Enhance Traceflow to Support Secondary Interface

[rajnkamr]

Describe the problem/challenge you have

Currently, Antrea's Traceflow feature allows users to trace network packets originating from a Pod by specifying the Pod name. However, the moment a Pod name is provided, Traceflow automatically selects the Pod IP, which is always assigned to the primary interface (eth0). As a result, there is no option to specify or trace packets originating from a secondary interface attached to the same Pod.

Perform a traceflow operation with pod which is also having a secondary interface

eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether 62:40:56:15:5a:9c brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.1.7/24 brd 10.244.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::6040:56ff:fe15:5a9c/64 scope link
       valid_lft forever preferred_lft forever
eth1@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc noqueue state UP group default
    link/ether 46:72:61:4c:2d:69 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 148.14.24.2/24 brd 148.14.24.255 scope global eth1
       valid_lft forever preferred_lft forever

antctl traceflow -S sample-pod-1 -D 216.58.196.174

Currently traceflow uses pod ip ( primary interface ip ) as src ip

Describe the solution you'd like

Modify the antctl traceflow command to include an optional --interface flag

antctl traceflow -S sample-pod-1 --interface eth1 -D 216.58.196.174

Anything else you would like to add?

[antoninbas]

Any idea on how this could be implemented?
Secondary network interfaces may not even be connected to an OVS bridge. In the VLAN case, there is a secondary OVS bridge. If we add overlay support, it will be the same thing. But in the SRIOV case, there is no secondary OVS bridge.
I assume this would be limited to the case where we have a secondary OVS bridge?
Note that the use case would be much more limited than for the primary network. It would essentially just be a connectivity check, as today we do not support any "advanced" feature for secondary networks (policies, load-balancing, etc.).

[rajnkamr]

Although traceflow could continue to exhibit default functionality using default settings. IMO It could be implemented similar to primary ovs bridge, We could add options to provide bridge name, pod interface name and secondary interface name on the host ( SRIOV case would have to be excluded ? )

Although We will have to keep traceflow limited to connectivity checks only as it needs secondary bridge to be available and secondary interface on node must be attached to the secondary bridge, as righty pointed there is no feature support( like network policies etc) than connectivity to pod via secondary network. Largely it would be used to support network connectivity checks only !

On Pod

11: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether 62:40:56:15:5a:9c brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.1.7/24 brd 10.244.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::6040:56ff:fe15:5a9c/64 scope link
       valid_lft forever preferred_lft forever
12: eth1@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc noqueue state UP group default
    link/ether 46:72:61:4c:2d:69 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 148.14.24.2/24 brd 148.14.24.255 scope global eth1
       valid_lft forever preferred_lft forever

On Node

15: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 02:42:14:14:14:02 brd ff:ff:ff:ff:ff:ff
    inet 20.20.20.2/24 brd 20.20.20.255 scope global eth1
       valid_lft forever preferred_lft forever
41: eth0@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fc00:f853:ccd:e793::2/64 scope global nodad
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe12:2/64 scope link
       valid_lft forever preferred_lft forever
46: eth1~@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovs-system state UP group default
    link/ether 02:42:14:14:14:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0

Secondary bridge

Bridge br-secondary
       datapath_type: system
       Port "eth1~"
           Interface "eth1~"
       Port eth1
           Interface eth1
               type: internal
       Port sample-p-9cafe9
           tag: 100
           Interface sample-p-9cafe9
   ovs_version: "2.17.7"