node: Remove permanent ARP entry when remote node is deleted #10227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

joestringer merged 2 commits into master from pr/brb/rm-arp-entry

Feb 25, 2020

Member

brb commented Feb 18, 2020 •

edited

Loading

When IPsec or NodePort is enabled, we add a permanent ARP entry (remote node IP => remote node MAC addr) upon receiving a NodeUpdate event. The entry is needed to facilitate calls to fib_lookup() from the datapath.

Up until now, the permanent entry was not removed when the remote node was deleted. This could lead to a problem, when a packet destined to a new node which reused the IP addr of the deleted node was dropped due to the wrong MAC addr until NodeUpdate event for the new node had been received.

This PR fixes the problem by removing obsolete ARP entries.

Tested manually.

Reviewable per commit.

Fixes #10197.

This change is


          node: Do not try to insert ARP entry if IPv4 is disabled

fd449c2

We manage only ARP entries, which is IPV4-only, so it doesn't make sense
to do it if IPv4 is disabled.

Signed-off-by: Martynas Pumputis <m@lambda.lt>

brb added wip area/daemon labels

maintainer-s-little-helper bot commented Feb 18, 2020

Release note label not set, please set the appropriate release note.

4 similar comments

maintainer-s-little-helper bot commented Feb 18, 2020

Release note label not set, please set the appropriate release note.

maintainer-s-little-helper bot commented Feb 18, 2020

Release note label not set, please set the appropriate release note.

maintainer-s-little-helper bot commented Feb 18, 2020

Release note label not set, please set the appropriate release note.

maintainer-s-little-helper bot commented Feb 18, 2020

Release note label not set, please set the appropriate release note.

maintainer-s-little-helper bot added the dont-merge/needs-release-note label

Member Author

brb commented Feb 18, 2020

test-me-please

brb added the release-note/misc label

maintainer-s-little-helper bot removed the dont-merge/needs-release-note label

brb force-pushed the pr/brb/rm-arp-entry branch from 1926876 to 2d9ff70 Compare

February 18, 2020 10:46


          node: Remove permanent ARP entry when remote node is deleted

2d9ff70

When IPsec or NodePort is enabled, we add a permanent ARP entry (remote
node IP => remote node MAC addr) upon receiving a NodeUpdate event.
The entry is needed to facilitate calls to fib_lookup() from the
datapath.

Up until now, the permanent entry was not removed when the remote node
was deleted. This could lead to a problem, when a packet destined to a
new node which reused the IP addr of the deleted node was dropped due to
the wrong MAC addr until NodeUpdate event for the new node had been
received.

This commit fixes the problem by removing obsolete ARP entries.

Signed-off-by: Martynas Pumputis <m@lambda.lt>

Member Author

brb commented Feb 18, 2020

test-me-please

brb added pending-review and removed wip labels

brb marked this pull request as ready for review

February 18, 2020 11:02

brb requested a review from a team

February 18, 2020 11:02

coveralls commented Feb 18, 2020 •

edited

Loading

Coverage decreased (-0.01%) to 44.461% when pulling 2d9ff70 on pr/brb/rm-arp-entry into b6f2e75 on master.

borkmann approved these changes

View reviewed changes

aanm added the dont-merge/wait-until-release label

aanm added this to the 1.8 milestone

aanm removed the dont-merge/wait-until-release label

aanm requested changes

View reviewed changes

Member

aanm left a comment

Can't this be unit tested since we have a pkg/datapath/linux/node_test.go file for this?

jrfastab approved these changes

View reviewed changes

Contributor

jrfastab left a comment

LGTM thanks for doing this.

Member Author

brb commented Feb 24, 2020

@aanm Can we merge this? I'm going to add the tests after I've finished my work on a major feature.

Member

aanm commented Feb 24, 2020

@aanm Can we merge this? I'm going to add the tests after I've finished my work on a major feature.

I'll defer that decision to @joestringer.

joestringer approved these changes

View reviewed changes

Member

joestringer commented Feb 25, 2020 •

edited

Loading

@brb please file an issue to follow up on the tests just to make sure it doesn't get dropped. Manual testing of something like this is as good as no testing, it could regress at any time. Unit tests at the very least should not require a large commitment.

The change itself looks pretty straightforward and has relevant signoffs so LGTM.

joestringer merged commit 6c06c51 into master

joestringer deleted the pr/brb/rm-arp-entry branch

February 25, 2020 21:12

joestringer added release-note/bug and removed release-note/misc labels

Member

joestringer commented Feb 25, 2020

Also, I marked this as a bugfix as this seems like it could cause neighbour cache to grow unchecked if there is much node churn.

Member Author

brb commented Feb 26, 2020

@joestringer @aanm Created an issue for testing: #10341.

joestringer mentioned this pull request

v1.7 backports 2020-02-26 #10354

Merged

joestringer added backport-pending/1.7 and removed needs-backport/1.7 labels

brb mentioned this pull request

v1.6 backports 2020-02-27 #10361

Merged

brb added backport-pending/1.6 and removed needs-backport/1.6 labels

joestringer added backport-done/1.6 and removed backport-pending/1.6 labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/daemon release-note/bug