Skip to content

Commit

Permalink
skip conntrack when access node dns ip (#3894) (#4762)
Browse files Browse the repository at this point in the history
* skip conntrack when access node local dns ip

Signed-off-by: Changlu Yi <[email protected]>
  • Loading branch information
changluyi authored Nov 25, 2024
1 parent 576dfd4 commit e1c5986
Show file tree
Hide file tree
Showing 7 changed files with 74 additions and 1 deletion.
4 changes: 3 additions & 1 deletion dist/images/Dockerfile.base
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,9 @@ RUN cd /usr/src/ && git clone -b branch-22.12 --depth=1 https://github.com/ovn-o
# lflow: do not send direct traffic between lports to conntrack
curl -s https://github.com/kubeovn/ovn/commit/54cbe0d1ba2051e640dd3e53498f373362547691.patch | git apply && \
# northd: add nb option version_compatibility
curl -s https://github.com/kubeovn/ovn/commit/06f5a7c684a6030036e2663eecf934b37c3e666e.patch | git apply
curl -s https://github.com/kubeovn/ovn/commit/06f5a7c684a6030036e2663eecf934b37c3e666e.patch | git apply && \
# northd: skip conntrack when access node local dns ip
curl -s https://github.com/kubeovn/ovn/commit/1ea964886da774506962d6bf23f8f894d93a10eb.patch | git apply

RUN apt install -y build-essential fakeroot \
autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \
Expand Down
28 changes: 28 additions & 0 deletions mocks/pkg/ovs/interface.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions pkg/controller/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,11 @@ func ParseFlags() (*Configuration, error) {
return nil, fmt.Errorf("check system cidr failed, %v", err)
}

if err := util.CheckNodeDNSIP(config.NodeLocalDNSIP); err != nil {
klog.Error(err)
return nil, err
}

klog.Infof("config is %+v", config)
return config, nil
}
Expand Down
4 changes: 4 additions & 0 deletions pkg/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -755,6 +755,10 @@ func (c *Controller) Run(ctx context.Context) {
util.LogFatalAndExit(err, "failed to set NB_Global option ls_ct_skip_dst_lport_ips")
}

if err := c.OVNNbClient.SetNodeLocalDNSIP(c.config.NodeLocalDNSIP); err != nil {
util.LogFatalAndExit(err, "failed to set NB_Global option node_local_dns_ip")
}

if err := c.InitOVN(); err != nil {
util.LogFatalAndExit(err, "failed to initialize ovn resources")
}
Expand Down
1 change: 1 addition & 0 deletions pkg/ovs/interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ type NBGlobal interface {
SetICAutoRoute(enable bool, blackList []string) error
SetLsDnatModDlDst(enabled bool) error
SetLsCtSkipDstLportIPs(enabled bool) error
SetNodeLocalDNSIP(nodeLocalDNSIP string) error
GetNbGlobal() (*ovnnb.NBGlobal, error)
}

Expand Down
25 changes: 25 additions & 0 deletions pkg/ovs/ovn-nb_global.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,3 +157,28 @@ func (c *OVNNbClient) SetLsDnatModDlDst(enabled bool) error {
func (c *OVNNbClient) SetLsCtSkipDstLportIPs(enabled bool) error {
return c.SetNbGlobalOptions("ls_ct_skip_dst_lport_ips", enabled)
}

func (c *OVNNbClient) SetNodeLocalDNSIP(nodeLocalDNSIP string) error {
if nodeLocalDNSIP != "" {
return c.SetNbGlobalOptions("node_local_dns_ip", nodeLocalDNSIP)
}

nbGlobal, err := c.GetNbGlobal()
if err != nil {
return fmt.Errorf("get nb global: %v", err)
}

options := make(map[string]string, len(nbGlobal.Options))
for k, v := range nbGlobal.Options {
options[k] = v
}

delete(options, "node_local_dns_ip")

nbGlobal.Options = options
if err := c.UpdateNbGlobal(nbGlobal, &nbGlobal.Options); err != nil {
return fmt.Errorf("remove option node_local_dns_ip failed , %v", err)
}

return nil
}
8 changes: 8 additions & 0 deletions pkg/util/net.go
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,14 @@ func CheckSystemCIDR(cidrs []string) error {
return nil
}

func CheckNodeDNSIP(nodeLocalDNSIP string) error {
if nodeLocalDNSIP != "" && !IsValidIP(nodeLocalDNSIP) {
err := fmt.Errorf("node dns ip %s is not valid ip", nodeLocalDNSIP)
return err
}
return nil
}

// GetExternalNetwork returns the external network name
// if the external network is not specified, return the default external network name
func GetExternalNetwork(externalNet string) string {
Expand Down

0 comments on commit e1c5986

Please sign in to comment.