Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom route rule is added to wrong interface (in case of multiple DanmNets with same CIDR) #228

Closed
TothFerenc opened this issue Jul 22, 2020 · 0 comments · Fixed by #233
Labels
bug Something isn't working

Comments

@TothFerenc
Copy link
Contributor

Is this a BUG REPORT or FEATURE REQUEST?:
bug

What happened:
In case there are multiple DanmNets which owns the same CIDR (only the start-end ranges are different), custom route definitions may be added to wrong interface. The same happens if the custom route rule is defined by either in DanmNet definition as route or in Pod annotation as proute.

What you expected to happen:
Proper interface to be selected for such custom route rules.

How to reproduce it:
Sample DanmNet definitions:

---
apiVersion: danm.k8s.io/v1
kind: DanmNet
metadata:
  name: sriov-a
  namespace: kube-system
spec:
  NetworkID: sriov-a
  NetworkType: sriov
  Options:
    device_pool: nokia.k8s.io/sriov_ens1f0
    cidr: 10.10.10.0/24
    allocation_pool:
      start: 10.10.10.10
      end: 10.10.10.19
    rt_tables: 101
    vlan: 1301
---
apiVersion: danm.k8s.io/v1
kind: DanmNet
metadata:
  name: sriov-b
  namespace: kube-system
spec:
  NetworkID: sriov-b
  NetworkType: sriov
  Options:
    device_pool: nokia.k8s.io/sriov_ens1f1
    cidr: 10.10.10.0/24
    allocation_pool:
      start: 10.10.10.20
      end: 10.10.10.29
    rt_tables: 102
    vlan: 1301

Sample DANM annotation in Pod manifest:

        danm.k8s.io/interfaces: |
          [
            {"network":"default", "ip":"dynamic"},
            {"network":"sriov-a", "ip":"dynamic", "proutes":{"11.11.11.0/24": "10.10.10.1", "12.12.12.0/24": "10.10.10.1"}},
            {"network":"sriov-b", "ip":"dynamic", "proutes":{"12.12.12.0/24": "10.10.10.1", "22.22.22.0/24": "10.10.10.1"}}
          ]

Result:

/ # ip route
default via 169.254.1.1 dev eth0
10.10.10.0/24 dev eth2 scope link  src 10.10.10.20
10.10.10.0/24 dev eth1 scope link  src 10.10.10.10
169.254.1.1 dev eth0 scope link
/ # ip route show table 101
11.11.11.0/24 via 10.10.10.1 dev eth2
12.12.12.0/24 via 10.10.10.1 dev eth2
/ # ip route show table 102
12.12.12.0/24 via 10.10.10.1 dev eth2
22.22.22.0/24 via 10.10.10.1 dev eth2

All the custom routes are added to eth2 dev, while route table 101 is for eth1.

Anything else we need to know?:
I know that this networking scenario is generally bad. But currently nothing prevents the user to configure such environment, so DANM should be improved to handle it better.

Environment:

  • DANM version (use danm -version):
2020/07/22 12:31:18 DANM binary was built from release: v4.2.0-0
2020/07/22 12:31:18 DANM binary was built from commit: c0a4c1570845556cf911a46df475c45a85941bb2
  • Kubernetes version (use kubectl version):
# kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:41:22Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.4", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:33:59Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
@Levovar Levovar added the bug Something isn't working label Aug 27, 2020
Levovar added a commit that referenced this issue Aug 28, 2020
DANM now sets the link Id into the netlink Route object, making sure the kernel attaches the IP route to the correct device.
Levovar added a commit that referenced this issue Aug 28, 2020
DANM now sets the link Id into the netlink Route object, making sure the kernel attaches the IP route to the correct device.
Levovar added a commit that referenced this issue Aug 29, 2020
DANM now sets the link Id into the netlink Route object, making sure the kernel attaches the IP route to the correct device.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants