[IPv6] Support flow exporter

Support IPv4 or IPv6 flow exporter address.

build/yamls/antrea-aks.yml

@@ -1201,9 +1201,10 @@ data:
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
 
-    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-    # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-    # we consider tcp as default.
+    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+    # IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+    # This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+    # If no L4 transport proto is given, we consider tcp as default.
     #flowCollectorAddr: ""
 
     # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.
@@ -1271,7 +1272,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-hmttgfbf78
+  name: antrea-config-5468gb45h5
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1378,7 +1379,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-5468gb45h5
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1642,7 +1643,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-5468gb45h5
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-eks.yml

@@ -1201,9 +1201,10 @@ data:
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
 
-    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-    # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-    # we consider tcp as default.
+    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+    # IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+    # This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+    # If no L4 transport proto is given, we consider tcp as default.
     #flowCollectorAddr: ""
 
     # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.
@@ -1271,7 +1272,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-hmttgfbf78
+  name: antrea-config-5468gb45h5
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1378,7 +1379,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-5468gb45h5
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1644,7 +1645,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-5468gb45h5
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-gke.yml

@@ -1201,9 +1201,10 @@ data:
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
 
-    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-    # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-    # we consider tcp as default.
+    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+    # IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+    # This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+    # If no L4 transport proto is given, we consider tcp as default.
     #flowCollectorAddr: ""
 
     # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.
@@ -1271,7 +1272,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-8bc4m9g22g
+  name: antrea-config-bff6kfk4f6
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1378,7 +1379,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-8bc4m9g22g
+          name: antrea-config-bff6kfk4f6
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1642,7 +1643,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-8bc4m9g22g
+          name: antrea-config-bff6kfk4f6
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-ipsec.yml

@@ -1206,9 +1206,10 @@ data:
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
 
-    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-    # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-    # we consider tcp as default.
+    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+    # IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+    # This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+    # If no L4 transport proto is given, we consider tcp as default.
     #flowCollectorAddr: ""
 
     # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.
@@ -1276,7 +1277,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-kgd27dftgd
+  name: antrea-config-gm7dktt9bd
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1392,7 +1393,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-kgd27dftgd
+          name: antrea-config-gm7dktt9bd
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1691,7 +1692,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-kgd27dftgd
+          name: antrea-config-gm7dktt9bd
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-windows.yml

@@ -56,9 +56,10 @@ data:
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
 
-    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-    # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-    # we consider tcp as default.
+    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+    # IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+    # This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+    # If no L4 transport proto is given, we consider tcp as default.
     #flowCollectorAddr: ""
 
     # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.
@@ -88,7 +89,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-windows-config-5ht8dmf8tk
+  name: antrea-windows-config-b2mm8bbd8k
   namespace: kube-system
 ---
 apiVersion: apps/v1
@@ -176,7 +177,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-windows-config-5ht8dmf8tk
+          name: antrea-windows-config-b2mm8bbd8k
         name: antrea-windows-config
       - configMap:
           defaultMode: 420

build/yamls/antrea.yml

@@ -1206,9 +1206,10 @@ data:
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
 
-    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-    # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-    # we consider tcp as default.
+    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+    # IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+    # This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+    # If no L4 transport proto is given, we consider tcp as default.
     #flowCollectorAddr: ""
 
     # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.
@@ -1276,7 +1277,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-2hk276fdf4
+  name: antrea-config-8mbg9bkdc7
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1383,7 +1384,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-2hk276fdf4
+          name: antrea-config-8mbg9bkdc7
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1647,7 +1648,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-2hk276fdf4
+          name: antrea-config-8mbg9bkdc7
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/base/conf/antrea-agent.conf

@@ -90,9 +90,10 @@ featureGates:
 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
 #enablePrometheusMetrics: false
 
-# Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-# the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-# we consider tcp as default.
+# Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+# IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+# This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+# If no L4 transport proto is given, we consider tcp as default.
 #flowCollectorAddr: ""
 
 # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.

build/yamls/windows/base/conf/antrea-agent.conf

@@ -38,9 +38,10 @@ featureGates:
 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
 #enablePrometheusMetrics: false
 
-# Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
-# the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
-# we consider tcp as default.
+# Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp.
+# IP can be either IPv4 or IPv6. However, IPv6 address should be wrapped with [].
+# This also enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge.
+# If no L4 transport proto is given, we consider tcp as default.
 #flowCollectorAddr: ""
 
 # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.

cmd/antrea-agent/agent.go

@@ -17,6 +17,7 @@ package main
 import (
 	"fmt"
 	"net"
+	"regexp"
 	"time"
 
