Skip to content

Commit

Permalink
no need to set accept_ra systcl for non-primary interfaces (#2708)
Browse files Browse the repository at this point in the history
  • Loading branch information
jdn5126 authored Dec 15, 2023
1 parent f40ff9c commit 2c8af2d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 24 deletions.
24 changes: 1 addition & 23 deletions cmd/aws-vpc-cni-init/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,7 @@ func configureIPv6Settings(procSys procsyswrapper.ProcSys, primaryIF string) err
// Check if IPv6 egress support is enabled in IPv4 cluster.
ipv6EgressEnabled := utils.GetBoolAsStringEnvVar(envEgressV6, defaultEnableIPv6Egress)
if enableIPv6 || ipv6EgressEnabled {
// For IPv6, the following sysctls are set:
// 1. forwarding defaults to 1
// 2. accept_ra defaults to 2
// 3. accept_redirects defaults to 1
// Enable IPv6 forwarding on all interfaces by default
entry := "net/ipv6/conf/all/forwarding"
err = procSys.Set(entry, "1")
if err != nil {
Expand All @@ -129,25 +126,6 @@ func configureIPv6Settings(procSys procsyswrapper.ProcSys, primaryIF string) err
val, _ := procSys.Get(entry)
log.Infof("Updated %s to %s", entry, val)

// accept_ra must be set to 2 so that RA routes are installed by the kernel on secondary ENIs
// For IPv6, this setting must be inherited by the trunk ENI. It must be set here as IPAMD does
// not have permission to set sysctl values.
entry = "net/ipv6/conf/default/accept_ra"
err = procSys.Set(entry, "2")
if err != nil {
return errors.Wrap(err, "Failed to set IPv6 accept Router Advertisements to 2")
}
val, _ = procSys.Get(entry)
log.Infof("Updated %s to %s", entry, val)

entry = "net/ipv6/conf/default/accept_redirects"
err = procSys.Set(entry, "1")
if err != nil {
return errors.Wrap(err, "Failed to enable IPv6 accept redirects")
}
val, _ = procSys.Get(entry)
log.Infof("Updated %s to %s", entry, val)

// For the primary ENI in IPv6, sysctls are set to:
// 1. forwarding=1
// 2. accept_ra=2
Expand Down
2 changes: 1 addition & 1 deletion test/framework/resources/agent/traffic_tester.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ func (t *TrafficTest) TestTraffic() (float64, error) {
if err != nil {
return 0, fmt.Errorf("pod list %v validation failed %v", podList, err)
}
fmt.Fprintln(GinkgoWriter, "successfully validated the server pod list")
fmt.Fprintln(GinkgoWriter, "successfully validated the client pod list")
}

metricServerIP := metricServerPod.Status.PodIP
Expand Down

0 comments on commit 2c8af2d

Please sign in to comment.