Fix tunnelDstIP field in traceflow on dual-stack #4529
Conversation
Codecov Report
@@ Coverage Diff @@
## main #4529 +/- ##
==========================================
+ Coverage 65.52% 69.54% +4.02%
==========================================
Files 390 400 +10
Lines 58147 58235 +88
==========================================
+ Hits 38098 40498 +2400
+ Misses 17361 14962 -2399
- Partials 2688 2775 +87
|
|
/test-ipv6-e2e |
| isIPv6 = etherData.Ethertype == protocol.IPv6_MSG | ||
| } else { | ||
| isIPv6 = c.nodeConfig.NodeIPv6Addr != nil | ||
| } | ||
| if match := getMatchTunnelDstField(matchers, isIPv6); match != nil { |
There was a problem hiding this comment.
Maybe we'd better get both IPv4 tunnel dst and IPv6 tunnel dst, and set tunnelDstIP with valid one.
You can also add verification in traceflow_test.go:testTraceflowInterNode, to check if the traceflow observation has expected tunnelDstIP.
There was a problem hiding this comment.
Hi,
Even if we get both IPv4 tunnel dst and IPv6 tunnel dst, tunnelDstIP value will be decided according to isIPv6. The current code sets the value of tunnelDstIP according to isIPv6 directly without getting both tunnel dst. So, why to get both tunnel dst explicitly?
testTraceflowInterNode currently runs in both encap mode and no encap mode. If tunnelDstIP is added then we have to make the test run only in encap mode. Is it ok to change this test to run only in encap mode?
There was a problem hiding this comment.
whether it is dual stack / non dual stack, in both the cases handling can be done with isIPv6 flag with right packet type, With this logic isIPv6 flag remain false if packet is not of ipv6 type irrespective of stack and hence tunnelDstIP will be assigned with ipv4 and vice versa.
UT testing can be extended to see the right values in tunnelDstIP, if the mode is encap.
There was a problem hiding this comment.
Hi, Even if we get both IPv4 tunnel dst and IPv6 tunnel dst,
tunnelDstIPvalue will be decided according toisIPv6. The current code sets the value oftunnelDstIPaccording toisIPv6directly without getting both tunnel dst. So, why to get both tunnel dst explicitly?
testTraceflowInterNodecurrently runs in both encap mode and no encap mode. If tunnelDstIP is added then we have to make the test run only in encap mode. Is it ok to change this test to run only in encap mode?
Because reading both ipv4/ipv6 tunnel dst is more simple to decide the tunnel dst, and it won't depend on the flow logic in OVS table.
Currently only IPv4 tunnel dst is used in DualStack env. Please check: https://github.com/antrea-io/antrea/blob/main/pkg/agent/openflow/client.go#L485
You can add the TunnelDstIP into testTraceflowInterNode like
node2TunnelDstIP = ""
switch encapMode {
case config.TrafficEncapModeEncap:
node2TunnelDstIP = nodeIP(nodeIdx1)
case config.TrafficEncapModeHybrid:
// check more
}
...
{
Component: v1alpha1.ComponentForwarding,
ComponentInfo: "Output",
Action: v1alpha1.ActionForwarded,
TunnelDstIP: node2TunnelDstIP,
},
And add the comparison into compareObservations
There was a problem hiding this comment.
@wenyingd
Do we use peer Node IPv4 as tunnelDst for IPv4 packet and peer Node IPv6 as tunnelDst for IPv6 packet?
There was a problem hiding this comment.
We prefer to use tunnel format IPv4OverIPv4 and IPv6OverIPv6.
Atish-iaf
force-pushed
the
traceflow/dualstack/ipv4
branch
from
05777e5 to
d361404
Compare
|
/test-ipv6-e2e |
Atish-iaf
force-pushed
the
traceflow/dualstack/ipv4
branch
from
d361404 to
41bf4f9
Compare
|
/test-ipv6-e2e |
|
/test-all |
|
/test-multicluster-e2e |
|
/test-all |
1 similar comment
|
/test-all |
|
/test-windows-containerd-networkpolicy |
|
/test-ipv6-only-e2e |
|
/test-all-features-conformance |
| var isIPv6 bool | ||
| // On dual stack, decide according to packet. | ||
| if c.nodeConfig.NodeIPv4Addr != nil && c.nodeConfig.NodeIPv6Addr != nil { | ||
| isIPv6 = etherData.Ethertype == protocol.IPv6_MSG |
There was a problem hiding this comment.
