Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify Pod netrowk setup #175

Merged
merged 3 commits into from
Sep 16, 2021
Merged

Modify Pod netrowk setup #175

merged 3 commits into from
Sep 16, 2021

Conversation

ysksuzuki
Copy link
Contributor

@ysksuzuki ysksuzuki commented Sep 14, 2021
edited

This PR modifies Pod network setting to have Linux kernel select a global scope address as a source IP in communication between a node and a local Pod. Cilium seems to assume that a source IP is a localhost address, so we tweak Coil's Pod network setup.

  • Add link-local addresses to both host and container side vethes
  • Add Pod IP to lo in the container side netns
  • Specify a container side link-local address as next-hop

With the settings described above, Linux kernel recognizes the communication between a node and a local Pod as L3 and selects a global scope address as a source IP.

@ysksuzuki ysksuzuki self-assigned this Sep 14, 2021
@ysksuzuki
Modify Pod netrowk setup
ff17164 
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
ymmt2005
ymmt2005 requested changes Sep 14, 2021
View reviewed changes
v2/pkg/nodenet/pod.go Outdated
IPNet: ipnet,
Scope: unix.RT_SCOPE_UNIVERSE,
})
if err != nil {
netlink.LinkDel(cLink)
return fmt.Errorf("netlink: failed to add an address: %w", err)
}
err = netlink.AddrAdd(cLink, &netlink.Addr{
IPNet: &net.IPNet{IP: containerIPv4, Mask: net.CIDRMask(30, 32)},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

net.CIDRMask(30, 32)

This should be defined as a constant, I mean, a variable used as a constant.

@ysksuzuki
Define mask constant
21a11db 
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
ymmt2005
ymmt2005 previously approved these changes Sep 15, 2021
View reviewed changes
Copy link
Member

@ymmt2005 ymmt2005 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ysksuzuki
Remove the link if findLinkLocalIPv6 failed
b351021 
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
morimoto-cybozu
morimoto-cybozu approved these changes Sep 16, 2021
View reviewed changes
Copy link
Contributor

@morimoto-cybozu morimoto-cybozu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ysksuzuki ysksuzuki merged commit f37d92a into main Sep 16, 2021
@ysksuzuki ysksuzuki deleted the modify-pod-net branch September 16, 2021 00:55
@morimoto-cybozu morimoto-cybozu mentioned this pull request Sep 28, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morimoto-cybozu morimoto-cybozu morimoto-cybozu approved these changes

@ymmt2005 ymmt2005 ymmt2005 left review comments

Assignees

@ysksuzuki ysksuzuki

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ysksuzuki @ymmt2005 @morimoto-cybozu