New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v1.9] remove ARP entries left from previous Cilium run #16358
Conversation
In certain configurations, when node neighbor discovery is enabled [1], the neighbor table is populated with PERMANENT entries. If the agent is then configured to not use neighbor discovery, those entries are left behind, without being garbage collected. This can cause connectivity issues across nodes, where it's more likely to happen in the same L2 network, if a new node reuses an IP address from a previous node and its MAC address changes. In a L3 network it is unlikely to happen since the ARP entry will be associated with a L3 router and it is less likely to change its MAC address. [1] ``` n.enableNeighDiscovery = n.nodeConfig.EnableIPv4 && (option.Config.EnableNodePort || (n.nodeConfig.EnableIPSec && option.Config.Tunnel == option.TunnelDisabled)) ``` Signed-off-by: André Martins <andre@cilium.io>
The review of this PR was already done in #15993 so no need to wait for reviews of CODEOWNERS as janitor's enough. |
test-backport-1.9 |
test-runtime previous: https://jenkins.cilium.io/job/Cilium-PR-Runtime-4.9/4823/ |
test-1.12-netnext previous: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.12-net-next/1727/ |
test-1.17-5.4 previous: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.17-kernel-5.4/26/ |
test-1.18-4.19 previous: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.18-kernel-4.19/167/ |
test-1.17-5.4 previous: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.17-kernel-5.4/27/ |
In certain configurations, when node neighbor discovery is enabled [1],
the neighbor table is populated with PERMANENT entries. If the agent is
then configured to not use neighbor discovery, those entries are left
behind, without being garbage collected. This can cause connectivity
issues across nodes, where it's more likely to happen in the same L2
network, if a new node reuses an IP address from a previous node and its
MAC address changes. In a L3 network it is unlikely to happen since the
ARP entry will be associated with a L3 router and it is less likely to
change its MAC address.
[1]
Signed-off-by: André Martins andre@cilium.io