Skip to content

Commit

Permalink
Set MTU of OVS ports for L7 NetworkPolicy at startup
Browse files Browse the repository at this point in the history 
The MTU of OVS ports for L7 NetworkPolicy should be set to the
calculated MTU value according to traffic mode at every startup.
For example, before this commit, assuming that feature gate
L7NetworkPolicy is enabled in encap mode, then the OVS ports for
L7 NetworkPolicy will be created and their MTU is 1420. If the
traffic mode is changed to noEncap, the MTU of the OVS ports is
still 1420, however, the OVS ports for Pods and antrea-gw0 is 1500
right now. Besides, when creating the OVS ports for L7 NetworkPolicy
for the first time in a Node, without specifying the MTU value, the
minimum MTU value from all OVS ports will be used. The MTU value
might be less than the MTU calculated by Antrea which is used in
Antrea local gateway port and Pod ports, result in the unavailability
of L7 NetworkPolicy.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
  • Loading branch information
@hongliangl
hongliangl committed Aug 18, 2023
1 parent e04c95c commit 9b14172
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion pkg/agent/agent_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,13 +358,20 @@ func (i *Initializer) prepareL7NetworkPolicyInterfaces() error {
returnPort, _ := i.ifaceStore.GetInterfaceByName(config.L7NetworkPolicyReturnPortName)
i.l7NetworkPolicyConfig.TargetOFPort = uint32(targetPort.OFPort)
i.l7NetworkPolicyConfig.ReturnOFPort = uint32(returnPort.OFPort)
// Set the ports with no-flood to reject ARP flood packets.
// Set the ports with no-flood to reject ARP flood packets at every startup.
if err := i.ovsCtlClient.SetPortNoFlood(int(targetPort.OFPort)); err != nil {
return fmt.Errorf("failed to set port %s with no-flood config: %w", config.L7NetworkPolicyTargetPortName, err)
}
if err := i.ovsCtlClient.SetPortNoFlood(int(returnPort.OFPort)); err != nil {
return fmt.Errorf("failed to set port %s with no-flood config: %w", config.L7NetworkPolicyReturnPortName, err)
}
// Set MTU of the ports to the calculated MTU value at every startup.
if err := i.setInterfaceMTU(config.L7NetworkPolicyTargetPortName, i.networkConfig.InterfaceMTU); err != nil {
return err
}
if err := i.setInterfaceMTU(config.L7NetworkPolicyReturnPortName, i.networkConfig.InterfaceMTU); err != nil {
return err
}

return nil
}

0 comments on commit 9b14172

Please sign in to comment.