From 2c8af2ddd02d4e7beac7572fec9399d25735f21f Mon Sep 17 00:00:00 2001 From: Jeffrey Nelson Date: Fri, 15 Dec 2023 15:45:13 -0600 Subject: [PATCH] no need to set accept_ra systcl for non-primary interfaces (#2708) --- cmd/aws-vpc-cni-init/main.go | 24 +------------------ .../resources/agent/traffic_tester.go | 2 +- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/cmd/aws-vpc-cni-init/main.go b/cmd/aws-vpc-cni-init/main.go index e89da82404..c3c77a9189 100644 --- a/cmd/aws-vpc-cni-init/main.go +++ b/cmd/aws-vpc-cni-init/main.go @@ -117,10 +117,7 @@ func configureIPv6Settings(procSys procsyswrapper.ProcSys, primaryIF string) err // Check if IPv6 egress support is enabled in IPv4 cluster. ipv6EgressEnabled := utils.GetBoolAsStringEnvVar(envEgressV6, defaultEnableIPv6Egress) if enableIPv6 || ipv6EgressEnabled { - // For IPv6, the following sysctls are set: - // 1. forwarding defaults to 1 - // 2. accept_ra defaults to 2 - // 3. accept_redirects defaults to 1 + // Enable IPv6 forwarding on all interfaces by default entry := "net/ipv6/conf/all/forwarding" err = procSys.Set(entry, "1") if err != nil { @@ -129,25 +126,6 @@ func configureIPv6Settings(procSys procsyswrapper.ProcSys, primaryIF string) err val, _ := procSys.Get(entry) log.Infof("Updated %s to %s", entry, val) - // accept_ra must be set to 2 so that RA routes are installed by the kernel on secondary ENIs - // For IPv6, this setting must be inherited by the trunk ENI. It must be set here as IPAMD does - // not have permission to set sysctl values. - entry = "net/ipv6/conf/default/accept_ra" - err = procSys.Set(entry, "2") - if err != nil { - return errors.Wrap(err, "Failed to set IPv6 accept Router Advertisements to 2") - } - val, _ = procSys.Get(entry) - log.Infof("Updated %s to %s", entry, val) - - entry = "net/ipv6/conf/default/accept_redirects" - err = procSys.Set(entry, "1") - if err != nil { - return errors.Wrap(err, "Failed to enable IPv6 accept redirects") - } - val, _ = procSys.Get(entry) - log.Infof("Updated %s to %s", entry, val) - // For the primary ENI in IPv6, sysctls are set to: // 1. forwarding=1 // 2. accept_ra=2 diff --git a/test/framework/resources/agent/traffic_tester.go b/test/framework/resources/agent/traffic_tester.go index c56171bcf8..1be40be92c 100644 --- a/test/framework/resources/agent/traffic_tester.go +++ b/test/framework/resources/agent/traffic_tester.go @@ -128,7 +128,7 @@ func (t *TrafficTest) TestTraffic() (float64, error) { if err != nil { return 0, fmt.Errorf("pod list %v validation failed %v", podList, err) } - fmt.Fprintln(GinkgoWriter, "successfully validated the server pod list") + fmt.Fprintln(GinkgoWriter, "successfully validated the client pod list") } metricServerIP := metricServerPod.Status.PodIP