Skip to content

Add L2 announcement IPv6 support #39648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jul 11, 2025
Merged

Add L2 announcement IPv6 support #39648

merged 11 commits into from
Jul 11, 2025

Conversation

msune
Copy link
Member

@msune msune commented May 20, 2025
edited
Loading

This patchset adds L2 announcement IPv6 support.

Patchset:

23c6929a58 docs/l2_announcements: remove IPv6 limitation
08019f3ef8 pkg: add support for L2 IPv6 announcements
db22a4c2d4 pkg/datapath: garp->gneigh and implement ND adv.
234e1b4a76 pkg: add v6 L2 responder maps
98ee4c6ff3 Add mdlayher/ndp go package
71721fa802 bpf/test: add L2 announce IPv6 unit test
749f591e3f bpf: Add support for IPv6 L2 announcements
aa2dc65eec bpf/test/pktgen: add IPv6 {svc,ext}_one addresses
623417f1c4 bpf: rescope IPv6 MC helpers (sol. addr)

Depends on #39574 and #39579. Related/implements #34983.

Add L2 announcement IPv6 support

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label May 20, 2025
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label May 20, 2025
This was referenced May 22, 2025
Closed
Merged
@github-actions GitHub Actions
Copy link

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jun 20, 2025
@msune msune force-pushed the l2_announce_ipv6_final branch from d7ce7b8 to 0cc17e9 Compare June 20, 2025 06:54
@maintainer-s-little-helper
Copy link

Commit 0cc17e9 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Jun 20, 2025
@msune msune force-pushed the l2_announce_ipv6_final branch from 0cc17e9 to 0c4682f Compare June 20, 2025 07:04
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Jun 20, 2025
@msune msune force-pushed the l2_announce_ipv6_final branch 4 times, most recently from ed8bee9 to 636f517 Compare June 20, 2025 08:04
@joestringer joestringer added release-note/major This PR introduces major new functionality to Cilium. dont-merge/wait-until-release Freeze window for current release is blocking non-bugfix PRs labels Jun 20, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Jun 20, 2025
@github-actions github-actions bot removed the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jun 21, 2025
@msune msune force-pushed the l2_announce_ipv6_final branch from 636f517 to 23c6929 Compare June 26, 2025 16:56
@msune
Copy link
Member Author

msune commented Jun 26, 2025

OK, ready for review. I finally could spent some more time on it.

A couple of notes:

  • Besides the BPF unit tests, I've manually tested it using kind, both for targeted and non-targeted NDP NS.
  • Reviewers let me know if there is some more test coverage you think it's necessary, given the state of coverage for the v4.
  • So, with the current implementation (in main for v4), if for whatever reason the GARP can't be sent, the map is not populated with that entry, so it will never make it into the map unless there are changes. See this. Should we warn and continue? I didn't change this behaviour as part of the PR just yet.

@dylandreimerink I would appreciate if you could give it a run too.

@msune msune marked this pull request as ready for review June 26, 2025 17:15
@msune msune requested review from a team as code owners June 26, 2025 17:15
@msune msune force-pushed the l2_announce_ipv6_final branch from 1b26c19 to ed4bcc3 Compare July 10, 2025 09:48
msune added a commit to msune/cilium that referenced this pull request Jul 10, 2025
@msune
pkg/l2_responder: fix counters 0ed on sync
61237f6 
As part of cilium#39648 review, a bug was disovered in which l2_responder
counters were 0ed during reconciliation.

Fix it by making sure desiredMap contains old entries with satisfied=true
so that counters are not 0ed, as per suggested by Dylan.

Reported-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
msune added a commit to msune/cilium that referenced this pull request Jul 10, 2025
@msune
pkg/l2_responder: fix counters 0ed on sync
dc141e7 
As part of cilium#39648 review, a bug was disovered in which l2_responder
counters were 0ed during reconciliation.

Fix it by making sure desiredMap contains old entries with satisfied=true
so that counters are not 0ed, as per suggested by Dylan.

Reported-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune msune force-pushed the l2_announce_ipv6_final branch from 61237f6 to dc141e7 Compare July 10, 2025 12:30
@msune
Copy link
Member Author

msune commented Jul 10, 2025

@joestringer many thanks for the thorough review 🙏

Nice work!

Thx

A bunch of my feedback is around little things like extra unneeded parameters, some ineffective statements, some ways we could simplify the code (eg avoid casts). There's some comments that reference the wrong structures or files that don't exist. All nice-to-have things but not critical; see below for details.

All either addressed or not applicable.

The most notable feedback below is around how single-stack is handled, since it didn't look like pkg/datapath/gneigh/processor.go is aware of which protocols are enabled. Seemed like this might cause errors to show up in agent logs for protocols that are disabled. But maybe I just missed some detail about how the disabled protocols are skipped over.

I've explained in the thread, I think we are good. I think we would have seen this already, as the L2 announce tests in E2E (indirect testing) only enable IPv4. But I could be wrong.

I raised some other lesser questions like whether we really need another map or could reuse the same map for both address families, and also some ideas about simplifying / reusing Go code. See below for the threads. I think these are worth considering, but I'd be fine with merging this PR and then iterating on top.

