From a73fde87ea6786c7141205465d47f8635115d6df Mon Sep 17 00:00:00 2001 From: Oleg Guba Date: Mon, 24 Oct 2022 20:18:46 -0700 Subject: [PATCH] [driver] refactor pod netork configuration not to use static ARP entry --- cmd/routed-eni-cni-plugin/driver/driver.go | 71 +++++++--------------- 1 file changed, 23 insertions(+), 48 deletions(-) diff --git a/cmd/routed-eni-cni-plugin/driver/driver.go b/cmd/routed-eni-cni-plugin/driver/driver.go index d96a5857711..1a774baa258 100644 --- a/cmd/routed-eni-cni-plugin/driver/driver.go +++ b/cmd/routed-eni-cni-plugin/driver/driver.go @@ -159,66 +159,41 @@ func (createVethContext *createVethPairContext) run(hostNS ns.NetNS) error { } } - // Add a connected route to a dummy next hop (169.254.1.1 or fe80::1) + // Add an onlink route to a dummy next hop (169.254.1.1 or fe80::1) // # ip route show - // default via 169.254.1.1 dev eth0 - // 169.254.1.1 dev eth0 + // default via 169.254.1.1 dev eth0 onlink - var gw net.IP - var maskLen int - var addr *netlink.Addr - var defNet *net.IPNet + var contVethAddress *netlink.Addr + var hostVethAddress *netlink.Addr if createVethContext.v4Addr != nil { - gw = net.IPv4(169, 254, 1, 1) - maskLen = 32 - addr = &netlink.Addr{IPNet: createVethContext.v4Addr} - defNet = &net.IPNet{IP: net.IPv4zero, Mask: net.CIDRMask(0, maskLen)} + contVethAddress = &netlink.Addr{IPNet: createVethContext.v4Addr} + hostVethAddress = &netlink.Addr{ + IPNet: &net.IPNet{ + IP: net.IPv4(169, 254, 1, 1), + Mask: net.CIDRMask(8*net.IPv4len, 8*net.IPv4len), + }, + Scope: int(netlink.SCOPE_LINK), + } } else if createVethContext.v6Addr != nil { - gw = net.IP{0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1} - maskLen = 128 - addr = &netlink.Addr{IPNet: createVethContext.v6Addr} - defNet = &net.IPNet{IP: net.IPv6zero, Mask: net.CIDRMask(0, maskLen)} - } - - gwNet := &net.IPNet{IP: gw, Mask: net.CIDRMask(maskLen, maskLen)} - - if err = createVethContext.netLink.RouteReplace(&netlink.Route{ - LinkIndex: contVeth.Attrs().Index, - Scope: netlink.SCOPE_LINK, - Dst: gwNet}); err != nil { - return errors.Wrap(err, "setup NS network: failed to add default gateway") + contVethAddress = &netlink.Addr{IPNet: createVethContext.v6Addr} + hostVethAddress = &netlink.Addr{ + IPNet: &net.IPNet{ + IP: net.IP{0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}, + Mask: net.CIDRMask(8*net.IPv6len, 8*net.IPv6len), + }, + Scope: int(netlink.SCOPE_LINK), + } } - // Add a default route via dummy next hop(169.254.1.1 or fe80::1). Then all outgoing traffic will be routed by this - // default route via dummy next hop (169.254.1.1 or fe80::1) - if err = createVethContext.netLink.RouteAdd(&netlink.Route{ - LinkIndex: contVeth.Attrs().Index, - Scope: netlink.SCOPE_UNIVERSE, - Dst: defNet, - Gw: gw, - }); err != nil { - return errors.Wrap(err, "setup NS network: failed to add default route") + if err := createVethContext.netLink.AddrAdd(hostVeth, hostVethAddress); err != nil { + return errors.Wrapf(err, "setup NS network: failed to add link-local addr to %q", createVethContext.hostVethName) } - if err = createVethContext.netLink.AddrAdd(contVeth, addr); err != nil { + if err = createVethContext.netLink.AddrAdd(contVeth, contVethAddress); err != nil { return errors.Wrapf(err, "setup NS network: failed to add IP addr to %q", createVethContext.contVethName) } - // add static ARP entry for default gateway - // we are using routed mode on the host and container need this static ARP entry to resolve its default gateway. - // IP address family is derived from the IP address passed to the function (v4 or v6) - neigh := &netlink.Neigh{ - LinkIndex: contVeth.Attrs().Index, - State: netlink.NUD_PERMANENT, - IP: gwNet.IP, - HardwareAddr: hostVeth.Attrs().HardwareAddr, - } - - if err = createVethContext.netLink.NeighAdd(neigh); err != nil { - return errors.Wrap(err, "setup NS network: failed to add static ARP") - } - if createVethContext.v6Addr != nil && createVethContext.v6Addr.IP.To16() != nil { if err := waitForAddressesToBeStable(createVethContext.netLink, createVethContext.contVethName, v6DADTimeout); err != nil { return errors.Wrap(err, "setup NS network: failed while waiting for v6 addresses to be stable")