Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix antrea-agent crashing with proxyAll enabled in networkPolicyOnly mode #6259

Merged

Conversation

hongliangl
Copy link
Contributor

@hongliangl hongliangl commented Apr 25, 2024

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in nodeConfig
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

@hongliangl hongliangl added action/release-note Indicates a PR that should be included in release notes. action/backport Indicates a PR that requires backports. labels Apr 25, 2024
@hongliangl
Copy link
Contributor Author

Will add the commit message later.

pkg/agent/route/route_linux.go Outdated Show resolved Hide resolved
@@ -418,6 +420,7 @@ func (c *Client) syncIPSet() error {
}
}

// Multicast is only available in encap mode.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is also wrong. Multicast supports noEncap.

Copy link
Contributor Author

@hongliangl hongliangl Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wenyingd , since Mutilcast supports both encap and noEncap, could you help verify the if the ipsets here should be synced in both encap and noEncap modes? Or the ipsets are only needed in encap mode?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got the answer from here

// addNodeIP adds nodeIP into the ipset when a new Node joins the cluster.

@hongliangl hongliangl force-pushed the 20240424-fix-proxyall-in-policy-only-mode branch from 4548f42 to c81cd03 Compare April 26, 2024 07:16
@hongliangl hongliangl requested a review from tnqn April 26, 2024 07:18
@hongliangl hongliangl force-pushed the 20240424-fix-proxyall-in-policy-only-mode branch from c81cd03 to 8a93220 Compare April 26, 2024 07:19
@hongliangl hongliangl added this to the Antrea v2.1 release milestone Apr 29, 2024
@hongliangl
Copy link
Contributor Author

@tnqn Could you have another look at this PR? Thanks!

@hongliangl
Copy link
Contributor Author

@tnqn Could you help have another look at this?

…mode

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in `nodeConfig`
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
@hongliangl hongliangl force-pushed the 20240424-fix-proxyall-in-policy-only-mode branch from 8a93220 to de80443 Compare May 30, 2024 05:58
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tnqn
Copy link
Member

tnqn commented Jun 5, 2024

/test-all

@tnqn tnqn merged commit 84db074 into antrea-io:main Jun 6, 2024
51 of 55 checks passed
@hongliangl hongliangl deleted the 20240424-fix-proxyall-in-policy-only-mode branch June 6, 2024 01:57
hongliangl added a commit to hongliangl/antrea that referenced this pull request Jun 6, 2024
…mode (antrea-io#6259)

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in `nodeConfig`
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl added a commit to hongliangl/antrea that referenced this pull request Jun 6, 2024
…mode (antrea-io#6259)

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in `nodeConfig`
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl added a commit to hongliangl/antrea that referenced this pull request Jun 6, 2024
…mode (antrea-io#6259)

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in `nodeConfig`
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
tnqn pushed a commit that referenced this pull request Jun 6, 2024
…mode (#6259) (#6410)

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in `nodeConfig`
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
tnqn pushed a commit that referenced this pull request Jun 6, 2024
…mode (#6259) (#6408)

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in `nodeConfig`
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
tnqn pushed a commit that referenced this pull request Jun 6, 2024
…mode (#6259) (#6409)

In networkPolicyOnly mode and proxyAll is enabled, the ifindex of antrea-gw0 in `nodeConfig`
is uninitialized, resulting in the failure to install the ip neighbor to antrea-gw0 due to
the fact that the ifindex of antrea-gw0 is wrong. Additionally, the ipsets storing the pairs
of Node IP and NodePort are not initialized and periodically synced. Consequently, this results
in the failure to sync the iptables rules that referring to the ipsets.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
action/backport Indicates a PR that requires backports. action/release-note Indicates a PR that should be included in release notes.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants