EgressIP support on user defined networks #4438
Conversation
github-actions
bot
added
the
kind/documentation
tssurya
added
the
feature/user-defined-network-segmentation
tssurya
added
feature/egress-ip
pperiyasamy
force-pushed
the
okep-multi-network-egressip
branch
2 times, most recently
from
73543d3
to
12bbc73
Compare
|
Partially reviewed - as discussed via slack - we need to rework this for non-IC where pkt marks wont survive when pkts cross nodes. |
|
can you do me a favour? Feel free to say no cause it maybe a pain in the head for you.. but itll be easier for everyone to inspect the new arch. If theres no changes for any of the following deployment mods + network, fine to combine them in the same file, but name the file appropriately. I think we need diagrams for the following combinations for each EIP "config" (defined later): primaryeip-cdn-ic primaryeip-cdn-non-ic primaryeip-udn-l3-ic primaryeip-udn-l3-non-ic primaryeip-udn-l2 secondaryeip-cdn-ic secondaryeip-cdn-non-ic secondaryeip-udn-l3-ic secondaryeip-udn-l3-non-ic secondaryeip-udn-l2 primary means EIP is assigned to a pkt egressing primary interface and secondary is egress-ing a host secondary interface. EIP "configs": two pods, EIP with one IP - one on a node and another on the egress node Peri will update the info to incorporate: https://docs.google.com/document/d/1mlhI9TJgy7DxJT-JX7Qz9_-rTgivZwlO4Pfyob616cs/edit |
pperiyasamy
force-pushed
the
okep-multi-network-egressip
branch
from
12bbc73
to
6d83e71
Compare
|
I have not looked at anything here in depth, but I want to say I'm loving what's happening here in this PR 👏👏👏👏👏 |
pperiyasamy
force-pushed
the
okep-multi-network-egressip
branch
from
6d83e71
to
f92193b
Compare
There was a problem hiding this comment.
Thank you @martinkennelly and @tssurya for your great feedback and bringing up non-IC scenario.
@martinkennelly As we discussed, have incorporated EIP configs from your document (it was a very nice one, thanks).
This commit adds an enhancement proposal to support EgressIPs for the user defined segmentation networks which serves as a primary network for the pods. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
pperiyasamy
force-pushed
the
okep-multi-network-egressip
branch
from
f92193b
to
9fb2ab6
Compare
martinkennelly
force-pushed
the
okep-multi-network-egressip
branch
from
0ddb750
to
2f86a1b
Compare
Signed-off-by: Martin Kennelly <mkennell@redhat.com>
martinkennelly
force-pushed
the
okep-multi-network-egressip
branch
from
2f86a1b
to
40f831e
Compare
| There isn't a reliable way for each node controller to generate a deterministic packet mark based on the constraints mentioned previously | ||
| for each EgressIP CR. | ||
|
|
||
| Packet marks (integer) will be centrally allocated by a cluster manager managed allocator and annotated on each EgressIP CR. |
There was a problem hiding this comment.
note to self: check to see upgrade order - if node controllers updates before CM, it could be blocking reconfiguring EIP during upgrade until CM is upgraded.
Edit: its ovnkube-node first on ocp, therefore, during upgrade, waiting for the mark will block eip config.
There was a problem hiding this comment.
Initially, we thought we could derive the mark from the EIP CR name or UID but thats a bad idea for a number of reasons (name can change, string needs to map to int within a range and it may clash).
So, we thought CM seems a good place to allocate it but during upgrade, EIP config would be blocked until CM upgrades. Need input.
| +-----------------------------------------------------------+ | ||
| | secondaryeip-cdn-l3-non-ic and secondaryeip-udn-l3-non-ic | | ||
| +===========================================================+ | ||
| | TBD | |
There was a problem hiding this comment.
Options:
- Not support EIPs assigned to secondary interfaces for non-ic
- Use
ovn_cluster_routerto redirect to egress nodes GW and then also add a LRP to that egress nodes GW LRPs that redirect it to its mgnt port and pkt mark
This commit adds an enhancement proposal to support EgressIP for the user defined segmentation networks which serves as a primary network for the pods.