network, bridge binding: Enable container interface

In a scenario where a VM with a bridge binding interface set with MAC address (e.g.: by human or KubeMacPool) on a cluster with IPv6 enabled (dual stack or IPv6 single stack) is migrated, we observe packet drops at the inbound traffic to the VM immediately after the migration target pod starts. These packets are getting routed to the destination node before the migration completes. When the migration target pod is created an IPv6 NS(Neighbor Solicitation) and NA (Neighbor Advertisement) are sent automatically by the kernel. The switches at the endpoints (e.g.: migration destination node) tables get updated and the traffic is routed to the migration destination before the migration is completed [1]. Following the bridge CNI RFE to disable the container interface to prevent the container interface from sending IPv6 NS/NA [2], set bridge binding interfaces' container interface state to up. Fixes: https://issues.redhat.com/browse/CNV-28040 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2186372#c6 [2] containernetworking/plugins#951 Signed-off-by: Or Mergi <ormergi@redhat.com>
ormergi · Jan 23, 2024 · c133b7a · c133b7a
1 parent 0e80ce5
commit c133b7a
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/pkg/network/setup/netpod/netpod.go b/pkg/network/setup/netpod/netpod.go
@@ -330,6 +330,7 @@ func (n NetPod) bridgeBindingSpec(podIfaceName string, vmiIfaceIndex int, ifaceS
 	podIface := nmstate.Interface{
 		Index:       podStatusIface.Index,
 		Name:        podIfaceAlternativeName,
+		State:       nmstate.IfaceStateUp,
 		CopyMacFrom: bridgeIface.Name,
 		Controller:  bridgeIface.Name,
 		IPv4:        nmstate.IP{Enabled: pointer.P(false)},