Potential bug with supporting connections between non-devices #113
Comments
Can you share your lesson definition and relevant shell output that shows this? We have lessons with inter-networked entities that are not network devices, so this is surprising to me. |
Also - this touches on an area I've been meaning to fix for a while. The current configuration abstraction is lacking. Not only because it doesn't support anything other than NAPALM currently but also because of how messy it is, conflated with presentation. I elaborated on this in #112, and I think most of what you mention above will be taken care of in that effort. I'll leave this issue open because there's one thing you mentioned that won't be covered there, which is the potential of a bug with respect to how endpoints are connected. AFAIK there shouldn't be a problem connecting any endpoint at all, and if you are running into problems with this, we should fix that. So please share the details I asked for when you get the chance. I'll also move this to |
The lesson definition file I used was:
When I ran the |
Here is a capture of the shell from server1
I was expecting to see two more interfaces... |
It's possible that there's a problem with multus, or between Syringe and multus. Can you post the following? Both will produce a lot of output potentially, so feel free to put each one into a Github gist and just link to them here.
|
Hi, I ran the commands. the output is stored at: |
Hey @blinklet - apologies for the delay, I was traveling a lot last week and only now had a chance to really dive into this. This is actually a byproduct of the problems I am tackling from #112, where the existing "devices" and "utilities", and "blackboxes" terminology (and underlying implementation) is just showing how problematic it has become. In particular, the logic around creating networks to support the connections you reference above, in the current implementation, is only done if there are devices in the lesson. If there are devices in the lesson, this conditional passes, and connections are made for devices and utilities alike. So it's not quite that connections aren't supported for non-devices - they are, but only if at least one device is present in the lesson definition. This can be seen in the logs:
In #114 I am getting rid of all of this "utilities vs devices" stuff, so that you just have endpoints, and the intention is that they're all equally "networkable". The logic like what I linked to above, where the type of endpoints in a lesson is checked, doesn't exist in my current branch. Connections are created at the beginning of a lesson stand-up no matter what. I've added this issue to #114, so that when that gets merged, this issue will close, because it should be addressed at that point. However, another test and additional feedback from you is certainly welcome past that point. |
Thanks for the update. I am happy to see the direction you are taking. This will give lesson developers more flexibility. |
Here's an additional observation about how Syringe (or Antidote) assigns IP addresses to interfaces on Utility endpoints connected to devices. In a topology where two utility endpoints are connected to a vqfx device, Antidote assigned the same IP address to the connected interfaces on the two Utility nodes. I imagine the changes you are making to address this issue will also impact the behavior I observed in this comment. This could be resolved by allowing users to manually define the configuration of Utility nodes using tools like Ansible. |
FYI Antidote doesn't assign addresses to any interfaces. |
@blinklet In adding docs for Connections, I noticed the two additional networks for this pod when I run
Is this what you're talking about? If so, it's something we should probably put thought into, but those IP addresses are not enforced. They can be overridden - in fact, we do this with regularity with the vQFX images. I believe @cloudtoad also is setting his IP addresses manually in his container. Also, with the new configuration mechanism, this becomes much easier to do for any Endpoint. So, please confirm the above for me, and let me know if you're able to do what I described above. Regardless, we should probably set a configuration that doesn't assign any address, to make it clear that connections is pure L2 connectivity. Beyond that, I am particularly interested to make sure that the assertions I made in the previous paragraph are still true, because that's the intention. Please confirm that for me and if it's a problem we'll address it. |
@blinklet Checking in - have you had a chance to confirm the above? I'd like to make sure I have my facts straight before I dive into a fix. |
Had a bit of a chance to look into this myself. First, in terms of being able to set the IP address you want, there's nothing at a Syringe or Kubernetes level that interferes with this. Obviously our vQFX images have been doing this for a long time, but in addition, I made temporary local modifications to the As I alluded to, it all comes down to whether or not you have permissions to do this inside the image itself. The point of the As long as there are permissions for it in the image, the work in v0.4.0 will allow you to perform any needed configurations at runtime for any image type, as it introduced the ability to use Python or Ansible playbooks to perform inter-stage configurations. We've gotten this working on an FRR and Cumulus image that we hope to share soon. Regarding the CNI configuration shown in the previous post, as I show in the above screenshot, you can use whatever address you want, and there's no enforcement at the outer bridge layer. The plugin needs to allocate something, so it allocated networkArgs := fmt.Sprintf(`{
"name": "%s",
"type": "antibridge",
"plugin": "antibridge",
"bridge": "%s",
"forceAddress": false,
"hairpinMode": false,
"delegate": {
"hairpinMode": false
}
}`, networkName, bridgeName) And I got this message back:
I suppose we could further modify the In any case, it appears to me that the original purpose of this issue is no more, so I'll close this. If you have any other suggestions or comments, you know where to reach us. Thanks! |
I tried to abuse antidote-selfmedicate and define a lab of three linux nodes connected together in a ring topology so I could test open-source routing software like FRR.
It did not work because:
I don't even know if the antidotelabs/utility image is suitable but I wanted to try it. I suspect I'll see the same issue if I try to create a custom image with Linux/FRR.
Request:
I suggest you allow Antidote to create connections between utilities endpoints, or set Antidote to not try to run NAPALM on devices endpoints if the configuration files are blank.
Longer term, I suggest you enable Ansible in addition to NAPALM so Antidote can also configure labs that run open-source systems like Linux/FRR.
The text was updated successfully, but these errors were encountered: