Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cilium: enable bpf host routing with per endpoint routes for IPv6 as well #26205

Merged
merged 1 commit into from Jun 23, 2023
Merged

cilium: enable bpf host routing with per endpoint routes for IPv6 as well #26205

merged 1 commit into from Jun 23, 2023

Conversation

borkmann
Copy link
Member

See commit descriptions.

@borkmann borkmann added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. labels Jun 14, 2023
@borkmann borkmann requested review from a team as code owners June 14, 2023 06:21
@borkmann borkmann added the release-blocker/1.14 This issue will prevent the release of the next version of Cilium. label Jun 14, 2023
@borkmann
Copy link
Member Author

/test

@julianwiedmann
Copy link
Member

For the ep-routes change, the original patch said

In case of endpoint routes & host routing the IPv6 breaks, so enable host
routing only for IPv4 case. One reason is that the host can't populate
neighbour entries for endpoints. This happens because in case of endpoint
routes ICMPv6 messages originate on [host] lxc veth devices. Those devices are
only configured with IPv6 link-local addresses, so the ICMPv6 answer from the
endpoint is sent to a link-local address which is recognized "world" by cilium,
but fib_redirect can't redirect it (as it should be delivered to stack, not
forwarded).

Given this lists just one reason - have all the other reasons been resolved by now? :)

@borkmann
Copy link
Member Author

For the ep-routes change, the original patch said

In case of endpoint routes & host routing the IPv6 breaks, so enable host
routing only for IPv4 case. One reason is that the host can't populate
neighbour entries for endpoints. This happens because in case of endpoint
routes ICMPv6 messages originate on [host] lxc veth devices. Those devices are
only configured with IPv6 link-local addresses, so the ICMPv6 answer from the
endpoint is sent to a link-local address which is recognized "world" by cilium,
but fib_redirect can't redirect it (as it should be delivered to stack, not
forwarded).

Given this lists just one reason - have all the other reasons been resolved by now? :)

Good reminder, I'll check this out if its still the case and brainstorm what we could do about it.

zacharysarah
zacharysarah approved these changes Jun 14, 2023
View reviewed changes
Copy link
Contributor

@zacharysarah zacharysarah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@qmonnet qmonnet added the feature/ipv6 Relates to IPv6 protocol support label Jun 14, 2023
qmonnet
qmonnet approved these changes Jun 14, 2023
View reviewed changes
Copy link
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you!

@qmonnet qmonnet mentioned this pull request Jun 13, 2023
Open
14 tasks
@joestringer joestringer added the kind/enhancement This would improve or streamline existing functionality. label Jun 14, 2023
@qmonnet qmonnet mentioned this pull request Jun 15, 2023
Merged
@borkmann borkmann added dont-merge/needs-rebase This PR needs to be rebased because it has merge conflicts. and removed release-blocker/1.14 This issue will prevent the release of the next version of Cilium. labels Jun 15, 2023
@borkmann borkmann changed the title cilium: ipv6 masq follow-ups cilium: enable bpf host routing with per endpoint routes for IPv6 as well Jun 16, 2023
@borkmann @qmonnet
bpf: Enable host routing and endpoint routes with IPv6
c516ff8 
Follow-up to commit 63583e9 ("bpf: allow to enable host routing
and endpoint routes simultaneously") to lift the IPv6 restriction now
that we have BPF IPv6 masquerading.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
@qmonnet qmonnet removed the dont-merge/needs-rebase This PR needs to be rebased because it has merge conflicts. label Jun 23, 2023
@qmonnet
Copy link
Member

qmonnet commented Jun 23, 2023

/test

@qmonnet qmonnet mentioned this pull request Jun 23, 2023
Closed
@qmonnet qmonnet merged commit 53a853f into main Jun 23, 2023
65 checks passed
@qmonnet qmonnet deleted the pr/ipv6-follow-ups branch June 23, 2023 14:44
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 23, 2023
@joestringer joestringer mentioned this pull request Jun 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zacharysarah zacharysarah zacharysarah approved these changes

@christarazi christarazi christarazi approved these changes

@aspsk aspsk aspsk approved these changes

@qmonnet qmonnet qmonnet approved these changes

Assignees
No one assigned
Labels
feature/ipv6 Relates to IPv6 protocol support kind/enhancement This would improve or streamline existing functionality. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@borkmann @julianwiedmann @qmonnet @zacharysarah @christarazi @aspsk @joestringer