In agreement, but I think this is further work 😉

joestringer
joestringer approved these changes Jul 10, 2025
View reviewed changes
Copy link
Member

@joestringer joestringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for my code owners. I followed up on one point from my prior review here: https://github.com/cilium/cilium/pull/39648/files#r2198302693 , but I think this is also OK to fix up after merging this.

tommyp1ckles
tommyp1ckles approved these changes Jul 11, 2025
View reviewed changes
Copy link
Contributor

@tommyp1ckles tommyp1ckles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some minor stuff, but the changes look good to me.

msune added 11 commits July 11, 2025 10:05
@msune
bpf: rescope IPv6 MC helpers (sol. addr)
5f38ad2 
MC helpers are only really used for Solicitation addresses, therefore
make narrow the scope to make them more useful. Adapted tests.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
bpf/test/pktgen: add v6_svc_one address
b233106 
Define v6_svc_one address required by the V6 l2_announce test.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
bpf: Add support for IPv6 L2 announcements
35152c6 
This patch adds supports in bpf_host for IPv6 L2 announcements.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
bpf/test: add L2 announce IPv6 unit test
59bc3c8 
This commit adds tc_l2_announce6 unit test, to cover IPv6 support
for L2 announce.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
Add mdlayher/ndp go package
41777ba 
This commit adds mdlayher/ndp golang package to implement support
for sending Gratuitous Neighbour packets.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
pkg: add v6 L2 responder map
eec9882 
This commit adds v6 L2 responder map.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
pkg/datapath: garp->gneigh and implement ND adv.
4638fc4 
This commit:

* Renames garp cell to gneigh to be more generic.
* Adds support to gneigh for sending gratuitous Neighbour Advertisement
  messages.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
pkg: add support for L2 IPv6 announcements
4015e0b 
This commit adds support for IPv6 L2 announcements by adding the
necessary logic in the l2responder/ cell using the gratuitous ND
functionality now part of the gneigh cell.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
docs/l2_announcements: remove IPv6 limitation
ccd55e7 
On l2-announcements.rst:

* Remove IPv6 limitation.
* Adapt text to include NDP where only ARP was mentioned.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
pkg/l2_responder: continue if gARP/NDP fails
945cc74 
Prior to this commit if a gratuitous ARP/NDP was unable to be sent,
the L2 announce map (v4/v6) was not populated with the entry,
leading to an inconsistency. This was not a big deal as _generally_
nothing should prevent us to send these packets.

Change the behaviour to Warn and continue.

Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune
pkg/l2_responder: fix counters 0ed on sync
671b7ee 
As part of cilium#39648 review, a bug was disovered in which l2_responder
counters were 0ed during reconciliation.

Fix it by making sure desiredMap contains old entries with satisfied=true
so that counters are not 0ed, as per suggested by Dylan.

Reported-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
@msune msune force-pushed the l2_announce_ipv6_final branch from dc141e7 to 671b7ee Compare July 11, 2025 08:23
@msune
Copy link
Member Author

msune commented Jul 11, 2025

Rebased. All comments addressed, so I believe we are ready to merge 🚀

@dylandreimerink
Copy link
Member

/test

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jul 11, 2025
@dylandreimerink dylandreimerink added this pull request to the merge queue Jul 11, 2025
Merged via the queue into cilium:main with commit 236f0cd Jul 11, 2025
69 of 70 checks passed
@msune msune deleted the l2_announce_ipv6_final branch July 11, 2025 14:54
@muhlba91
Copy link

qq: will this be in the 1.18 release already?

@msune
Copy link
Member Author

msune commented Jul 29, 2025

qq: will this be in the 1.18 release already?

Nope, 1.19.

@RonaldPhilipsen
Copy link

qq: will this be in the 1.18 release already?

Nope, 1.19.

Sad, I was really looking forward to enabling matter without relying on metallb

Either way, thanks for all the effort!

rabelmervin pushed a commit to rabelmervin/cilium that referenced this pull request Aug 18, 2025
@msune @rabelmervin
pkg/l2_responder: fix counters 0ed on sync
08e4db3 
As part of cilium#39648 review, a bug was disovered in which l2_responder
counters were 0ed during reconciliation.

Fix it by making sure desiredMap contains old entries with satisfied=true
so that counters are not 0ed, as per suggested by Dylan.

Reported-by: Joe Stringer <joe@cilium.io>
Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com>
Signed-off-by: Marc Suñé <marc.sune@isovalent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joestringer joestringer joestringer approved these changes

@dylandreimerink dylandreimerink dylandreimerink left review comments

@tommyp1ckles tommyp1ckles tommyp1ckles approved these changes

@HadrienPatte HadrienPatte HadrienPatte approved these changes

@rgo3 rgo3 rgo3 approved these changes

@qmonnet qmonnet qmonnet approved these changes

Assignees
No one assigned
Labels
kind/community-contribution This was a contribution made by a community member. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/major This PR introduces major new functionality to Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@msune @dylandreimerink @qmonnet @muhlba91 @RonaldPhilipsen @joestringer @tommyp1ckles @HadrienPatte @rgo3