New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support DSR with Geneve dispatch #23890
Conversation
Hi @julianwiedmann! Here is the draft PR on top of #22978. I will update docs tomorrow. |
awesome, thanks @ysksuzuki ! Will try to take a first look tomorrow :) |
/test |
4572ca8
to
b9b73b2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @ysksuzuki - just a few comments from a quick look. Haven't poked at the XDP-to_TC logic yet. Looking really good so far! Please consider if you can split the patches up somewhat - maybe one for the DSR insertion, one for the DSR extraction, one for the agent ...?
My initial expectation was that we would encapsulate the whole DSR connection in Geneve, not just the TCP-SYN. Seeing this mixed pattern in network traces will be fun when debugging :).
@julianwiedmann Thank you for the review!
Sure, I will reorganize my commits.
I'm trying to mitigate the MTU overhead, but it might be a premature optimization. What do you think? Should we encapsulate the whole DSR connection and keep it simple? I implemented this because
|
Avoiding the MTU overhead is definitely a good motivation for this approach, agreed. Besides the general "packet flow won't look homogenous" thought, I'm a bit concerned about encountering connection-tracking in middle boxes, and them not seeing our TCP-SYN (as it's encapsulated). |
Yeah, I'm worried about it too. So how about this, we encapsulate the whole connection and keep it simple for now, and save this approach until we get feedback from users that the MTU overhead is pretty high and want to avoid it. |
Yep, sounds good! |
63097a0
to
b91913c
Compare
b91913c
to
c4cbacd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ysksuzuki ! Just a few smaller things, still need to digest the rest. So maybe hold off for a bit ...
Do we need to reduce the MTU accordingly to the max GENEVE option-size? 🤔
I didn't know about it. Do you have an issue or design docs about it? I'm happy to work on testing DSR with Geneve functionality using the new test framework. |
345dd9b
to
e951684
Compare
/test |
k8s-1.26-kernel-net-next failed. Flake: #24687 runtime failed. Flake: #24326
|
Need to rebase or just rerun? |
e951684
to
a73fb7a
Compare
This commit encapsulates the DSR flow with Geneve, inserts DSR specific option, the service IP/port, into the Geneve option and redirects to the selected backend. Currently, it doesn't support IPv6 with XDP. Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
This commit optimizes the tunneling overhead by only adding the GENEVE option to the TCP-SYN packets, sending the whole connection over the tunnel Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
This commit checks the expanded packet length when encapsulating the dsr flow with GENEVE header and if it exceeds the device MTU, then returns ICMP Destination Unreachable/Fragmentation needed. Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
Let the dsr code extract the DSR specific option, the service IP/port, from the Geneve header and integrate with the DSR implementation on the receiver side. Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
This commit adds DSR with Geneve dispatch mode. Geneve dispatch mode is compatible with the Geneve tunneling mode, which means that it works with either the direct routing mode or the Geneve tunneling mode. but unfortunately, it doesn't work with vxlan tunnel because there's no space to store service IP/port in the vxlan header. Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, nice work.
/test |
All Green! |
@ldelossa was requested for All reviews in & tests pass, off we go. |
Maybe he removed himself from cilium/cli? I don't see him in that github team currently. |
For reviewers,
Picked up an unassigned Geneve option class and type, referencingWe have been allocated 0x014B https://www.iana.org/assignments/nvo3/nvo3.xhtml#geneve-option-class.Trying to mitigate the MTU overhead by encapsulating only SYN packets as the IP option mode doesEncapsulate the whole connection, but only add the GENEVE option to the TCP-SYN packetsPlease ensure your pull request adheres to the following guidelines:
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Fixes: <commit-id>
tag, thenplease add the commit author[s] as reviewer[s] to this issue.
Fixes: #22955