Just confused that you already check the L3 protocol from the packet header, what this if-condition c.nodeConfig.NodeIPv4Addr != nil && c.nodeConfig.NodeIPv6Addr != nil is needed?
There was a problem hiding this comment.
Thanks for review.
You are correct, this condition check isn't required. Changed to decide based on packet only for any(ipv4/ipv6/dual) stack cluster.
| isIPv6 = etherData.Ethertype == protocol.IPv6_MSG | ||
| } else { | ||
| isIPv6 = c.nodeConfig.NodeIPv6Addr != nil | ||
| } | ||
| if match := getMatchTunnelDstField(matchers, isIPv6); match != nil { |
There was a problem hiding this comment.
We prefer to use tunnel format IPv4OverIPv4 and IPv6OverIPv6.
Atish-iaf
force-pushed
the
traceflow/dualstack/ipv4
branch
from
41bf4f9 to
6131384
Compare
|
/test-all |
|
/test-ipv6-e2e |
gran-vmv
added
kind/bug
test/e2e/traceflow_test.go
Outdated
| // check if node1 and node2 are in same subnet. | ||
| node2IP := net.ParseIP(nodeIP(nodeIdx1)) | ||
| cmd := getPingCommand(pingCount, 0, "", &node2IP) | ||
| stdout, _, err := data.RunCommandFromPod(data.testNamespace, node1Pods[0], agnhostContainerName, cmd) |
There was a problem hiding this comment.
We can use antrea-agent Pod antrea-agent container on node1 to run the command.
Atish-iaf
force-pushed
the
traceflow/dualstack/ipv4
branch
from
6131384 to
c616b76
Compare
Atish-iaf
force-pushed
the
traceflow/dualstack/ipv4
branch
from
c616b76 to
ef262de
Compare
test/e2e/traceflow_test.go
Outdated
| case config.TrafficEncapModeEncap: | ||
| node2TunnelDstIPv4 = clusterInfo.nodes[nodeIdx1].ipv4Addr | ||
| node2TunnelDstIPv6 = clusterInfo.nodes[nodeIdx1].ipv6Addr | ||
| // TODO: Add case for Hybrid mode when Nodes are in different subnet. |
There was a problem hiding this comment.
I think the test in hybrid mode would fail if the nodes are not in the same subnet as the expectation is empty but the actual observation is not?
There was a problem hiding this comment.
Yes, but we can keep it for now if our testbeds on which e2e tests run are in same subnet so that tunnelIP validation can be done for all cases except one i.e Nodes on different subnet in hybrid mode.
Edit : Will remove tunnelIP validation.
Atish-iaf
force-pushed
the
traceflow/dualstack/ipv4
branch
from
ef262de to
94c2b34
Compare
|
/test-e2e |
|
/test-ipv6-e2e |
|
/test-ipv6-e2e |
1 similar comment
|
/test-ipv6-e2e |
|
/test-ipv6-e2e |
|
/test-ipv6-only-e2e |
|
/test-ipv6-e2e |
|
#4674 has been merged, could you rebase to see if e2e-ipv6 can pass now? |
On dual-stack testbed, Inter-Node traceflow observation for IPv4 packet in encap mode has empty tunnelDstIP field because isIPv6 variable is set. Change the logic to set isIPv6 variable based on the packet IPv4 or IPv6. Fixes antrea-io#4502 Signed-off-by: Kumar Atish <atish.iaf@gmail.com>
Atish-iaf
force-pushed
the
traceflow/dualstack/ipv4
branch
from
94c2b34 to
2d51095
Compare
|
/test-e2e |
|
/test-e2e |
|
/skip-conformance |
|
/skip-networkpolicy |
On dual-stack testbed, Inter-Node traceflow observation for IPv4 packet in encap mode has empty tunnelDstIP field because isIPv6 variable is set. Change the logic to set isIPv6 variable based on the packet IPv4 or IPv6. Fixes antrea-io#4502 Signed-off-by: Kumar Atish <atish.iaf@gmail.com>
On dual-stack testbed, Inter-Node traceflow observation for IPv4 packet in encap mode has empty tunnelDstIP field because isIPv6 variable is set. Change the logic to set isIPv6 variable based on the packet IPv4 or IPv6. Fixes antrea-io#4502 Signed-off-by: Kumar Atish <atish.iaf@gmail.com>
On dual-stack testbed, Inter-Node traceflow observation for
IPv4 packet in encap mode has empty tunnelDstIP field because
isIPv6variable is set.Change the logic to set
isIPv6variable based on the packetIPv4 or IPv6.
Fixes #4502
Signed-off-by: Kumar Atish atish.iaf@gmail.com