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -298,9 +299,20 @@ func run(o *Options) error {
 
 	// Initialize flow exporter to start go routines to poll conntrack flows and export IPFIX flow records
 	if features.DefaultFeatureGate.Enabled(features.FlowExporter) {
+		match, err := regexp.MatchString("\\[.*\\]:.*", o.config.FlowCollectorAddr)
+		if err != nil {
+			return fmt.Errorf("Failed to parse FlowCollectorAddr: %s", o.config.FlowCollectorAddr)
+		}
+		svcCIDR := serviceCIDRNet
+		addrFamily := "ipv4"
+		if match {
+			svcCIDR = serviceCIDRNetv6
+			addrFamily = "ipv6"
+		}
 		connStore := connections.NewConnectionStore(
-			connections.InitializeConnTrackDumper(nodeConfig, serviceCIDRNet, o.config.OVSDatapathType, features.DefaultFeatureGate.Enabled(features.AntreaProxy)),
+			connections.InitializeConnTrackDumper(nodeConfig, svcCIDR, o.config.OVSDatapathType, features.DefaultFeatureGate.Enabled(features.AntreaProxy)),
 			ifaceStore,
+			addrFamily,
 			proxier,
 			networkPolicyController,
 			o.pollInterval)
@@ -309,7 +321,8 @@ func run(o *Options) error {
 
 		flowExporter := exporter.NewFlowExporter(
 			flowrecords.NewFlowRecords(connStore),
-			o.config.FlowExportFrequency)
+			o.config.FlowExportFrequency,
+			addrFamily)
 		go wait.Until(func() { flowExporter.Export(o.flowCollector, stopCh, pollDone) }, 0, stopCh)
 	}
 

cmd/antrea-agent/options.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net"
+	"regexp"
 	"strings"
 	"time"
 
@@ -199,7 +200,10 @@ func (o *Options) validateFlowExporterConfig() error {
 			return fmt.Errorf("IPFIX flow collector address should be provided")
 		} else {
 			// Check if it is TCP or UDP
-			strSlice := strings.Split(o.config.FlowCollectorAddr, ":")
+			strSlice, err := parseFlowCollectorAddr(o.config.FlowCollectorAddr)
+			if err != nil {
+				return err
+			}
 			var proto string
 			if len(strSlice) == 2 {
 				// If no separator ":" and proto is given, then default to TCP.
@@ -215,7 +219,7 @@ func (o *Options) validateFlowExporterConfig() error {
 
 			// Convert the string input in net.Addr format
 			hostPortAddr := strSlice[0] + ":" + strSlice[1]
-			_, _, err := net.SplitHostPort(hostPortAddr)
+			_, _, err = net.SplitHostPort(hostPortAddr)
 			if err != nil {
 				return fmt.Errorf("IPFIX flow collector is given in invalid format: %v", err)
 			}
@@ -244,3 +248,19 @@ func (o *Options) validateFlowExporterConfig() error {
 	}
 	return nil
 }
+
+func parseFlowCollectorAddr(addr string) ([]string, error) {
+	var strSlice []string
+	match, err := regexp.MatchString("\\[.*\\]:.*", addr)
+	if err != nil {
+		return strSlice, fmt.Errorf("Failed to parse FlowCollectorAddr: %s", addr)
+	}
+	if match {
+		idx := strings.Index(addr, "]")
+		strSlice = append(strSlice, addr[:idx+1])
+		strSlice = append(strSlice, strings.Split(addr[idx+2:], ":")...)
+	} else {
+		strSlice = strings.Split(addr, ":")
+	}
+	return strSlice, nil
+}

cmd/antrea-agent/options_test.go

@@ -51,3 +51,28 @@ func TestOptions_validateFlowExporterConfig(t *testing.T) {
 	}
 
 }
+
+func TestParseFlowCollectorAddr(t *testing.T) {
+	testcases := []struct {
+		addr     string
+		expected []string
+	}{
+		{
+			"1.2.3.4:80:udp",
+			[]string{"1.2.3.4", "80", "udp"},
+		},
+		{
+			"1.2.3.4:80",
+			[]string{"1.2.3.4", "80"},
+		},
+		{
+			"[fe80:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:80:tcp",
+			[]string{"[fe80:ffff:ffff:ffff:ffff:ffff:ffff:ffff]", "80", "tcp"},
+		},
+	}
+	for _, tc := range testcases {
+		res, err := parseFlowCollectorAddr(tc.addr)
+		assert.Nil(t, err)
+		assert.Equal(t, tc.expected, res)
+	}
+}