bpf: SRv6 fib on encap #26136
Merged
bpf: SRv6 fib on encap #26136
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ldelossa
added
release-note/bug
|
/test Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed: Click to show.Test NameFailure OutputJenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/721/ If it is a flake and a GitHub issue doesn't already exist to track it, comment Then please upload the Jenkins artifacts to that issue. |
|
/test-1.26-net-next |
|
Is it worth considering a unit test? |
julianwiedmann
requested changes
Jun 13, 2023
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib-no-refactor
branch
from
4f87263
to
567c2b6
Compare
|
@julianwiedmann handled your feedback. @nickolaev working on a test now, feel free to block until this test commit is present. |
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib-no-refactor
branch
3 times, most recently
from
010c7fa
to
48174e4
Compare
2 tasks
julianwiedmann
approved these changes
Jun 14, 2023
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib-no-refactor
branch
from
48174e4
to
7588f88
Compare
|
@jibi latest push moves the fib_lookup functions to take src/dst addresses instead of the full header |
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib-no-refactor
branch
2 times, most recently
from
d1da55f
to
2f1d6f4
Compare
This commit adds a new function, 'fib_do_redirect', to 'lib/fib.h'. This function decouples the 'bpf_redirect' functionality from the 'bpf_fib_lookup' functionality while keeping the existing 'fib_redirect' logic the same. In other words, this function can pickup right after the 'fib_lookup' is performed in 'fib_redirect' and carry out the same exact operations as 'fib_redirect'. This will be used in a subsequent commit to decouple the `bpf_fib_lookup` from the `bpf_redirect`, such that each can be performed independently. This is an addition-only change and amounts to no functional changes in the data path. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
Introduce functions for performing fib_lookups independent of any other actions. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib-no-refactor
branch
from
2f1d6f4
to
4bce021
Compare
|
@nickolaev added tests: 4bce021 |
|
/test |
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib-no-refactor
branch
from
4bce021
to
fb3f639
Compare
julianwiedmann
added
affects/v1.13
|
I believe there's no plan to backport this into |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the first PR in a set of two.
In this PR we introduce new functions in lib/fib.h to fix the issue described below
A follow up PR will be opened once this is merged which carries the non-backported refactor of fib/lib.h, removing the duplicate code introduced in this PR.
see #26048 (comment) for an explanation of why this occurs in two PRs.
Original SRv6 encapsulation flow:
This results in the egress packet always choosing the output interface, source, and destination mac from the FIB lookup that occurred on the inner packet.
SRv6 encapsulation flow corrected:
Now, we perform an additional fib lookup once the egress packet has been encapsulated, ensuring the encapsulated packet is forwarded correctly based on the host namespace's FIB.
Performing these actions independently is currently necessary for this SRv6 datapath fix.
This is because we perform the
fib_lookupalready at a egress interface and we may or may not need to redirect to a new interface for tx.It is obvious to see that two fib lookups are occurring here.
It does seem to me that this can be reduced to one, however this involves changing where encapsulation occurs and will be a larger refactor, however I will also look into this.