Add more rich network functions #533
Conversation
WeiZhang555
commented
Jul 19, 2017
WeiZhang555
commented
* Support add ip addr to a specific network interface * Support delete ip address from a network interface * Support modify MTU Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
WeiZhang555
force-pushed
the
add-network-functions-up
branch
from
1e15b14 to
6c61422
Compare
Enhance network functions: Support add any routes into container Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
WeiZhang555
force-pushed
the
add-network-functions-up
branch
from
6c61422 to
ffb5656
Compare
Fix bug that container panics when doing the network interface deletion work. Also modify nic delete logic a little bit, now we can delete single IP and delete link separately. Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
| } | ||
|
|
||
| func (nc *NetworkContext) AddIPAddr(id, ip string) error { | ||
| nc.slotLock.RLock() |
There was a problem hiding this comment.
Should not be read lock here.
|
|
||
| func (nc *NetworkContext) DeleteIPAddr(id, ip string) error { | ||
| nc.slotLock.RLock() | ||
| defer nc.slotLock.RUnlock() |
|
|
||
| for i, v := range inf.IpAddr { | ||
| if v == ip { | ||
| inf.IpAddr = append(inf.IpAddr[:i], inf.IpAddr[i+1:]...) |
There was a problem hiding this comment.
what happen when the last element in ipaddr array match the ip, is the inf.IpAddr[i+1] will access the array out of range?
There was a problem hiding this comment.
It should be fine, golang will handle it. See https://play.golang.org/p/5SWxZB3p2r
|
|
||
| for i, v := range inf.Desc.Ip { | ||
| if v == ip { | ||
| inf.IpAddr = append(inf.Desc.Ip[:i], inf.Desc.Ip[i+1:]...) |
| break | ||
| } | ||
| } | ||
| return nil |
There was a problem hiding this comment.
return error or printout warning info if there is no matching ip?
|
|
||
| func (nc *NetworkContext) UpdateMtu(id string, mtu uint64) error { | ||
| nc.slotLock.RLock() | ||
| defer nc.slotLock.RUnlock() |
There was a problem hiding this comment.
Seems like write lock is more appropriate here
| const ( | ||
| DefaultBridgeIface = "hyper0" | ||
| DefaultBridgeIP = "192.168.123.0/24" | ||
| DefaultMtu = 1450 |
There was a problem hiding this comment.
why 1450 by default? it should not be 1500?
There was a problem hiding this comment.
I remember that vxlan interface has a mtu of 1450, once I met a problem that container network can't visit outside via vxlan, after setting its mtu to 1450, everything is good again.
But I'll keep mtu empty to let os handle it as your other comments suggest.
| Automatic: true, | ||
| Mac: mac, | ||
| IPAddress: []string{ip.String()}, | ||
| Mtu: DefaultMtu, |
There was a problem hiding this comment.
I think by default we should not care about mtu, vm/os will setup the appropriate mtu for us. lets just set it null.
| if err := ctx.hyperstart.AddRoute(r); err != nil { | ||
| return err | ||
| } | ||
| return nil |
There was a problem hiding this comment.
return ctx.hyperstart.AddRoute(r)?
| // delete all the routes from outside | ||
| // The reason that we need to delete all the routes is | ||
| // that if we don't do this, we will get two active network interfaces, | ||
| // and ping the IP will get duplicate ICMP replies. |
There was a problem hiding this comment.
The nic in netns of docker container(netns of nslistener) should be down, is it still has this problem?
There was a problem hiding this comment.
I think we can still enter the netns and make the nic up? This should be a quite easy step, so we can't guarantee CNI plugin won't set nic up later.
Delete all route should be another protection for duplicate network flows.
There was a problem hiding this comment.
I'm wonder if this deleting of router of netns will trigger route-update netlink event, though we don't care about this event right now.
Maybe removing the veth pair on host which joins the docker bridge is a good way, but the code will be complicated...
There was a problem hiding this comment.
Maybe removing the veth pair on host which joins the docker bridge is a good way
This is also another option, maybe we should do this? For example, after tap created and inserted, removed veth from bridge?
There was a problem hiding this comment.
@gao-feng I just met a extremely weird problem, starting two container in one VM(POD), first one has proper route rules, but second container has no route rules. How could this happen? I thought they were in same network namespace and shares all routes. Do you have any idea?
There was a problem hiding this comment.
@WeiZhang555
Can you check the ipaddress of nic? is it same on two container? they should stay in the same netns.
There was a problem hiding this comment.
Yes, the nic ip is the same, only routes are different, quite weird. I'll try to do more investigation.
|
@WeiZhang555 could you help do a small rebase? The #537 introduced some conflicts |
|
@gnawux I'll do it soon 😉 |
|
Closing this. We have a new one #597 carrying this 😄 |
3 participants
