Skip to content
A Kubernetes networking solution based on Open vSwitch
Go Shell Other
Branch: master
Clone or download
antoninbas Delete stale flows on agent restart (#313)
If the antrea-agent restarts, but not the antrea-ovs container, all
existing OVS flows are preserved in ovs-vswitchd. If some changes occur
while the antrea-agent is down (e.g. a Node leaves the cluster, or
Network Policies are updated), it is possible that some of the preserved
flows are now stale and should be deleted. This is why we introduced in
the past the concept of "round number / id" which we increment every
time the agent restarts (it is persisted in OVSDB on the Node), and we
encode as part of the cookie for each flow we install. The rationale for
that is that it would enable us to identify which flows are stale after
a restart: flows which are still required would receive an updated
cookie, while stale flows would still have the old cookie (with the old
round number) and we would be able to delete them by filtering on the
cookie value.

This commit implements the mechanism described above, with the following
caveat: when the agent is initialized, we start a goroutine which sleeps for
10 seconds before deleting stale flows. This is because we want to wait
until all exisiting flows which are still required receive an update
cookie value. Without this sleep, we would be likely to observe some
"flapping" with flows being deleted and then re-installed, which would
cause issues (connectivity issues, network policies not being enforced,
...). But is 10 seconds a good value? What would be a more
"deterministic" way to decide when to do the deletion operation?

Fixes #311
Latest commit c2808b3 Jan 20, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Delete stale flows on agent restart (#313) Jan 20, 2020
build Implement the antctl framework (#208) Jan 16, 2020
ci Jenkins jobs for antrea (#294) Jan 15, 2020
cmd Implement the antctl framework (#208) Jan 16, 2020
docs Push image octant-antrea-ubuntu to dockerhub (#303) Jan 10, 2020
hack Add workaround for Kind apiserver delegation issue Jan 19, 2020
pkg Delete stale flows on agent restart (#313) Jan 20, 2020
test Delete stale flows on agent restart (#313) Jan 20, 2020
.dockerignore Implement the antctl framework (#208) Jan 16, 2020
.gitignore Run golangci-lint as part of CI Dec 16, 2019
.golangci.yml Run golangci-lint as part of CI Dec 16, 2019
CHANGELOG.md Update CHANGELOG for v0.2.0 release Dec 19, 2019
CODE_OF_CONDUCT.md Update contact email in Code of Conduct Nov 7, 2019
CONTRIBUTING.md Update go version to 1.13 (#196) Dec 7, 2019
GOVERNANCE.md Add links to the new #antrea channel in the K8s Slack Nov 27, 2019
LICENSE Add Apache2 license file Oct 11, 2019
MAINTAINERS.md Add maintainers list Oct 30, 2019
Makefile Implement the antctl framework (#208) Jan 16, 2020
README.md Add support for GRE and STT tunnels (#229) Dec 17, 2019
ROADMAP.md Add document and image to deploy antrea-octant-plugin (#59) Dec 6, 2019
SECURITY.md Add process for vulnerability management (#29) Nov 15, 2019
VERSION Set VERSION to v0.3.0-dev Dec 20, 2019
go.mod Use bundle to add multiple Openflow entries in one transaction (#269) Jan 17, 2020
go.sum Use bundle to add multiple Openflow entries in one transaction (#269) Jan 17, 2020
versioning.mk Use kustomize to generate Antrea manifests Nov 15, 2019

README.md

Antrea Logo

Build Status Go Report Card License GitHub release

Overview

Antrea is a Kubernetes networking solution intended to be Kubernetes native. It operates at Layer3/4 to provide networking and security services for a Kubernetes cluster, leveraging Open vSwitch as the networking data plane.

Antrea Overview

Open vSwitch is a widely adopted high-performance programmable virtual switch; Antrea leverages it to implement Pod networking and security features. For instance, Open vSwitch enables Antrea to implement Kubernetes Network Policies in a very efficient manner.

Prerequisites

Antrea has been tested with Kubernetes clusters running version 1.16 or later.

  • NodeIPAMController must be enabled in the Kubernetes cluster.
    When deploying a cluster with kubeadm the --pod-network-cidr <cidr> option must be specified.
  • Open vSwitch kernel module must be present on every Kubernetes node.

Getting Started

Getting started with Antrea is very simple, and takes only a few minutes. See how it's done in the Getting started document.

Contributing

The Antrea community welcomes new contributors. We are waiting for your PRs!

Also check out @ProjectAntrea on Twitter!

Features

Antrea currently supports the following features:

  • IPv4 overlay network for a Kubernetes cluster. VXLAN, Geneve, GRE, or STT can be used as the encapsulation protocol.
  • Kubernetes Network Policies implementation.
  • Octant UI plugin for monitoring Antrea components, which publish runtime information as CRDs.

Roadmap

Antrea is a very young project. There is a very exciting list of features and integrations that we would like to add. A most likely incomplete list can be found on our Roadmap page. Feel free to throw your ideas in!

License

Antrea is licensed under the Apache License, version 2.0

You can’t perform that action at this time.