Remove dynamic mac entry from fdb on endpoint deletion #1792
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Santhosh Manohar <santhosh@docker.com>
mavenugo
reviewed
Jun 5, 2017
| @@ -505,6 +556,25 @@ func (n *network) setupSubnetSandbox(s *subnet, brName, vxlanName string) error | |||
| return fmt.Errorf("vxlan interface creation failed for subnet %q: %v", s.subnetIP.String(), err) | |||
| } | |||
|
|
|||
| if !hostMode { | |||
There was a problem hiding this comment.
Why is this specific to non-hostMode ?
There was a problem hiding this comment.
reexec is to avoid calling the potential blocking sysfs mount operations causing the namespace corruption. Its not needed in the hostmode since there is no per overlay network namespace. But in the hostmode also we might have to set the default-vlan, directly from the daemon without a reexec. I will do that in a separate PR after trying out in the hostmode.
| path := filepath.Join("/sys/class/net", brName, "bridge/default_pvid") | ||
| data := []byte{'0', '\n'} | ||
|
|
||
| if err = ioutil.WriteFile(path, data, 0644); err != nil { |
There was a problem hiding this comment.
I hope this works equally well across multiple Distros.
There was a problem hiding this comment.
I tested Ubuntu 15.10 running 4.2 kernel and 3.19 kernel. And Centos running 3.10.0-327.10.1.el7.x86_64.
|
Thanks @sanimej |
This was referenced Jun 7, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1768
Noticed this issue when debugging few test case failures in e2e test suite. This is likely to be the root cause for docker #33076 and the service access issue during container bring up reported in docker #30321
This PR implements a different approach to fix this issue. #1783 has an alternative approach, which could have a performance impact.
libnetwork IPAM recycles the IP address when a task goes down on a node and brought up in another node. For remote tasks overlay network namespace has one static fdb entry programmed by the driver and one dynamic entry learned by the bridge from the data path when a packet is received from the remote container. The dynamic entry ages out after 300 seconds. If a task on a remote node goes down and gets scheduled on a node the dynamic fdb entry still remains. Unless the container generates some data traffic it won't be updated. This can lead to unpredictability in accessing the container; sometimes it will work pretty quickly if there is some traffic from the container and the mac entry gets updated. If the container is completely
silentit can lead to upto 300 seconds of traffic loss.Fix is to delete the dynamic fdb entry as well. But this doesn't work in some kernel versions because untagged fdb entries are assumed to be in default vlan 1. To address this, the default vlan for the bridge has to be set using the sysctl variable.
Signed-off-by: Santhosh Manohar santhosh@docker.com