Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove ARP entries left from previous Cilium run #16359

Merged
merged 1 commit into from Jun 9, 2021
Merged

remove ARP entries left from previous Cilium run #16359

merged 1 commit into from Jun 9, 2021

Conversation

aanm
Copy link
Member

@aanm aanm commented May 28, 2021
edited

In certain configurations, when node neighbor discovery is enabled [1],
the neighbor table is populated with PERMANENT entries. If the agent is
then configured to not use neighbor discovery, those entries are left
behind, without being garbage collected. This can cause connectivity
issues across nodes, where it's more likely to happen in the same L2
network, if a new node reuses an IP address from a previous node and its
MAC address changes. In a L3 network it is unlikely to happen since the
ARP entry will be associated with a L3 router and it is less likely to
change its MAC address.

[1]

n.enableNeighDiscovery = n.nodeConfig.EnableIPv4 &&
	(option.Config.EnableNodePort ||
		(n.nodeConfig.EnableIPSec && option.Config.Tunnel == option.TunnelDisabled))

Signed-off-by: André Martins andre@cilium.io

Remove previous PERM ARP entries installed by Cilium when kube-proxy-replacement and IPSec are disabled.

v1.8 backport: #15993
v1.9 backport: #16358

⚠️ The review of this PR was already done in #15993 so no need to wait for reviews of CODEOWNERS as janitor's enough.

@aanm
remove ARP entries left from previous Cilium run
95980ee 
In certain configurations, when node neighbor discovery is enabled [1],
the neighbor table is populated with PERMANENT entries. If the agent is
then configured to not use neighbor discovery, those entries are left
behind, without being garbage collected. This can cause connectivity
issues across nodes, where it's more likely to happen in the same L2
network, if a new node reuses an IP address from a previous node and its
MAC address changes. In a L3 network it is unlikely to happen since the
ARP entry will be associated with a L3 router and it is less likely to
change its MAC address.

[1]
```
n.enableNeighDiscovery = n.nodeConfig.EnableIPv4 &&
	(option.Config.EnableNodePort ||
		(n.nodeConfig.EnableIPSec && option.Config.Tunnel == option.TunnelDisabled))
```

Signed-off-by: André Martins <andre@cilium.io>
@aanm aanm added release-note/bug This PR fixes an issue in a previous release of Cilium. backport-done/1.8 labels May 28, 2021
@aanm aanm requested review from a team May 28, 2021 17:04
@aanm aanm requested a review from a team as a code owner May 28, 2021 17:04
@aanm aanm requested review from jibi and gandro May 28, 2021 17:04
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Backport done to v1.8 in 1.8.11 May 28, 2021
@aanm
Copy link
Member Author

aanm commented May 28, 2021

test-me-please

@aanm
Copy link
Member Author

aanm commented May 29, 2021
edited

test-1.19-5.4 previous: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-5.4/202/

@brb
Copy link
Member

brb commented May 31, 2021
edited

Let's change the release-note to (needs changed in the v1.8 and v1.9 PRs as well) :

Remove previous PERM ARP entries installed by Cilium when kube-proxy-replacement and IPSec are disabled.

@aanm
Copy link
Member Author

aanm commented Jun 7, 2021
edited

test-1.19-5.4

Hit #15575

@aanm aanm merged commit e68848b into cilium:master Jun 9, 2021
@aanm aanm deleted the pr/gc-arp-entries branch June 9, 2021 18:07
@gandro gandro mentioned this pull request Jun 14, 2021
Merged
@aanm aanm mentioned this pull request Jun 16, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@jibi jibi Awaiting requested review from jibi

Assignees

@jibi jibi

Labels
release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
No open projects
1.8.11
Backport done to v1.8
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@aanm @brb @gandro @jibi