Ldelossa/srv6 encap fib #26048
Closed
Ldelossa/srv6 encap fib #26048
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib
branch
from
4855d7a
to
ffa93b7
Compare
ldelossa
added
the
release-note/bug
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
ldelossa
added
the
needs-backport/1.13
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib
branch
2 times, most recently
from
1ba630c
to
5bb84c4
Compare
This commit adds a new function, 'fib_do_redirect', to 'lib/fib.h'. This function decouples the 'bpf_redirect' functionality from the 'bpf_fib_lookup' functionality while keeping the existing 'fib_redirect' logic the same. In other words, this function can pickup right after the 'fib_lookup' is performed in 'fib_redirect' and carry out the same exact operations as 'fib_redirect'. This will be used in a subsequent commit to decouple the `bpf_fib_lookup` from the `bpf_redirect`, such that each can be performed independently. This is an addition-only change and amounts to no functional changes in the data path. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
Refactor 'fib_redirect' to utilize the new 'fib_do_redirect' to perform the actions after a call to 'fib_lookup'. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib
branch
2 times, most recently
from
f68b223
to
8acb3ea
Compare
|
/test |
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib
branch
from
8acb3ea
to
e83f911
Compare
|
/ci-verifier |
|
/test |
Introduce functions for performing fib_lookups independent of any other actions. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib
branch
from
e83f911
to
42c798c
Compare
|
/test |
This commit updates the fib_redirect_v4/6 functions to utilized the newly decoupled 'fib_lookup_*' and 'fib_do_redirect' functions. Two tests were also fixed as they assumed fib_params were aligned on 16 byte boundary. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
An additional FIB lookup must be performed after encapsulation to correctly forward the encapsulated SRv6 packet to the next hop. Introduce a new function `srv6_refib` which performs an additional FIB lookup after the encapsulation has been performed. This function may redirect the egress packet to another interface, rewrite the current DMAC, or simply let the packet transmit on the current native-dev, depending on the result of the subsequent FIB lookup. Signed-off-by: Louis DeLosSantos <louis.delos@isovalent.com>
ldelossa
force-pushed
the
ldelossa/srv6-encap-fib
branch
from
42c798c
to
975a0b5
Compare
|
/test |
|
Tests are all checking out: Is not required, and is failing for all PRs regularly. |
|
Ah, I hadn't realized this also needs to go into Could we then just do what's needed for the fix (to have a backportable PR), and leave the refactor for a follow-on PR? I peeked at just the following applied, and that lgtm so far 👍. |
|
I think I see what you're saying. The SRv6 code only needs the fib_lookup* and the fib_do_redirect functions to exist for this fix. I'll split this out like you're saying, just introducing the the pieces necessary for SRv6 fix, and backport this. Then open another PR with the refactor, which wont need to be back ported. Sound aitttte? |
|
Closing in favor of opening a PR which splits the SRv6 fixes and the refactor. |
|
@julianwiedmann new PR here: #26136 |
jrajahalme
removed
the
needs-backport/1.13
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original SRv6 encapsulation flow:
This results in the egress packet always choosing the output interface, source, and destination mac from the FIB lookup that occurred on the inner packet.
SRv6 encapsulation flow corrected:
Now, we perform an additional fib lookup once the egress packet has been encapsulated, ensuring the encapsulated packet is forwarded correctly based on the host namespace's FIB.
To accomplish this a refactor of
lib/fib.hwas necessary.The fib library can now be used to perform a v4/v6 fib lookup and a redirect independently, where before the actions were coupled together.
Performing these actions independently is currently necessary for this SRv6 datapath fix.
This is because we perform the
fib_lookupalready at a egress interface and we may or may not need to redirect to a new interface for tx.This refactor does not change the semantics of the existing functions, they work exactly how they used to, sans removing the
iiffield from thefib_redirect_v[4|6]functions, as we can extract them from the passedctxmaking the arguments redundant.It is obvious to see that two fib lookups are occurring here.
It does seem to me that this can be reduced to one, however this involves changing where encapsulation occurs and will be a larger refactor, however I will also look into this.