Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Felix programs IPIP tunnels #8357

Open
wants to merge 50 commits into
base: master
Choose a base branch
from
Open

Felix programs IPIP tunnels #8357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
3b487cb
felix programs ipip tunnel routes
mazdakn Jun 28, 2024
edfd945
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jul 12, 2024
adf4429
Update manifests
mazdakn Jul 12, 2024
6d8dffb
Change interface name to ipip.calico
mazdakn Jul 13, 2024
1732b25
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jul 19, 2024
be0c004
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jul 19, 2024
499a2d1
more changes
mazdakn Jul 19, 2024
7f7c40e
Update
mazdakn Jul 20, 2024
f5b1ff4
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jul 20, 2024
26f6dff
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jul 25, 2024
732a4d2
update fv tests
mazdakn Jul 25, 2024
e6cd84d
revert deletions
mazdakn Jul 25, 2024
c39db30
fix
mazdakn Jul 25, 2024
731bce9
Update configs
mazdakn Jul 27, 2024
8d0438a
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jul 27, 2024
b15c117
fix fvs
mazdakn Jul 27, 2024
b8385a4
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Aug 1, 2024
143a72c
fix tests
mazdakn Aug 1, 2024
f3a7e37
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Aug 16, 2024
6ac8eb5
merge
mazdakn Aug 17, 2024
d0ccf75
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Aug 19, 2024
199d76d
fixing test
mazdakn Aug 20, 2024
885276a
some randome commit
mazdakn Sep 4, 2024
3bbfaf9
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Oct 30, 2024
e471023
fix
mazdakn Nov 2, 2024
5a80197
Merge branch 'master' into felix-ipip
mazdakn Nov 2, 2024
6c02d1a
fix
mazdakn Nov 2, 2024
01ba430
fix linter
mazdakn Nov 2, 2024
bfdbf99
update test infra
mazdakn Nov 4, 2024
b1d97f4
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Nov 5, 2024
fa6bd30
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Nov 6, 2024
d989494
fix test infra
mazdakn Nov 7, 2024
671d54e
run make generate
mazdakn Nov 7, 2024
038e346
test infra
mazdakn Nov 7, 2024
fe3dba9
cleanup
mazdakn Nov 7, 2024
25e54fb
fix fv
mazdakn Nov 9, 2024
9792654
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Nov 12, 2024
4ac3ef8
update manifets
mazdakn Nov 12, 2024
dcee1e2
fix fv
mazdakn Nov 12, 2024
04df062
update fv
mazdakn Nov 13, 2024
c09a0e7
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Nov 18, 2024
179cd6e
merge
mazdakn Nov 18, 2024
4d93644
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jan 7, 2025
4c30be2
fix fv test
mazdakn Jan 7, 2025
c20cea8
update ipip interface name
mazdakn Jan 8, 2025
2039a09
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jan 8, 2025
a841648
Merge remote-tracking branch 'os/master' into felix-ipip
mazdakn Jan 8, 2025
412fc61
Merge remote-tracking branch 'open-source/master' into felix-ipip
mazdakn Jan 31, 2025
0c46f57
fix merge
mazdakn Jan 31, 2025
a008e44
update manifest
mazdakn Jan 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions api/pkg/apis/projectcalico/v3/felixconfig.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,13 @@ const (
NFTablesModeDisabled = "Disabled"
)

type ProgramRouteMode string

const (
ProgramRouteModeNone ProgramRouteMode = "None"
ProgramRouteModeIPIP ProgramRouteMode = "IPIP"
)

// +kubebuilder:validation:Enum=DoNothing;Enable;Disable
type AWSSrcDstCheckOption string

Expand Down Expand Up @@ -324,6 +331,8 @@ type FelixConfigurationSpec struct {
// IPIPMTU controls the MTU to set on the IPIP tunnel device. Optional as Felix auto-detects the MTU based on the
// MTU of the host's interfaces. [Default: 0 (auto-detect)]
IPIPMTU *int `json:"ipipMTU,omitempty" confignamev1:"IpInIpMtu"`
// ProgramRoutes specifies what type of routes Felix should program. [Default: None]. [Default: None]
ProgramRoutes *ProgramRouteMode `json:"programRoutes,omitempty" validate:"omitempty,oneof=None IPIP"`

