Merge pull request #238 from hhyasdf/release/v0.4.3

Release v0.4.3
alibaba · Apr 26, 2022 · 18a8be6 · 18a8be6
2 parents 51a9f6c + 5431e02
commit 18a8be6
Show file tree

Hide file tree

Showing 11 changed files with 271 additions and 142 deletions.
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -39,9 +39,8 @@ jobs:
         with:
           go-version: 1.16.6
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v2.5.2
+        uses: golangci/golangci-lint-action@v3.1.0
         with:
-          version: v1.39.0
           args: --timeout 300s --skip-dirs-use-default -v -E goconst -E gofmt -E ineffassign -E goimports -E revive -E misspell -E vet -E deadcode
 
   go-test:

diff --git a/pkg/daemon/addr/addr.go b/pkg/daemon/addr/addr.go
@@ -191,13 +191,42 @@ func (m *Manager) SyncAddresses(getIPInstanceByAddress func(net.IP) (*networking
 				return fmt.Errorf("failed to parse subnet cidr %v: %v", subnetString, err)
 			}
 
+			// ARP sender IP selection is totally independent with IP source selection. ARP sender IP
+			// selection will only be controlled by arp_announce sysctl parameter.
+			//
+			// There are two kinds of results for sender IP selection on a interface with more than one ip address:
+			//   1. Use source address in the IP header (always fit for us)
+			//   2. Use the "inet_select_addr" function
+			//
+			// For the second possibility, kernel will use the "inet_select_addr" function with a "link" scope
+			// to select sender IP. That means the first address that matches the subnet of the target IP (of ARP header)
+			// and has a scope greater than or equal to RT_SCOPE_LINK will be selected.
+			//
+			// If a route does not have src specified then:
+			//   1. ip with scope=host can be as backend only for a route with scope=host
+			//   2. ip with scope=link can be as backend only for a route with scope=host or scope=link
+			//   3. ip with scope=global can be as backend only for a route with any scope
+			//
+			// As for the IP source selection after routing, if egress interface of the routing result doesn't have any
+			// address and need to select from other interfaces, only the addresses with "global" scope will be selected.
+			// So the enhanced address will never be used as source address for other interfaces.
+			//
+			// So does the ARP sender IP selection happens on a interface without any address, only the addresses of
+			// other interfaces with "global" scope will be selected as sender IP. If no valid sender IP found, it will
+			// be "0.0.0.0".
+			//
+			// At the same time, subnet direct routes (scope lower than or equal to "link"), which match hybridnet
+			// underlay vlan subnets, are never supposed to be added to enhanced-address-attached interfaces directly by
+			// host. Because of that, we can make the enhanced addresses never be selected as source IP by creating them
+			// with a "link" scope.
 			if err := ensureSubnetEnhancedAddr(forwardNodeIf, &netlink.Addr{
 				IPNet: &net.IPNet{
 					IP:   podIP,
 					Mask: subnetCidr.Mask,
 				},
 				Label: "",
 				Flags: unix.IFA_F_NOPREFIXROUTE,
+				Scope: unix.RT_SCOPE_LINK,
 			}, outOfDateEnhancedAddr, m.family); err != nil {
 				return fmt.Errorf("failed to ensure subnet enhanced addr %v: %v", podIP.String(), err)
 			}

diff --git a/pkg/daemon/config/config.go b/pkg/daemon/config/config.go
@@ -74,10 +74,12 @@ type Configuration struct {
 
 	VxlanUDPPort int
 
-	VlanCheckTimeout                     time.Duration
-	IptablesCheckDuration                time.Duration
+	VlanCheckTimeout      time.Duration
+	IptablesCheckDuration time.Duration
+
 	VxlanBaseReachableTime               time.Duration
 	VxlanExpiredNeighCachesClearInterval time.Duration
+	VtepAddressCIDRs                     []*net.IPNet
 
 	// Use fixed table num to mark "local-pod-direct rule"
 	LocalDirectTableNum int
@@ -91,6 +93,8 @@ type Configuration struct {
 	NeighGCThresh1 int
 	NeighGCThresh2 int
 	NeighGCThresh3 int
+
+	EnableVlanArpEnhancement bool
 }
 
