Linux CNI Multitenancy

[tamilmani1989]

Reason for Change:

Its not required to tear down vnet namespace if there no endpoints on that vnet and then create back again later

Issue Fixed:

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests

Notes:

[vipul-21]

We are skipping deletion of vnet namespace if there are no containers but when there are new containers for that namespace, we won't need to create that namespace again ? Is that correct ?

Wanted to know if there is a scenario in which the namespaces are getting accumulated since they were not deleted.

[tamilmani1989]

good question. cni creates netns per vlanid and at max vlanid can range from 1-4096 and also we dont support more than 150 containers in multitenancy. so not deleting netns should not cause any issue

vmss000000:/# cat /proc/sys/user/max_net_namespaces
27653

[vipul-21]

Just curious, will commenting this out won't affect the unit test cases we run for it ? https://github.com/Azure/azure-container-networking/blob/master/network/transparent_vlan_endpointclient_linux_test.go#L467

If so, do we need to update the unit test cases as well ?

[tamilmani1989]

correct updated it

[vipul-21]

But this does limit the user's ability to go beyond 23k( approximately) even if the vlan is not at max i.e 4k
I understand that this is safe as we don't have the requirement or a user that has that many namespace, but why are we doing it? Isn't it is safer to delete and make sure it is created when needed, instead of letting it be there.

OR Does this help in reducing the latency since we don't need to create a namespace again ?
(Do correct me if I am understanding it wrong)

[tamilmani1989]

so this will be a problem when we parallelize the execution of cni in future.. one doing add and other doing delete in same namespace based on number of default routes