-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-31679: localnet, multi-homing: introduce localnet alias #4320
base: master
Are you sure you want to change the base?
Conversation
6f056ff
to
8bf02f3
Compare
e9e0d8f
to
16ad328
Compare
5edf806
to
938034f
Compare
8f83591
to
933567a
Compare
933567a
to
952c115
Compare
go-controller/pkg/cni/types/types.go
Outdated
@@ -50,6 +50,8 @@ type NetConf struct { | |||
// restart. | |||
AllowPersistentIPs bool `json:"allowPersistentIPs,omitempty"` | |||
|
|||
Alias string `json:"localnetPortAlias,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@trozet we should agree on a name to put on the configuration to allow the users to re-use an existing mapping.
Maybe this is too low level / detail. How about directly bridgeMapping
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bridgeMapping
would make sense to me. The user flow looks something like this:
- Admin uses
NNCP
to configurebridge-mappings
ovn:
bridge-mappings:
- localnet: localnet1
bridge: br-ex
state: present
- Admin proceeds to create a
NAD
where they have to referencelocalnet1
from the example above. For me, the clearest hint to what I should be setting in theNAD
would be if it asked forbridgeMapping
. Another option would belocalnet
, but I like it less since we already use the term for the topology
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree alias is probably too generic, but I think bridgeMapping is not accurate either. The bridge mapping describe a mapping between an OVS bridge and a physical network. The part that you actually put into the NAD is the physical network name. So does that make PhysicalNetwork a good choice? I feel like @jcaamano will have some good thoughts on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The part that you actually put into the NAD is the physical network name
Good point; that is really what I am using - the value for the localnet port network_name
option.
I am OK with PhysicalNetworkName
.
@phoracek thoughts ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, that works for me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't follow: you can have multiple networks in the same OVS bridge today with the localnet feature. Each network will use a different patch port.
I am not explaining myself very well. I know you can do that today. I am not saying you can't.
But doing so today requires two bridge mappings physnet:br-ex,localnet:br-ex
. OVN-K does not care, is not aware nor handles the bridge mappings, so if this leads to any problem it is not OVN-K responsibility. Something else
is setting the bridge mappings and that something else
is responsible.
Now with this new attribute PhysicalNetworkName
as part of the OVN-K netconf API and set to physnet
you only need the default bridge mapping physnet:br-ex
to have the equivalent functionality as before. In the general case this attribute makes possible to map multiple networks to the same bridge, through OVN-K API, introducing a gray area of responsibility whereas before it was clearly not OVN-K responsibility because OVN-K was simply not aware.
One example of the checks we could potentially make:
Check that all the localnets with the same PhysicalNetworkName
and VlanID don't have overlapping IPs.
We want to support the namespace selector for the secondary localnet UDNs for sure.
So the plan is also to have this field in the CRD as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We want to support the namespace selector for the secondary localnet UDNs for sure.
So the plan is also to have this field in the CRD as well?
Yes.
Now with this new attribute PhysicalNetworkName as part of the OVN-K netconf API and set to physnet you only need the default bridge mapping physnet:br-ex to have the equivalent functionality as before. In the general case this attribute makes possible to map multiple networks to the same bridge, through OVN-K API, introducing a gray area of responsibility whereas before it was clearly not OVN-K responsibility because OVN-K was simply not aware.
I understand better what you mean.
IMHO, we can simply call out in the docs this is not a gray area of responsibility, and that OVN-K is in no way responsible for validating the physical network configuration - the admin is.
One example of the checks we could potentially make:
Check that all the localnets with the same PhysicalNetworkName and VlanID don't have overlapping IPs.
Thanks for the example; I just don't see how can we perform or enforce such validation: localnet networks (at least for virt use cases) are commonly known for not having subnets defined. I.e. ovn-k has no clue of the IP assignments of the workloads attached to it.
While saying that, I do see the potential for an higher orchestration layer you've called out in previous comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO, we can simply call out in the docs this is not a gray area of responsibility, and that OVN-K is in no way responsible for validating the physical network configuration - the admin is.
That works for the NAD but I don't think we can do that for the CRD because validation is one of its main purposes.
I just don't see how can we perform or enforce such validation: localnet networks (at least for virt use cases) are commonly known for not having subnets defined.
For the ones that have it defined I guess. We have the responsibility to think about all use cases not just virt.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO, we can simply call out in the docs this is not a gray area of responsibility, and that OVN-K is in no way responsible for validating the physical network configuration - the admin is.
That works for the NAD but I don't think we can do that for the CRD because validation is one of its main purposes.
Sure, let's defer validation to the cUDN CRD then. That makes sense to me.
I just don't see how can we perform or enforce such validation: localnet networks (at least for virt use cases) are commonly known for not having subnets defined.
For the ones that have it defined I guess. We have the responsibility to think about all use cases not just virt.
I'm OK with best effort - i.e. validating whenever possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renamed the attribute to PhysicalNetworkName
.
Please take another look @trozet
@@ -161,3 +163,46 @@ func bridgeMapping(physnet, ovsBridge string) BridgeMapping { | |||
ovsBridge: ovsBridge, | |||
} | |||
} | |||
|
|||
func createVLANInterface(deviceName string, vlanID string, ipAddress *string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe it wouldn't hurt to have this function idempotent ...
It's really not needed right now, since we only use it from a single place, but could be helpful going forward.
cdf7ec2
to
a1b90ee
Compare
Having a different parameter to use as the network_name option of the localnet logical switch port allows the admin to create multiple physical network attachment without having to reconfigure the physical OVN bridge mappings. This improves the admin's UX (less operations) and solution scalability (since a single mapping can be re-used) and thus the size of the ovn-bridge-mappings string can be kept low. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Adds an e2e tests that asserts the same bridge mapping can be shared between multiple networks. Signed-off-by: Miguel Duarte Barroso <[email protected]>
a1b90ee
to
08a9650
Compare
- What this PR does and why is it needed
This PR introduces a network name alias to use when configuring the localnet networks.
By using this alias, the user can create multiple networks - on different vlans - without having to reconfigure the node's OVN bridge mappings. Essentially, the use can provide a single mapping and piggy-back multiple physical configurations in it.
Users in OpenShift use kubernetes-nmstate to configure these mappings; this way, they get to skip provisioning multiple policies.
- Special notes for reviewers
In this PR we are adding an alias to the network name attribute in the localnet logical switch port mandatory options.
By doing that, we can create multiple networks pointing at the same OVS bridge without having to provision additional bridge mappings, which provides a leaner and more focuses user workflow since any time the admin wants to define a new VLAN, all they need to do is to create a NetworkAttachmentDefinition (and re-use the existing binding).
This would be the new secondary networks definitions:
- How to verify it
Provision workloads ataching to those networks, and check the OVS databases contents:
We'll still see multiple patch ports (one per network) while using a single mapping - localnet
tenantblue
to bridgebreth0
.- Description for the changelog
Introduce a localnet network name alias, which allows OVN bridge mapping re-use.