Skip tap/qbr/qvo ports

[mnaser]

The tap/qbr/qvo ports are not needed and they are local only ports that are used
inside OpenStack for wiring up VMs. In hypervisors with many VMs that are also
running Calico (not Calico for OpenStack, just a Kubernetes cluster that uses is
on the same infra), the CPU usage becomes very high for bird because of this.

[CLAassistant]

All committers have signed the CLA.

[caseydavenport]

@neiljerram is this the same config we use for Calico for OpenStack? Would this change potentially break OpenStack networking? Afraid I don't have enough knowledge in that area to answer myself...

[nelljerram]

@caseydavenport No. For Calico for OpenStack the BIRD config is unrelated to confd or to anything else inside the calico-node image. In fact it's even outside what we consider to be the Calico for OpenStack "product", and so is a detail for the deployer to set up - we just provide some example scripting and fragments here: https://github.com/projectcalico/felix/tree/master/etc

[nelljerram]

LGTM; one tiny spelling nit if you don't mind correcting it.

[nelljerram]

/sem-approve

[nelljerram]

@mnaser Ah. I'm sorry about this, but I'm afraid we will also need that same change in every bird.cfg file under tests/compiled_templates. Unfortunately our testing in this repo is a little repetitious...

[mnaser]

@mnaser Ah. I'm sorry about this, but I'm afraid we will also need that same change in every bird.cfg file under tests/compiled_templates. Unfortunately our testing in this repo is a little repetitious...

That's done, also noticed bird6.cfg template, done as well.

[nelljerram]

/sem-approve

[nelljerram]

@mnaser Is make test passing for you locally now? For me it's still failing, and it looks like the main problem is, from the confd log:

2021-06-21 13:41:38.603 [ERROR][4432] confd/run.go 52: Unable to process template /etc/calico/confd/templates/bird.cfg.template, template: bird.cfg.template:100: unexpected comment ends before closing delimiter in input
...
2021-06-21 13:41:38.604 [ERROR][4432] confd/run.go 52: Unable to process template /etc/calico/confd/templates/bird6.cfg.template, template: bird6.cfg.template:101: unexpected comment ends before closing delimiter in input

which I think comes in turn from the form of the commenting you've used here:

  {{- /*
       Exclude cali* and kube-ipvs* but include everything else.  In
       IPVS-mode, kube-proxy creates a kube-ipvs0 interface. We exclude
       kube-ipvs0 because this interface gets an address for every in use
       cluster IP. We use static routes for when we legitimately want to
       export cluster IPs.  In addition, OpenStack nodes use tap*/qvo*/qvb*
       for its networking so when deploying Calico side-by-side an OpenStack
       cloud then there will be a lot of those interfaces.
  */ -}}

Putting that comment inside {{- -}} means, I think, that it's intended as a comment to the templating system, and won't end up in the generated bird config. Is that what you meant? I think it would make more sense to leave out the {{- -}} and use BIRD comment syntax (#) instead, like this:

  interface -"cali*", -"kube-ipvs*", -"tap*", -"qvo*", -"qvb*", "*";
  # Exclude cali* and kube-ipvs* but include everything else.  In
  # IPVS-mode, kube-proxy creates a kube-ipvs0 interface. We exclude
  # kube-ipvs0 because this interface gets an address for every in use
  # cluster IP. We use static routes for when we legitimately want to
  # export cluster IPs.  In addition, OpenStack nodes use tap*/qvo*/qvb*
  # for its networking so when deploying Calico side-by-side an OpenStack
  # cloud then there will be a lot of those interfaces.

WDYT?

[caseydavenport]

@mnaser do you have time to look at this? Looks like there are some test failures - @neiljerram suggested a fix.

Moving to v3.21 for now.

[caseydavenport]

I'm going to close this for now due to inactivity, but give me a poke if you want to pick it up and we can re-open.

[mnaser]

I think this is related to:

• bird cpu single core usage is always 100% bird#77
• Bird CPU usage is almost always 100% bird#95

At least in our case anyways, sorry for not pushing up the follow up.

[mnaser]

@caseydavenport could we re-open this?

[nelljerram]

@mnaser Re-opened...

[caseydavenport]

/sem-approve

[caseydavenport]

Looks like a couple test files need to be updated:

Failed: bird.cfg templates do not match, showing diff of expected vs received04:39
35,43c35,4204:39
<   interface -"cali*", -"kube-ipvs*", "*"; # Exclude cali* and kube-ipvs* but04:39
<                                           # include everything else.  In04:39
<                                           # IPVS-mode, kube-proxy creates a04:39
<                                           # kube-ipvs0 interface. We exclude04:39
<                                           # kube-ipvs0 because this interface04:39
<                                           # gets an address for every in use04:39
<                                           # cluster IP. We use static routes04:39
<                                           # for when we legitimately want to04:39
<                                           # export cluster IPs.04:39
---04:39
>   interface -"cali*", -"kube-ipvs*", -"tap*", -"qvo*", -"qvb*", "*";04:39
>   # Exclude cali* and kube-ipvs* but include everything else.  In04:39
>   # IPVS-mode, kube-proxy creates a kube-ipvs0 interface. We exclude04:39
>   # kube-ipvs0 because this interface gets an address for every in use04:39
>   # cluster IP. We use static routes for when we legitimately want to04:39
>   # export cluster IPs.  In addition, OpenStack nodes use tap*/qvo*/qvb*04:39
>   # for its networking so when deploying Calico side-by-side an OpenStack04:39
>   # cloud then there will be a lot of those interfaces.

You should be able to do this easily with make UPDATE_EXPECTED_DATA=true test and committing the results.

[caseydavenport]

The Calico team is reorganizing our code and repository structure in order to make development easier, and as such all of the code in this repository is now located at https://github.com/projectcalico/calico. We appreciate your PR and your patience as we work to improve our developer experience, and welcome you to re-open your changes against the new location. Please reach out if you have any questions!