-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ldelossa/srv6 encap fib #26048
Ldelossa/srv6 encap fib #26048
Conversation
4855d7a
to
ffa93b7
Compare
1ba630c
to
5bb84c4
Compare
This commit adds a new function, 'fib_do_redirect', to 'lib/fib.h'. This function decouples the 'bpf_redirect' functionality from the 'bpf_fib_lookup' functionality while keeping the existing 'fib_redirect' logic the same. In other words, this function can pickup right after the 'fib_lookup' is performed in 'fib_redirect' and carry out the same exact operations as 'fib_redirect'. This will be used in a subsequent commit to decouple the `bpf_fib_lookup` from the `bpf_redirect`, such that each can be performed independently. This is an addition-only change and amounts to no functional changes in the data path. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
Refactor 'fib_redirect' to utilize the new 'fib_do_redirect' to perform the actions after a call to 'fib_lookup'. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
f68b223
to
8acb3ea
Compare
/test |
8acb3ea
to
e83f911
Compare
/ci-verifier |
/test |
Introduce functions for performing fib_lookups independent of any other actions. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
e83f911
to
42c798c
Compare
/test |
This commit updates the fib_redirect_v4/6 functions to utilized the newly decoupled 'fib_lookup_*' and 'fib_do_redirect' functions. Two tests were also fixed as they assumed fib_params were aligned on 16 byte boundary. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
An additional FIB lookup must be performed after encapsulation to correctly forward the encapsulated SRv6 packet to the next hop. Introduce a new function `srv6_refib` which performs an additional FIB lookup after the encapsulation has been performed. This function may redirect the egress packet to another interface, rewrite the current DMAC, or simply let the packet transmit on the current native-dev, depending on the result of the subsequent FIB lookup. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
42c798c
to
975a0b5
Compare
/test |
Tests are all checking out:
Is not required, and is failing for all PRs regularly. |
Ah, I hadn't realized this also needs to go into Could we then just do what's needed for the fix (to have a backportable PR), and leave the refactor for a follow-on PR? I peeked at just the following applied, and that lgtm so far 👍.
|
I think I see what you're saying. The SRv6 code only needs the fib_lookup* and the fib_do_redirect functions to exist for this fix. I'll split this out like you're saying, just introducing the the pieces necessary for SRv6 fix, and backport this. Then open another PR with the refactor, which wont need to be back ported. Sound aitttte? |
Closing in favor of opening a PR which splits the SRv6 fixes and the refactor. |
@julianwiedmann new PR here: #26136 |
Original SRv6 encapsulation flow:
This results in the egress packet always choosing the output interface, source, and destination mac from the FIB lookup that occurred on the inner packet.
SRv6 encapsulation flow corrected:
Now, we perform an additional fib lookup once the egress packet has been encapsulated, ensuring the encapsulated packet is forwarded correctly based on the host namespace's FIB.
To accomplish this a refactor of
lib/fib.h
was necessary.The fib library can now be used to perform a v4/v6 fib lookup and a redirect independently, where before the actions were coupled together.
Performing these actions independently is currently necessary for this SRv6 datapath fix.
This is because we perform the
fib_lookup
already at a egress interface and we may or may not need to redirect to a new interface for tx.This refactor does not change the semantics of the existing functions, they work exactly how they used to, sans removing the
iif
field from thefib_redirect_v[4|6]
functions, as we can extract them from the passedctx
making the arguments redundant.It is obvious to see that two fib lookups are occurring here.
It does seem to me that this can be reduced to one, however this involves changing where encapsulation occurs and will be a larger refactor, however I will also look into this.