Truncate SessionAffinity timeout values instead of wrapping around #3609

antoninbas · 2022-04-09T00:30:00Z

SessionAffinity timeout is implemented using a hard_timeout in
OVS. hard_timeout is represented by a uint16 in the OpenFlow protocol,
hence we cannot support timeouts greater than 65535 seconds. However,
the K8s Service spec allows timeout values up to 86400 seconds for
ClientIP-based SessionAffinity
(https://godoc.org/k8s.io/api/core/v1#ClientIPConfig). For values
greater than 65535 seconds, we need to set the hard_timeout to 65535
rather than let the timeout value wrap around.

For #1578

Signed-off-by: Antonin Bas abas@vmware.com

codecov-commenter · 2022-04-09T00:36:59Z

Codecov Report

Merging #3609 (1ebec42) into main (7fea8d3) will decrease coverage by 17.39%.
The diff coverage is 3.70%.

❗ Current head 1ebec42 differs from pull request most recent head c3229ed. Consider uploading reports for the commit c3229ed to get more accurate results

@@             Coverage Diff             @@
##             main    #3609       +/-   ##
===========================================
- Coverage   64.24%   46.84%   -17.40%     
===========================================
  Files         278      245       -33     
  Lines       27929    35482     +7553     
===========================================
- Hits        17942    16623     -1319     
- Misses       8067    17221     +9154     
+ Partials     1920     1638      -282

Flag	Coverage Δ
e2e-tests	`46.84% <3.70%> (?)`
kind-e2e-tests	`?`
unit-tests	`?`

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/proxy/proxier.go	`47.64% <3.70%> (-13.56%)`	⬇️
pkg/ipfix/ipfix_intermediate.go	`0.00% <0.00%> (-89.48%)`	⬇️
pkg/controller/networkpolicy/endpoint_querier.go	`4.58% <0.00%> (-86.85%)`	⬇️
pkg/ipfix/ipfix_collector.go	`0.00% <0.00%> (-81.82%)`	⬇️
pkg/agent/util/iptables/lock.go	`0.00% <0.00%> (-81.82%)`	⬇️
pkg/flowaggregator/certificate.go	`0.00% <0.00%> (-77.48%)`	⬇️
pkg/controller/externalippool/validate.go	`0.00% <0.00%> (-76.20%)`	⬇️
...lowaggregator/clickhouseclient/clickhouseclient.go	`0.00% <0.00%> (-75.84%)`	⬇️
pkg/cni/client.go	`0.00% <0.00%> (-75.52%)`	⬇️
pkg/controller/networkpolicy/crd_utils.go	`14.48% <0.00%> (-75.42%)`	⬇️
... and 269 more

antoninbas · 2022-04-11T18:04:15Z

/test-all

tnqn

LGTM, a typo

tnqn · 2022-04-12T09:54:37Z

pkg/agent/proxy/proxier.go

+			// let the timeout value wrap around.
+			affinityTimeout = maxSupportedAffinityTimeout
+			if !ok || (svcInfo.StickyMaxAgeSeconds() != pSvcInfo.StickyMaxAgeSeconds()) {
+				// We only log a warning when the Service hasn't been instealled


Suggested change

// We only log a warning when the Service hasn't been instealled

// We only log a warning when the Service hasn't been installed

wenyingd

LGTM

SessionAffinity timeout is implemented using a hard_timeout in OVS. hard_timeout is represented by a uint16 in the OpenFlow protocol, hence we cannot support timeouts greater than 65535 seconds. However, the K8s Service spec allows timeout values up to 86400 seconds for ClientIP-based SessionAffinity (https://godoc.org/k8s.io/api/core/v1#ClientIPConfig). For values greater than 65535 seconds, we need to set the hard_timeout to 65535 rather than let the timeout value wrap around. For antrea-io#1578 Signed-off-by: Antonin Bas <abas@vmware.com>

antoninbas · 2022-04-12T18:12:45Z

/test-all

antoninbas requested review from hongliangl, jianjuns, tnqn and wenyingd April 9, 2022 00:30

antoninbas added area/ovs/openflow Issues or PRs related to Open vSwitch Open Flow. area/ovs Issues or PRs related to OVS area/proxy Issues or PRs related to proxy functions in Antrea action/release-note Indicates a PR that should be included in release notes. labels Apr 9, 2022

jianjuns previously approved these changes Apr 9, 2022

View reviewed changes

tnqn previously approved these changes Apr 12, 2022

View reviewed changes

wenyingd previously approved these changes Apr 12, 2022

View reviewed changes

antoninbas dismissed stale reviews from wenyingd, tnqn, and jianjuns via f6c2a3d April 12, 2022 18:12

antoninbas force-pushed the truncate-service-session-affinity-timeout-instead-of-wrapping-it-around branch from c3229ed to f6c2a3d Compare April 12, 2022 18:12

antoninbas requested a review from tnqn April 12, 2022 18:12

tnqn approved these changes Apr 13, 2022

View reviewed changes

antoninbas merged commit 1d7a017 into antrea-io:main Apr 13, 2022

antoninbas deleted the truncate-service-session-affinity-timeout-instead-of-wrapping-it-around branch April 13, 2022 18:08

antoninbas mentioned this pull request Apr 13, 2022

SessionAffinity timeout max value #1578

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Truncate SessionAffinity timeout values instead of wrapping around #3609

Truncate SessionAffinity timeout values instead of wrapping around #3609

antoninbas commented Apr 9, 2022

codecov-commenter commented Apr 9, 2022 •

edited

Loading

antoninbas commented Apr 11, 2022

tnqn left a comment

tnqn Apr 12, 2022

wenyingd left a comment

antoninbas commented Apr 12, 2022

	// We only log a warning when the Service hasn't been instealled
	// We only log a warning when the Service hasn't been installed

Truncate SessionAffinity timeout values instead of wrapping around #3609

Truncate SessionAffinity timeout values instead of wrapping around #3609

Conversation

antoninbas commented Apr 9, 2022

codecov-commenter commented Apr 9, 2022 • edited Loading

Codecov Report

antoninbas commented Apr 11, 2022

tnqn left a comment

Choose a reason for hiding this comment

tnqn Apr 12, 2022

Choose a reason for hiding this comment

wenyingd left a comment

Choose a reason for hiding this comment

antoninbas commented Apr 12, 2022

codecov-commenter commented Apr 9, 2022 •

edited

Loading