Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lxd/device/nic/routed: Adds veth routed NIC device #6432

Merged
merged 5 commits into from Nov 13, 2019

Conversation

@tomponline
Copy link
Member

tomponline commented Nov 10, 2019

Adds routed NIC type:

Example usage 1: Routed mode with parent for layer 2 proxy:
This is useful when you want the container to "join" the parent's layer 2 network.

 lxc config device add c1 eth0 nic nictype=routed parent=eth0 ipv4.address=192.168.1.200 ipv6.address=2a02:xxx:xxx:3::200

Example usage 2: Routed mode without parent (layer 2 proxy disabled):
This is useful in a fully routed or multihoned environment where layer2 ARP/NDP proxying isn't required.

 lxc config device add c1 eth0 nic nictype=routed ipv4.address=192.168.1.200 ipv6.address=2a02:xxx:xxx:3::200

In both examples the container will see the following default gateways added:

 169.254.0.1
 fe80::1

These are static link-local addresses that are added to each veth pair on the host-side, and provides a consistent next-hop address.

Closes #6175

Signed-off-by: Thomas Parrott thomas.parrott@canonical.com

@tomponline tomponline requested a review from stgraber Nov 10, 2019
@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from a800a12 to 478355e Nov 10, 2019
@stgraber

This comment has been minimized.

Copy link
Member

stgraber commented Nov 10, 2019

Excellent, thanks!

We just need:

  • api extension commit
  • doc commit
  • test
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 10, 2019

Testsuite passed

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from 478355e to 86ab66c Nov 11, 2019
@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 11, 2019

@stgraber all done.

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch 3 times, most recently from f289237 to 1ce4385 Nov 11, 2019
@brauner

This comment has been minimized.

Copy link
Member

brauner commented Nov 11, 2019

Tests all seem to hang in ceph somehow.

@brauner

This comment has been minimized.

Copy link
Member

brauner commented Nov 11, 2019

@tomponline tests fail apparently.

@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 11, 2019

@brauner is the ceph cluster OK?

@brauner

This comment has been minimized.

@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 11, 2019

@brauner yes I've noticed them they are intermittent, but was hoping to get some more test samples from the other test runs to look for any patterns (suffice to say this doesn't happen locally).

Initially I thought it might just be NDP discovery taking too long on the first packet, so I added a 'test' ping run that wont fail the tests to do the initial discovery followed by a 'real' ping test. But perhaps its something like DAD detection not activating the IPs in time.

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from 1ce4385 to cf22d90 Nov 11, 2019
@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 11, 2019

@brauner ive pushed a modification that will print the IP statuses out so can see if its DAD.

@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 11, 2019

jenkins: test this please

1 similar comment
@stgraber

This comment has been minimized.

Copy link
Member

stgraber commented Nov 11, 2019

jenkins: test this please

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch 3 times, most recently from 3771f1d to d85541b Nov 11, 2019
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 11, 2019

Testsuite passed

@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 11, 2019

jenkins: test this please

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch 3 times, most recently from 10f7614 to fb66d39 Nov 11, 2019
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 11, 2019

Testsuite passed

@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 11, 2019

jenkins: test this please

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from fb66d39 to 8112252 Nov 11, 2019
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 11, 2019

Testsuite passed

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch 2 times, most recently from bcc2430 to 2bee7d4 Nov 12, 2019
@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 12, 2019

jenkins: test this please

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from 2bee7d4 to a920d8d Nov 12, 2019
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 12, 2019

Testsuite passed

@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 12, 2019

jenkins: test this please

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch 2 times, most recently from dddf4c2 to f59b5fd Nov 13, 2019
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch 4 times, most recently from 0ad7498 to e682e23 Nov 13, 2019
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 13, 2019

Testsuite passed

tomponline added 2 commits Nov 10, 2019
Example usage 1: Routed mode with parent for layer 2 proxy:

This is useful when you want the container to "join" the parent's layer 2 network.

 lxc config device add c1 eth0 nic nictype=routed parent=eth0 ipv4.address=192.168.1.200 ipv6.address=2a02:xxx:xxx:3::200/128

Example usage 2: Routed mode without parent (layer 2 proxy disabled):

This is useful in a fully routed or multihoned environment where layer2 ARP/NDP proxying isn't required.

 lxc config device add c1 eth0 nic nictype=routed ipv4.address=192.168.1.200 ipv6.address=2a02:xxx:xxx:3::200/128

In both examples the container will see the following default gateways added:

 169.254.0.1
 fe80::1

These are static link-local addresses that are added to each veth pair on the host-side, and provides a consistent next-hop address.

Closes #6175

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from e682e23 to ef157d4 Nov 13, 2019
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 13, 2019

Testsuite passed

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from ef157d4 to 3c006fc Nov 13, 2019
tomponline added 2 commits Nov 11, 2019
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from 3c006fc to fdc1cae Nov 13, 2019
@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 13, 2019

Testsuite passed

@tomponline tomponline force-pushed the tomponline:tp-nic-routed branch from fdc1cae to 6b09e14 Nov 13, 2019
@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 13, 2019

jenkins: test this please

@lxc-jenkins

This comment has been minimized.

Copy link

lxc-jenkins commented Nov 13, 2019

Testsuite passed

@tomponline

This comment has been minimized.

Copy link
Member Author

tomponline commented Nov 13, 2019

@stgraber I've reworked this quite a bit this morning and it is now reliable.

Instead of relying on liblxc's "auto" gateway feature I am now adding static link-local gateway routes to the containers of:

169.254.0.1
fe80::1

This has allowed me to add those IPs to the host-side veth interface, which means that the unreliability of adding proxy ARP/NDP entries via liblxc is no longer an issue.

It also appears to have avoided intermittent spikes in latency caused by Linux periodically trying to get a response from the gateway when the dummy link-local IPs are used without adding them to the host-side interface.

I was not able to figure out why on jenkins only sometimes the IP proxy entries added by liblxc apparently did not appear. I saw this occurring with both "auto" gateway mode and with statically defined gateway IPs.

Either way this approach this reliable and more flexible, as it now gives the user the choice of whether or not to use the parent option, as it is not needed to generate the next-hop gateway config.

This is useful in a fully routed or multihoned environment where proxy ARP/NDP isn't needed on the external interfaces because the container's IPs are advertised via other means (e.g. routing protocols).

@stgraber stgraber merged commit 20d5dea into lxc:master Nov 13, 2019
5 checks passed
5 checks passed
Branch target Branch target is correct
Details
DCO All commits signed-off
Details
Testsuite Build finished.
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@tomponline tomponline deleted the tomponline:tp-nic-routed branch Nov 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked issues

Successfully merging this pull request may close these issues.

4 participants
You can’t perform that action at this time.