 // ParseFlags will parse cmd args then init kubeClient and configuration
@@ -112,10 +116,12 @@ func ParseFlags() (*Configuration, error) {
 		argVxlanUDPPort                         = pflag.Int("vxlan-udp-port", DefaultVxlanUDPPort, "The local udp port which vxlan tunnel use")
 		argVxlanBaseReachableTime               = pflag.Duration("vxlan-base-reachable-time", DefaultVxlanBaseReachableTime, "The time for neigh caches of vxlan device to get STALE from REACHABLE")
 		argVxlanExpiredNeighCachesClearInterval = pflag.Duration("vxlan-expired-neigh-caches-clear-interval", DefaultVxlanExpiredNeighCachesClearInterval, "The interval for daemon to clear STALE and FAILED neigh caches of vxlan device")
+		argVtepAddressCIDRs                     = pflag.String("vtep-address-cidrs", "0.0.0.0/0,::/0", "The cidr list to select vtep address on each node, e.g., \\\"192.168.10.0/24,10.2.3.0/24\\\"\"")
 		argNeighGCThresh1                       = pflag.Int("neigh-gc-thresh1", DefaultNeighGCThresh1, "Value to set net.ipv4/ipv6.neigh.default.gc_thresh1")
 		argNeighGCThresh2                       = pflag.Int("neigh-gc-thresh2", DefaultNeighGCThresh2, "Value to set net.ipv4/ipv6.neigh.default.gc_thresh2")
 		argNeighGCThresh3                       = pflag.Int("neigh-gc-thresh3", DefaultNeighGCThresh3, "Value to set net.ipv4/ipv6.neigh.default.gc_thresh3")
-		argExtraNodeLocalVxlanIPCidrs           = pflag.String("extra-node-local-vxlan-ip-cidrs", "", "Cidrs to select node extra local vxlan ip, e.g., \"192.168.10.0/24,10.2.3.0/24\"")
+		argExtraNodeLocalVxlanIPCidrs           = pflag.String("extra-node-local-vxlan-ip-cidrs", "", "The cidr list to select node extra local vxlan ip, e.g., \"192.168.10.0/24,10.2.3.0/24\"")
+		argEnableVlanArpEnhancement             = pflag.Bool("enable-vlan-arp-enhancement", true, "Whether enable arp source enhancement in a vlan environment")
 	)
 
 	// mute info log for ipset lib
@@ -149,6 +155,7 @@ func ParseFlags() (*Configuration, error) {
 		NeighGCThresh2:                       *argNeighGCThresh2,
 		NeighGCThresh3:                       *argNeighGCThresh3,
 		VxlanExpiredNeighCachesClearInterval: *argVxlanExpiredNeighCachesClearInterval,
+		EnableVlanArpEnhancement:             *argEnableVlanArpEnhancement,
 	}
 
 	if *argPreferVlanInterfaces == "" {
@@ -163,6 +170,14 @@ func ParseFlags() (*Configuration, error) {
 		}
 	}
 
+	if *argVtepAddressCIDRs != "" {
+		var err error
+		config.VtepAddressCIDRs, err = parseCidrString(*argVtepAddressCIDRs)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse vtep address cidrs: %v", err)
+		}
+	}
+
 	if err := config.initNicConfig(); err != nil {
 		return nil, err
 	}

diff --git a/pkg/daemon/controller/ipinstance.go b/pkg/daemon/controller/ipinstance.go
@@ -152,7 +152,10 @@ func (r *ipInstanceReconciler) Reconcile(ctx context.Context, request reconcile.
 			}
 
 			if ipInstance.Spec.Address.Version == networkingv1.IPv4 {
-				r.ctrlHubRef.addrV4Manager.TryAddPodInfo(forwardNodeIfName, subnetCidr, podIP)
+				// if vlan arp enhancement is not enabled, all the enhanced address will be cleaned
+				if r.ctrlHubRef.config.EnableVlanArpEnhancement {
+					r.ctrlHubRef.addrV4Manager.TryAddPodInfo(forwardNodeIfName, subnetCidr, podIP)
+				}
 			}
 		case networkingv1.NetworkModeVxlan:
 			forwardNodeIfName, err = daemonutils.GenerateVxlanNetIfName(r.ctrlHubRef.config.NodeVxlanIfName, netID)