// VXLANEnabled overrides whether Felix should create the VXLAN tunnel device for IPv4 VXLAN networking.
// Optional as Felix determines this based on the existing IP pools. [Default: nil (unset)]
Expand Down
5 changes: 5 additions & 0 deletions api/pkg/apis/projectcalico/v3/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions api/pkg/openapi/generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions charts/calico/templates/calico-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ data:
# Configure the backend to use.
{{- if or (.Values.flannel_migration) (.Values.vxlan) }}
calico_backend: "vxlan"
{{- else if (.Values.ipip) }}
calico_backend: "ipip"
{{- else }}
calico_backend: "bird"
{{- end }}
Expand Down
7 changes: 5 additions & 2 deletions charts/calico/templates/calico-node.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,9 @@ spec:
# Enable or Disable VXLAN on the default IPv6 IP pool.
- name: CALICO_IPV6POOL_VXLAN
value: "{{- if .Values.vxlan -}} CrossSubnet {{- else -}} Never {{- end -}}"
# Set if Felix should program IPIP routes or not.
- name: FELIX_PROGRAMROUTES
value: "{{ if .Values.ipip -}} IPIP {{- else -}} None {{- end -}}"
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
valueFrom:
Expand Down Expand Up @@ -406,7 +409,7 @@ spec:
command:
- /bin/calico-node
- -felix-live
{{- if and (eq .Values.network "calico") (not .Values.flannel_migration) (not .Values.vxlan) }}
{{- if and (eq .Values.network "calico") (not .Values.flannel_migration) (not .Values.vxlan) (not .Values.ipip) }}
- -bird-live
{{- end }}
periodSeconds: 10
Expand All @@ -419,7 +422,7 @@ spec:
command:
- /bin/calico-node
- -felix-ready
{{- if and (not .Values.flannel_migration) (not .Values.vxlan) }}
{{- if and (not .Values.flannel_migration) (not .Values.vxlan) (not .Values.ipip) }}
- -bird-ready
{{- end }}
{{- else if eq .Values.network "flannel" }}
Expand Down
3 changes: 3 additions & 0 deletions charts/values/calico-ipip.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
datastore: kubernetes
network: calico
ipip: true
3 changes: 2 additions & 1 deletion felix/calc/calc_graph.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -392,7 +392,8 @@ func NewCalculationGraph(
hostIPPassthru.RegisterWith(allUpdDispatcher)
cg.hostIPPassthru = hostIPPassthru

if conf.BPFEnabled || conf.Encapsulation.VXLANEnabled || conf.Encapsulation.VXLANEnabledV6 || conf.WireguardEnabled || conf.WireguardEnabledV6 {
if conf.BPFEnabled || conf.Encapsulation.VXLANEnabled || conf.Encapsulation.VXLANEnabledV6 ||
conf.WireguardEnabled || conf.WireguardEnabledV6 || conf.ProgramIPIPRoutes() {
// Calculate simple node-ownership routes.
// ...
// Dispatcher (all updates)
Expand Down
5 changes: 5 additions & 0 deletions felix/config/config_params.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,7 @@ type Config struct {
IpInIpEnabled *bool `config:"*bool;"`
IpInIpMtu int `config:"int;0"`
IpInIpTunnelAddr net.IP `config:"ipv4;"`
ProgramRoutes string `config:"oneof(None,IPIP);None"`

// Feature enablement. Can be either "Enabled" or "Disabled". Note, this governs the
// programming of NAT mappings derived from Kubernetes pod annotations. OpenStack floating
Expand Down Expand Up @@ -1241,6 +1242,10 @@ func (config *Config) RouteTableIndices() []idalloc.IndexRange {
return config.RouteTableRanges
}

func (config *Config) ProgramIPIPRoutes() bool {
return config.ProgramRoutes == string(v3.ProgramRouteModeIPIP)
}

func New() *Config {
if knownParams == nil {
loadParams()
Expand Down
1 change: 1 addition & 0 deletions felix/dataplane/driver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,7 @@ func StartDataplaneDriver(
RouteSyncDisabled: configParams.RouteSyncDisabled,
},
IPIPMTU: configParams.IpInIpMtu,
ProgramIPIPRoutes: configParams.ProgramIPIPRoutes(),
VXLANMTU: configParams.VXLANMTU,
VXLANMTUV6: configParams.VXLANMTUV6,
VXLANPort: configParams.VXLANPort,
Expand Down
6 changes: 5 additions & 1 deletion felix/dataplane/linux/bpf_ep_mgr.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,11 @@ func newBPFEndpointManager(

