Suggestion: Update DiscoverSriovDevices to use /sys/class/net in order to support netns isolation
#2
Labels
enhancement
New feature or request
Comments
oshoval
added a commit
to oshoval/sriov-network-operator-1
that referenced
this issue
Dec 20, 2020
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking device. The interfaces without networking device won't be available, but would still be resetted, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg#2 Signed-off-by: Or Shoval <[email protected]>
oshoval
added a commit
to oshoval/sriov-network-operator-1
that referenced
this issue
Dec 20, 2020
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking device. The interfaces without networking device won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg#2 Signed-off-by: Or Shoval <[email protected]>
oshoval
added a commit
to oshoval/sriov-network-operator-1
that referenced
this issue
Dec 22, 2020
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking device. The interfaces without networking device won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg#2 Signed-off-by: Or Shoval <[email protected]>
oshoval
added a commit
to oshoval/sriov-network-operator-1
that referenced
this issue
Dec 23, 2020
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking device. The interfaces without networking device won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg#2 Signed-off-by: Or Shoval <[email protected]>
oshoval
added a commit
to oshoval/sriov-network-operator-1
that referenced
this issue
Jan 6, 2021
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking device. The interfaces without networking device won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg#2 Signed-off-by: Or Shoval <[email protected]>
oshoval
added a commit
to oshoval/sriov-network-operator-1
that referenced
this issue
Jan 6, 2021
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking devices. The interfaces without networking devices won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg#2 Signed-off-by: Or Shoval <[email protected]>
oshoval
added a commit
to oshoval/sriov-network-operator-1
that referenced
this issue
Jan 6, 2021
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking devices. The interfaces without networking devices won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg#2 Signed-off-by: Or Shoval <[email protected]>
SchSeba
pushed a commit
to SchSeba/sriov-network-operator
that referenced
this issue
Feb 18, 2021
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking devices. The interfaces without networking devices won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg/sriov-network-operator#2 Signed-off-by: Or Shoval <[email protected]>
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/sriov-network-operator
that referenced
this issue
Feb 18, 2021
Currently DiscoverSriovDevices creates a list of interfaces, by scanning /sys/devices/pci. Some of them might not have a networking devices. The interfaces without networking devices won't be available, but would still be reset, as they won't be part of the node policy. Updating DiscoverSriovDevices to list only networking devices, will support namespace isolation, as /sys/class/net entries are network-namespaced. Fixes: k8snetworkplumbingwg/sriov-network-operator#2 Signed-off-by: Or Shoval <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We found out that there is a case in which the user needs to distribute the PFs exclusively in a few network namespaces.
For example running two clusters, each with its own netns,
and each netns with one PF exclusively (assigned by
ip link set <PF> netns <NS>).One use case, for example, is to run 2 prow jobs on the same node, each with its own PF and netns.
Since current config-daemon DiscoverSriovDevices detects the interfaces via
/sys/devices/pci*,all the PFs would be visible because the daemon runs on host netns.
As a result the unconfigured PFs will be reset in resetSriovDevice which is called by SyncNodeState.
This will cause one cluster to corrupt the 2nd cluster, even if the PF isn't in its own netns.
Please consider using
/sys/class/net/*/device/ueventfor discovering instead.Tested it for the above scenario and it fixed the problem,
i could run two clusters, each with its own PF, side by side on the same node.
As we spoke, it should be discussed if there are use cases where the daemon still needs to discover all the interfaces, via
/sys/devices/pci*and then a flag should be added in order to select the desired discovery method./cc @zshi-redhat
The text was updated successfully, but these errors were encountered: