Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

workflow: Cover VXLAN + IPsec + endpoint routes in datapath tests #23396

Merged
merged 1 commit into from Jan 27, 2023
Merged

workflow: Cover VXLAN + IPsec + endpoint routes in datapath tests #23396

merged 1 commit into from Jan 27, 2023

Conversation

pchaigno
Copy link
Member

@pchaigno pchaigno commented Jan 26, 2023
edited

Commit 92a3e31 ("bpf: Remove link scope of cilium_host's IPv4 address") fixed connectivity via a NodePort service with tunneling and endpoint routes. Commit d39ca10 ("ipsec: Don't match on packet mark for FWD XFRM policy") then fixed cross-node pod connectivity with tunneling, endpoint routes, and IPsec.

We can therefore start test this specific setup in the datapath tests. bpf-next is picked as the kernel to have some coverage of IPsec on the latest kernel. We currently rely on some assumption on kernel internals.

Passing run with the test commit: https://github.com/cilium/cilium/actions/runs/4018394161.

@pchaigno
workflows: Cover IPsec+VXLAN+endpoint routes in datapath tests
68fc45c 
Commit 92a3e31 ("bpf: Remove link scope of cilium_host's IPv4
address") fixed connectivity via a NodePort service with tunneling and
endpoint routes. Commit d39ca10 ("ipsec: Don't match on packet mark
for FWD XFRM policy") then fixed cross-node pod connectivity with
tunneling, endpoint routes, and IPsec.

We can therefore start test this specific setup in the datapath tests.
bpf-next is picked as the kernel to have some coverage of IPsec on the
latest kernel. We currently rely on some assumption on kernel
internals [1].

1 - https://github.com/cilium/cilium/blob/v1.13.0-rc5/bpf/lib/encap.h#L24-L25
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno added area/CI Continuous Integration testing issue or flake sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/ci This PR makes changes to the CI. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. labels Jan 26, 2023
@pchaigno pchaigno force-pushed the pr/pchaigno/dp-test-cover-vxlan-ipsec-ep-routes branch from 8663c2e to 68fc45c Compare January 26, 2023 22:11
@pchaigno pchaigno marked this pull request as ready for review January 26, 2023 22:14
@pchaigno pchaigno requested review from a team as code owners January 26, 2023 22:14
@pchaigno pchaigno requested a review from brb January 27, 2023 00:38
brb
brb approved these changes Jan 27, 2023
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍕

@pchaigno pchaigno added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jan 27, 2023
@brb brb merged commit 7dd3fc2 into master Jan 27, 2023
@brb brb deleted the pr/pchaigno/dp-test-cover-vxlan-ipsec-ep-routes branch January 27, 2023 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

@christarazi christarazi christarazi approved these changes

@aanm aanm aanm approved these changes

@NikAleksandrov NikAleksandrov Awaiting requested review from NikAleksandrov NikAleksandrov was automatically assigned from cilium/sig-datapath

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/ci This PR makes changes to the CI. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pchaigno @brb @christarazi @aanm