specialInterfaces := []string{"egress.calico"}
if config.RulesConfig.IPIPEnabled {
specialInterfaces = append(specialInterfaces, dataplanedefs.IPIPIfaceName)
if config.ProgramIPIPRoutes {
specialInterfaces = append(specialInterfaces, dataplanedefs.IPIPIfaceNameV4)
} else {
specialInterfaces = append(specialInterfaces, dataplanedefs.IPIPDefaultIfaceNameV4)
}
}
if config.RulesConfig.VXLANEnabled {
specialInterfaces = append(specialInterfaces, dataplanedefs.VXLANIfaceNameV4)
Expand Down
11 changes: 7 additions & 4 deletions felix/dataplane/linux/dataplanedefs/dataplane_defs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,13 @@ package dataplanedefs
import "github.com/vishvananda/netlink"

const (
IPIPIfaceName = "tunl0"
VXLANIfaceNameV4 = "vxlan.calico"
VXLANIfaceNameV6 = "vxlan-v6.calico"
VXLANDefaultProto netlink.RouteProtocol = 80
VXLANIfaceNameV4 = "vxlan.calico"
VXLANIfaceNameV6 = "vxlan-v6.calico"

IPIPIfaceNameV4 = "ipip.calico"
IPIPDefaultIfaceNameV4 = "tunl0"

DefaultRoutingProto netlink.RouteProtocol = 80

BPFInDev = "bpfin.cali"
BPFOutDev = "bpfout.cali"
Expand Down
45 changes: 37 additions & 8 deletions felix/dataplane/linux/int_dataplane.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,10 +149,13 @@ type Config struct {
NodeZone string
IPv6Enabled bool
RuleRendererOverride rules.RuleRenderer
IPIPMTU int
VXLANMTU int
VXLANMTUV6 int
VXLANPort int

IPIPMTU int
ProgramIPIPRoutes bool

VXLANMTU int
VXLANMTUV6 int
VXLANPort int

MaxIPSetSize int

Expand Down Expand Up @@ -319,6 +322,7 @@ type InternalDataplane struct {
ipSets []dpsets.IPSetsDataplane

ipipManager *ipipManager
ipipParentC chan string

vxlanManager *vxlanManager
vxlanParentC chan string
Expand Down Expand Up @@ -1035,10 +1039,33 @@ func NewIntDataplaneDriver(config Config) *InternalDataplane {
dp.RegisterManager(newFloatingIPManager(natTableV4, ruleRenderer, 4, config.FloatingIPsEnabled))
dp.RegisterManager(newMasqManager(ipSetsV4, natTableV4, ruleRenderer, config.MaxIPSetSize, 4))
if config.RulesConfig.IPIPEnabled {
log.Info("IPIP enabled, starting thread to keep tunnel configuration in sync.")
// Add a manager to keep the all-hosts IP set up to date.
dp.ipipManager = newIPIPManager(ipSetsV4, config.MaxIPSetSize, config.ExternalNodesCidrs)
go dp.ipipManager.KeepIPIPDeviceInSync(config.IPIPMTU, config.RulesConfig.IPIPTunnelAddress, dataplaneFeatures.ChecksumOffloadBroken)
if config.ProgramIPIPRoutes {
log.Info("IPIP enabled, starting thread to keep tunnel configuration in sync.")
// Add a manager to keep the all-hosts IP set up to date.
dp.ipipManager = newIPIPManager(
ipSetsV4,
routeTableV4,
dataplanedefs.IPIPIfaceNameV4,
config,
dp.loopSummarizer,
4,
featureDetector,
)
dp.ipipParentC = make(chan string, 1)
go dp.ipipManager.KeepCalicoIPIPDeviceInSync(context.Background(), dataplaneFeatures.ChecksumOffloadBroken, 10*time.Second, dp.ipipParentC)
} else {
log.Info("IPIP using BGP enabled, starting thread to keep tunnel configuration in sync.")
dp.ipipManager = newIPIPManager(
ipSetsV4,
nil,
dataplanedefs.IPIPDefaultIfaceNameV4,
config,
dp.loopSummarizer,
4,
featureDetector,
)
go dp.ipipManager.KeepIPIPDeviceInSync(dataplaneFeatures.ChecksumOffloadBroken)
}
dp.RegisterManager(dp.ipipManager) // IPv4-only
} else {
// Only clean up IPIP addresses if IPIP is implicitly disabled (no IPIP pools and not explicitly set in FelixConfig)
Expand Down Expand Up @@ -2078,6 +2105,8 @@ func (d *InternalDataplane) loopUpdatingDataplane() {
d.vxlanManager.OnParentNameUpdate(name)
case name := <-d.vxlanParentCV6:
d.vxlanManagerV6.OnParentNameUpdate(name)
case name := <-d.ipipParentC:
d.ipipManager.OnParentNameUpdate(name)
case <-ipSetsRefreshC:
log.Debug("Refreshing IP sets state")
d.forceIPSetsRefresh = true
Expand Down
Loading
Loading