-
Notifications
You must be signed in to change notification settings - Fork 790
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dev/exclude subnets from traffic shaping2 #921
Dev/exclude subnets from traffic shaping2 #921
Conversation
956ad1c
to
c1af94f
Compare
2424028
to
644ebf7
Compare
@oOraph thanks for this! And very good catch w.r.t. Ginkgo Measure. Can you check the lint error? |
644ebf7
to
6021f78
Compare
@squeed Done :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @oOraph I have a question about the design of the PR.
As far as I understood, this PR is going to introduce folloiwng tc filtering config.
tc qdisc add dev <interfaceName> root handle 1: htb default 30
tc class add dev <interfaceName> parent 1: classid 1:30 htb rate <rateInBits> burst <burstInBits>
tc class add dev <interfaceName> parent 1: classid 1:1 htb rate 100000000000
tc filter add dev <interfaceName> parent 1: protocol <protocol> prio 16 u32 match ip dst <subnet> flowid 1:1
It might be good to have, however, on the otherside, user may want to do opposite configurations (adding 'target CIDR' for rate limit), such as
tc qdisc add dev <interfaceName> root handle 1: htb default 30
tc class add dev <interfaceName> parent 1: classid 1:1 htb rate <rateInBits> burst <burstInBits>
tc class add dev <interfaceName> parent 1: classid 1:30 htb rate 100000000000
tc filter add dev <interfaceName> parent 1: protocol <protocol> prio 16 u32 match ip dst <subnet> flowid 1:1
Your proposed config may not fit second one. Is there any way to enhance your desin to support second config and more flexible tc configurations?
plugins/meta/bandwidth/main.go
Outdated
for _, subnet := range subnets { | ||
_, _, err := net.ParseCIDR(subnet) | ||
if err != nil { | ||
return fmt.Errorf("bad subnet provided %s, details %s", subnet, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about to use %q
for subnet (to double quote) and %v
for error, to fit to other Errorf in the file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure. done
plugins/meta/bandwidth/main.go
Outdated
err = validateSubnets(bandwidth.NonShapedSubnets) | ||
if err != nil { | ||
return err | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor, but we could change as other code does
plugins/plugins/meta/bandwidth/main.go
Lines 67 to 69 in 9d9ec6e
if err := json.Unmarshal(stdin, &conf); err != nil { | |
return nil, fmt.Errorf("failed to parse network configuration: %v", err) | |
} |
if err = validateSubnets(bandwidth.NonShapedSubnets); err != nil {
return err
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
|
||
} | ||
|
||
protocol := syscall.ETH_P_ALL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why protocol
is all, instead of ip' or
ipv6' (as you commented just above?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
6021f78
to
729c1d1
Compare
@s1061123 , about #921 (review) |
@oOraph Thank you to incorporate my comments! I will review code tomorrow again! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, almost code is reasonable to me. BTW, could you provide document for that, in https://github.com/containernetworking/cni.dev ?
var err error | ||
|
||
name := "myBWnet" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about to embedded the name in cni config directly (in line 47)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
It("Should fail if specified ShapedSubnets are not valid CIDRs", func() { | ||
err := validateSubnets([]string{}, []string{"10.0.0.0/8", "hello"}) | ||
Expect(err).To(HaveOccurred()) | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for improve unit tests. However, on the other side, this file is now the biggest file in the repository. Could you split into several _test.go
file for ease of maintenance, if you don't mind it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done, split the file in three:
gathered all "functional" tests in one file (tests checking the effectiveness of the shaping)
all config related tests in another
left all other tests together in the original test file
|
||
// cmd = exec.Command("/usr/sbin/tc", "filter", "add", "dev", interfaceName, "parent", "1:", "protocol", protocol, | ||
// "prio", "16", "u32", "match", "ip", "dst", subnet, "flowid", "1:1") | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May remove this empty line (line:225)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
} | ||
|
||
// Now add filters to redirect subnets to the class 1 if excluded instead of the default one (30) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May remove this empty line (line:220)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
keepBytes = 4 | ||
// prio/pref needs to be changed if we change the protocol, looks like we cannot mix protocols with the same pref | ||
prio = 16 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May remove this empty line (line:249)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
e7ee85a
to
2e3f7d6
Compare
done -> containernetworking/cni.dev#130 |
Hello @s1061123 @MikeZappa87 :). Do you still see anything wrong or missing with this pr ? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @oOraph thank you for the great work. Almost Okey to me. I give two minor comment to fix year. That's all. Thanks again!
@@ -0,0 +1,563 @@ | |||
// Copyright 2018 CNI authors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix copyright year: 2018 -> 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done :)
@@ -0,0 +1,824 @@ | |||
// Copyright 2018 CNI authors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix copyright year: 2018 -> 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done :)
2e3f7d6
to
3d93935
Compare
3d93935
to
21cabd1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Could you please address doc changes in another PR in doc repo, https://github.com/containernetworking/cni.dev?
Sure it's already done here: |
21cabd1
to
adcf445
Compare
just rebased on upstream/main to fix lint issue |
This looks good. I did not run the plugin though. |
what changed: we had to refactor the bandwidth plugin and switch from a classless qdisc (tbf) to a classful qdisc (htb). subnets are to be provided in config or runtimeconfig just like other parameters unit and integration tests were also adapted in consequence unrelated changes: test fixes: the most important tests were just silently skipped due to ginkgo Measure deprecation (the ones actually checking the effectiveness of the traffic control) Signed-off-by: Raphael <oOraph@users.noreply.github.com>
…rom shaping Signed-off-by: Raphael <oOraph@users.noreply.github.com>
Signed-off-by: Raphael <oOraph@users.noreply.github.com>
even if json unmarshalling in golang with the standard libs is case unsensitive regarding the keys Signed-off-by: Raphael <oOraph@users.noreply.github.com>
Signed-off-by: Tomofumi Hayashi <tohayash@redhat.com>
adcf445
to
ccc1cfa
Compare
Hi all, I am curious why we need to create ifb devices and tc rules in host-side network namespace, rather than in container-side. |
Hello @nayihz :). If I understand correctly what you mean we need to apply tc rules on host side because the container side is the user side and we do not want them to arbitrarily edit/cancel them. |
@s1061123 @MikeZappa87 thanks for merging. Maybe we should also merge the doc wdyt ? |
bandwidth: possibility to exclude some subnets from traffic shapping
what changed:
we had to refactor the bandwidth plugin and switch from a classless qdisc (tbf)
to a classful qdisc (htb).
subnets are to be provided in config or runtimeconfig just like other parameters
unit and integration tests were also adapted in consequence
unrelated changes:
test fixes: the most important tests were just silently skipped due to ginkgo Measure deprecation
(the ones actually checking the effectiveness of the traffic control)