Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: disable ipv6 on transparent vlan mode network create #2419

Merged
merged 1 commit into from Dec 1, 2023
Merged

fix: disable ipv6 on transparent vlan mode network create #2419

merged 1 commit into from Dec 1, 2023

Conversation

QxBytes
Copy link
Contributor

@QxBytes QxBytes commented Nov 29, 2023

Reason for Change:

Ipv6 traffic from within the pod should not be able to reach eth0 on the vm from eth1 in the container. To enforce this, we disable ipv6 on all interfaces in the vm namespace. The vnet namespace has ipv6 forwarding disabled by default so no modification is required on that datapath.

Issue Fixed:

See above.

Requirements:

Notes:

  • Network utils failure is already tested when we test "enable ipv4 forwarding"

@QxBytes QxBytes added cni Related to CNI. fix Fixes something. multitenancy labels Nov 29, 2023
@QxBytes QxBytes marked this pull request as ready for review November 30, 2023 19:30
@QxBytes QxBytes requested a review from a team as a code owner November 30, 2023 19:30
vipul-21
vipul-21 approved these changes Nov 30, 2023
View reviewed changes
Copy link
Contributor

@vipul-21 vipul-21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't impact existing scenario.
But want to confirm two things:

  1. dual stack with multitenancy will need to change it again ?
  2. this is used by multitenancy and won't impact multi nic support(swift 2.0) in aks ?
    cc: @tamilmani1989 @paulyufan2

paulyufan2
paulyufan2 approved these changes Dec 1, 2023
View reviewed changes
Copy link
Contributor

@paulyufan2 paulyufan2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @vipul-21

(1) Dualstack support is only for AKS overlay at the moment considered as single tenancy mode
(2) We are not considering ipv6 address support for multi nic for now.

@QxBytes QxBytes merged commit 9a74d51 into master Dec 1, 2023
77 checks passed
@QxBytes QxBytes deleted the alew/block-ipv6 branch December 1, 2023 22:29
matmerr pushed a commit that referenced this pull request Jan 17, 2024
@QxBytes @matmerr
fix: disable ipv6 on transparent vlan mode network create (#2419)
eea621b 
Disable ipv6 on transparent vlan mode network create
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tamilmani1989 tamilmani1989 tamilmani1989 approved these changes

@vipul-21 vipul-21 vipul-21 approved these changes

@paulyufan2 paulyufan2 paulyufan2 approved these changes

@miguelgoms miguelgoms Awaiting requested review from miguelgoms miguelgoms is a code owner automatically assigned from Azure/azure-sdn-members

Assignees
No one assigned
Labels
cni Related to CNI. fix Fixes something. multitenancy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@QxBytes @tamilmani1989 @vipul-21 @paulyufan2