Bug 2095444: EGW: Clean Stale Conntrack Entries #1189
Conversation
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com> (cherry picked from commit f12f04d) Conflicts: go-controller/go.sum go-controller/vendor/modules.txt because ovn-org/ovn-kubernetes#3001 is missing
This commit can be reverted when vishvananda/netlink#784 merges and we can re-vendor the next netlink release Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com> (cherry picked from commit ecd92a8)
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com> (cherry picked from commit 739395d) Conflicts: go-controller/pkg/ovn/egressfirewall_test.go because ovn-org/ovn-kubernetes#2927 is missing
This commit adds logic to delete the conntrack entries that contain src MAC address in the "labels" field when using ECMP routes on the GR. Logic: 1) annotate the namespace each time an exgw is added/deleted with list of ips 2) add new informer for namespace on node side checking only if gw ip annotation OR external-gws annotation changed 3) ovnkube node on namespace change, iterates through all the ips and initiates an arp request via ovnk and collects the MACs 4) once all the responses come back, we have all the known macs 5) we search for ct entries for any pod ip belonging to the namespace, if ct_label is loaded with a mac not in our list we flush it 6) we run the above in a goroutine as well set which will run every 5mins looping through all relevant namespaces. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com> (cherry picked from commit 5a3a8b8)
|
@tssurya: Bugzilla bug 2095444 is in a bug group that is not in the allowed groups for this repo.
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest |
|
/test e2e-openstack-ovn |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: trozet, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/bugzilla refresh |
|
@tssurya: Bugzilla bug 2095444 is in a bug group that is not in the allowed groups for this repo.
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest-required |
1 similar comment
|
/retest-required |
|
/test e2e-metal-ipi-ovn-dualstack |
|
/bugzilla refresh |
|
@tssurya: Bugzilla bug 2095444 is in a bug group that is not in the allowed groups for this repo.
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@tssurya: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/override ci/prow/e2e-metal-ipi-ovn-dualstack |
|
@trozet: Overrode contexts on behalf of trozet: ci/prow/e2e-metal-ipi-ovn-dualstack In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/label qe-approved |
openshift-ci
bot
added
the
qe-approved
|
/bugzilla refresh |
|
@tssurya: Bugzilla bug 2095444 is in an unrecognized state (ON_QA) and will not be moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
COMMIT 1: Conflict because ovn-org/ovn-kubernetes#3001 is missing
COMMIT2: CLEAN PICK
COMMIT3: Conflict because ovn-org/ovn-kubernetes#2927 is missing
COMMIT4: CLEAN PICK
/assign @trozet
/assign @dcbw