Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDN-5139: Direct ingress for default network in LGW mode with route advertisements #4572

Draft
wants to merge 16 commits into
base: master
Choose a base branch
from
Draft

SDN-5139: Direct ingress for default network in LGW mode with route advertisements #4572

wants to merge 16 commits into from

Conversation

jcaamano
Copy link
Contributor

@jcaamano jcaamano commented Jul 30, 2024
edited
Loading

If the default network is advertised, inhibit:

  • pod IP to node IP SNAT on egress in LGW mode
  • source IP to managament port IP SNAT on ingress (through secondary nic)

Currently based on top of #4472 and #4533

@github-actions github-actions bot added feature/egress-ip Issues related to EgressIP feature area/unit-testing Issues related to adding/updating unit tests labels Jul 30, 2024
@coveralls
Copy link

Coverage Status

coverage: 52.874% (-0.1%) from 52.988%
when pulling 631a315 on jcaamano:advertise-lgw
into dab5377 on ovn-org:master.

@jcaamano jcaamano force-pushed the advertise-lgw branch 4 times, most recently from 107bc7c to 9a41d3e Compare August 14, 2024 15:47
@jcaamano jcaamano force-pushed the advertise-lgw branch 3 times, most recently from 5523e3c to d0fa69c Compare August 22, 2024 14:52
@jcaamano jcaamano force-pushed the advertise-lgw branch 7 times, most recently from 84279ee to adff4cc Compare September 4, 2024 16:04
@jcaamano jcaamano force-pushed the advertise-lgw branch 3 times, most recently from f51a31a to 5793620 Compare September 10, 2024 15:54
@jcaamano
Generate RouteAdvertisements CRD
8a2c7a7 
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Add route advertisements CLI flag
368c337 
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Add RouteAdvertisements to watch factory
65ddfc7 
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Deploy FFR-k8s in kind
b05aad7 
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Mock NAD informer instead of handling nil in controller
3aa2272 
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Add VRFs as reconcilable NetInfo
e51dcc2 
Adds to NetInfo the concept of reconcilable network information. This is
network information that can change dynamically and network controllers
should be able to reconcile. This includes NADs which is information
that network controllers should have already been capable of reconciling
although they currently don't (for example, for multinetwork policies).
Also includes VRFs the network is leaking/advertising to, per node, that
network controllers need to be aware of and rec0oncile as it changes.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Network controllers reconcile VRF changes
f4347ed 
Add the ability for network controllers to reconcile some network
information changes. Currently just changes of the VRFs the network is
leaking/advertising to. Support for reconciling NAD changes is not
included in this commit.

Currently reconciles if the network is advertised or not:
- for OVN network controller to configure or not the pod IP to node IP
  SNAT on the GR for a node of its zone
- for node network controller to configure or not br-ex flows to
  redirect pod IP ingress traffic to the OVN network

This should be enough to provide direct ingress capabilities for the
default network in SGW mode.

Note that secondary network controllers don't reconcile anything as
route advertising is not supported on them. Also cluster manager network
controllers don't reconcile much as they don't have the need.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Provide NAD controller access to the default network controller
fdf0b59 
The plan is for the NAD controller to fetch route advertising
information on behalf of network controllers. It will have to do so for
the default network as well and will need access to its network
controller to reconcile that information.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Add node/RA informer access from node watch factory
03d1889 
As node controllers will need to be informed of related events in new
level driven controllers to come.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Define route advertisements annotation
26be58c 
This annotation will be set by a future cluster manager controller on
the NADs and will list the names of route advertisements that apply to
the given NAD. This will ease processing time of other zone/node
controllers that need to track which route advertisements apply to a
network avoiding them from processing all route advertisements on each
of their reconciliation loops.

Note that this will happen for the default network as well. For that
probably a dummy NAD on ovn-kubernetes namespace is the best option.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Get route advertisement information in NAD controller
482559b 
The network manager running within the NAD controller will, upon
ensuring a network, fetch the VRFs per node a pod network is being
leaked/advertised to from the applicable route advertisements
configuration, and include it in the network information used when
creating a network controller, or triggering a reconciliation if it was
already running.

This relies on annotations set by cluster manager on NADs pointing to
the route advertising configuration that applies to the network which
will come in a future PR/commit.

This includes the default network for which the ever existing default
network controller is used (instead of creating a new network
controller). If necessary, it is assumed that cluster manager will
create a dummy NAD for the default network in ovn-k namespace to set
annotations on. If no NADs for the default network exist or if they have
no annotations, network manager will reconcile the default network to a
default configuration (instead of destroying the network controller).

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Retry gateway reconciliation
21f1d84 
Add retries to gateway reconciliation, that would otherwise log an error
upon first failure, now that it is part of the overall network
reconciliation.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Don't SNAT to node IP in LGW mode if pod network advertised
3accc96 
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Send ingress to kernel in LGW mode if pod network advertised
0c6748a 
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Support reconciliation for management port
4fba122 
Since it will be part of overall network reconciliation when its
advertising configuration changes.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
@jcaamano
Don't SNAT to mgmt port if pod network advertised
18a3200 
Used on secondary nic flows, not needed if pod network is advertised as
traffic is supposed to reach the node hosting the pod directly.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/unit-testing Issues related to adding/updating unit tests feature/bgp feature/egress-ip Issues related to EgressIP feature
Projects
OVN Kubernetes Project
Status: Todo
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jcaamano @coveralls @tssurya