Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Egress work with kube-proxy IPVS strictARP mode #3804

Closed
jianjuns opened this issue May 17, 2022 · 3 comments · Fixed by #3837
Closed

Make Egress work with kube-proxy IPVS strictARP mode #3804

jianjuns opened this issue May 17, 2022 · 3 comments · Fixed by #3837
Assignees
@xliuxu
Labels
area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster). kind/feature Categorizes issue or PR as related to a new feature.

Comments

@jianjuns
Copy link
Contributor

Describe the problem/challenge you have
When kube-proxy IPVS is configured with strictARP mode (which is required in particular cases like #3785, #3370), Antrea Egress feature may not work as expected, as described in #3370 (comment).

Describe the solution you'd like
There is already a plan described in a TODO comment of Egress IPAssigner code:

antrea/pkg/agent/ipassigner/ip_assigner_linux.go

Lines 213 to 219 in a87ef55

// Start the ARP responder only when the dummy device is not created. The kernel will handle ARP requests
// for IPs assigned to the dummy devices by default.
// TODO: Check the arp_ignore sysctl parameter of the transport interface to determine whether to start
// the ARP responder or not.
if a.dummyDevice == nil && a.arpResponder != nil {
go a.arpResponder.Run(ch)
}
. Basically, we should let Egress use Antrea ARP responder to respond to ARP for Egress IPs.

@xliuxu @tnqn
@jianjuns jianjuns added kind/feature Categorizes issue or PR as related to a new feature. area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster). labels May 17, 2022
@jianjuns jianjuns mentioned this issue May 17, 2022
Closed
@xliuxu
Copy link
Contributor

xliuxu commented May 17, 2022

This should be a simple fix. I will take this. Thank you @jianjuns.

xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not work with kube-proxy IPVS strictARP mode
509cb35 
Check the arp_ignore sysctl value of the transport interface
and start the userspace ARP responder if it has value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not work with kube-proxy IPVS strictARP mode
b9c514a 
Check the arp_ignore sysctl value of the transport interface
and start the userspace ARP responder if it has value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not work with kube-proxy IPVS strictARP mode
92fc43a 
Check the arp_ignore sysctl value of the transport interface
and start the userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not work with kube-proxy IPVS strictARP mode
85fdf1b 
Check the arp_ignore sysctl value of the transport interface
and start the userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not work with kube-proxy IPVS strictARP mode
7a1b931 
Check the arp_ignore sysctl value of the transport interface
and start the userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not work with kube-proxy IPVS strictARP mode
55ee05d 
Check the arp_ignore sysctl value of the transport interface
and start the userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
@xliuxu xliuxu mentioned this issue May 27, 2022
Merged
xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
41cccc1 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 27, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
53c3fb7 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 28, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
2ded772 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 28, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
f155893 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 30, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
019c190 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 30, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
95885b9 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 30, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
8210a1d 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.
Copy the assigned IPs on the dummy interface to the ARP/NDP
responders on initializing to fix an issue that the responders
may not work as expected after the agent restarts.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 30, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
9dce74f 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.
Copy the assigned IPs on the dummy interface to the ARP/NDP
responder on initializing to fix an issue that the responders
may not work as expected after the agent restarts.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 30, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
9c7b2d1 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.
Copy the assigned IPs on the dummy interface to the ARP/NDP
responder on initializing to fix an issue that the responders
may not work as expected after the agent restarts.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 30, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
339d536 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.
Copy the assigned IPs on the dummy interface to the ARP/NDP
responder on initializing to fix an issue that the responders
may not work as expected after the agent restarts.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 31, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
4f31d03 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.
Copy the assigned IPs on the dummy interface to the ARP/NDP
responder on initializing to fix an issue that the responders
may not work as expected after the agent restarts.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu added a commit to xliuxu/antrea that referenced this issue May 31, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode
d97a262 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.
Copy the assigned IPs on the dummy interface to the ARP/NDP
responder on initializing to fix an issue that the responders
may not work as expected after the agent restarts.

Fixes: antrea-io#3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
jianjuns pushed a commit that referenced this issue May 31, 2022
@xliuxu
Fix Egress not working with kube-proxy IPVS strictARP mode (#3837)
cc4fe0b 
Check the arp_ignore sysctl value of the transport interface
and start a userspace ARP responder if it has a value other
than 0.
Copy the assigned IPs on the dummy interface to the ARP/NDP
responder on initializing to fix an issue that the responders
may not work as expected after the agent restarts.

Fixes: #3804

Signed-off-by: Xu Liu <xliu2@vmware.com>
@jsalatiel
Copy link

Will this be available on 1.7?

@jianjuns
Copy link
Contributor Author

Yes. We already merged the fix to main. You can try it if you want.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xliuxu xliuxu

Labels
area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster). kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Egress not working with kube-proxy IPVS strictARP mode xliuxu/antrea
3 participants
@jsalatiel @jianjuns @xliuxu