Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ipv6; BGP peering #545

Merged
merged 2 commits into from
Oct 10, 2018
Merged

Ipv6; BGP peering #545

merged 2 commits into from
Oct 10, 2018

Conversation

uablrek
Copy link
Contributor

@uablrek uablrek commented Sep 28, 2018

BGP peering in a ipv6-only cluster

This PR takes ipv6 support as far as bgp peering for nodes inside the cluster;

# gobgp neighbor
Peer                AS  Up/Down State       |#Received  Accepted
1000::1:c0a8:101 64512 00:00:37 Establ      |        0         0
1000::1:c0a8:102 64512 00:00:37 Establ      |        0         0
1000::1:c0a8:103 64512 00:00:40 Establ      |        0         0

NOTE; with this PR ipv6 code is actually used if the nodeIP is recognised as an ipv6 address. Before ipv4 operation was hard-coded.

The CIDR handling does not work yet so the veth devices does not get any (ipv6) addresses. The kube-bridge device is howerver assigned an ipv6 address;

# ip -6 addr show dev kube-bridge
11: kube-bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 1000::2:b00:301/120 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::6409:c0ff:fe65:9419/64 scope link 
       valid_lft forever preferred_lft forever

Design notes

The iptablesCmdHandler is now created with protocol;

iptables.NewWithProtocol(iptables.ProtocolIPv6)

A function for creating the right iptablesCmdHandler is provided to avoid code duplication. The PodEgressRules funtions are now methods in NetworkRoutingController to be able to access ipv6 stuff.

The ipset 31-caracter name limitation

This is a problem. The Refresh function added "-temp" to the name which together with the "inet6:" prefix made the temp names too long. As a temporary solution just a "-" is added.
IMO some hash string like "tmp_d2d362cdc6579390f1c0617d7" shall be used for temporary ipset's to make the temp name independent from the original set name.

Please comment on this.

Lars Ekman added 2 commits September 28, 2018 12:43
Use ip6tables for ipv6 and handle ipv6 for egress rules
8d632a3
Make the temp ipset's fit into 31 characters
0e2238a 
This should be improved. Some hash string should be used for
temp names.
@uablrek
Copy link
Contributor Author

uablrek commented Oct 7, 2018

Took a closer look and the CIDR allocation does work.

# jq . < /etc/cni/net.d/10-kuberouter.conf  | cat
{
  "bridge": "kube-bridge",
  "ipam": {
    "subnet": "1000::2:b00:100/120",
    "type": "host-local"
  },
  "isDefaultGateway": true,
  "isGateway": true,
  "name": "ekvm",
  "type": "bridge"
}

It is routing to the node cids that fails. Calls to a service that happens to be local works.

@murali-reddy murali-reddy merged commit 077ff86 into cloudnativelabs:master Oct 10, 2018
@murali-reddy
Copy link
Member

LGTM.

Verified with https://github.com/Nordix/xcluster/blob/master/ovl/kube-router-ipv6/README.md

thanks @uablrek for the patch and helping out with testing

@uablrek uablrek mentioned this pull request Oct 18, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@uablrek @murali-reddy