Skip to content

ipsec: phase out NodeMap version 1 for v1.17.0 #34670

New issue
New issue
Closed
#38251
Closed
ipsec: phase out NodeMap version 1 for v1.17.0#34670
#38251
Assignees
julianwiedmann
Labels
area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.area/encryptionImpacts encryption support such as IPSec, WireGuard, or kTLS.feature/ipsecRelates to Cilium's IPsec featurekind/tech-debtTechnical debtpinnedThese issues are not marked stale by our issue bot.
Milestone
1.18
@ldelossa

Description

@ldelossa
ldelossa
opened on Sep 3, 2024

During Cilium v1.16.0 release we introduced version 2 of the NodeMap see: 17872ef

NodeMapV2 now contains the SPI value for the given node.

To handle upgrade and downgrade gracefully the NodeMapV2 implementation performs shadow writes into the original NodeMap.

If a roll-back to v1.15.x occurs the original NodeMap contains any values which were written into NodeMapV2 during v1.16.x deployment.

The existence of both maps need only exist in v1.16.x and can be removed in preparation for v1.17.0 release.

Metadata

Metadata

Assignees

Labels

area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.area/encryptionImpacts encryption support such as IPSec, WireGuard, or kTLS.feature/ipsecRelates to Cilium's IPsec featurekind/tech-debtTechnical debtpinnedThese issues are not marked stale by our issue bot.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions