Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Srv6 encap relocation #28817

Merged
merged 2 commits into from Oct 27, 2023
Merged

Srv6 encap relocation #28817

merged 2 commits into from Oct 27, 2023

Conversation

ldelossa
Copy link
Contributor

This change moves SRv6 h.encap to bpf_lxc rather then bpf_host.

This ensures that the packet is encapsulated before it enters the host networking stack.

Ensuring the encapsulated packet hits the network stack resolves issues with IPv4Masq compatibility.

Additionally, this change now ensures the source address of the encapsulated packet is consistent, see commit messages for more details.

This changes has the added benefit of removing a double FIB lookup on an SRv6 encapsulated egress packet.

srv6: modify h.encap location in the datapath to avoid incompatibility with IPv4Masq

@ldelossa
bpf,srv6: move h.encap to bpf_lxc.c
11c01c5 
This commit moves the srv6 h.encap functionality to bpf_lxc.c

In this change we determine if the egress traffic belongs to a VRF early
in the pod egress data path.

The lookup and subsequent h.encap is then performed in
"handle_ipv{4,6}_from_lxc" functions, after policy lookup occurs.

As of today, we do not support l7 policy, thus we do not even try to
redirect to proxy for VRF traffic, this may change in the future.

This commit makes the bpf_host.c handling of h.encap redundant and a
follow up commit will remove this.

Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
@ldelossa
bpf,srv6: remove h.encap from bpf_host.c
23570e2 
This commit removes the redundant h.encap logic from bpf_host.c.

Since h.encap no longer occurs at bpf_host.c we also eliminate the
"srv6_refib" function found in "egress_policies.h", alleviating the need
for redundant FIB lookups for egress VRF traffic.

Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
Signed-off-by: Yutaro Hayakawa <yutaro.hayakawa@isovalent.com>
@ldelossa ldelossa requested a review from a team as a code owner October 26, 2023 15:45
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 26, 2023
@ldelossa ldelossa added the release-note/bug This PR fixes an issue in a previous release of Cilium. label Oct 26, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 26, 2023
@ldelossa
Copy link
Contributor Author

/test

@ldelossa
Copy link
Contributor Author

' Cilium IPsec upgrade (ci-ipsec-upgrade) ' failure is unrelated to this change.

YutaroHayakawa
YutaroHayakawa approved these changes Oct 27, 2023
View reviewed changes
Copy link
Member

@YutaroHayakawa YutaroHayakawa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@ldelossa ldelossa merged commit 5ab0230 into main Oct 27, 2023
219 of 222 checks passed
@ldelossa ldelossa deleted the srv6-encap-relocation branch October 27, 2023 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YutaroHayakawa YutaroHayakawa YutaroHayakawa approved these changes

@gentoo-root gentoo-root Awaiting requested review from gentoo-root gentoo-root is a code owner automatically assigned from cilium/sig-datapath

Assignees
No one assigned
Labels
release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ldelossa @YutaroHayakawa