[flexible-ipam] Use uplink interface name for host interface internal port

[gran-vmv]

Use uplink interface name for host interface internal port, to support DHCP client.
Add a suffix to uplink when bridging to OVS bridge.

Signed-off-by: gran gran@vmware.com

[codecov-commenter]

Codecov Report

Merging #3938 (8f0bdf0) into main (2f9134b) will increase coverage by 1.51%.
The diff coverage is 19.23%.

❗ Current head 8f0bdf0 differs from pull request most recent head 7584f1d. Consider uploading reports for the commit 7584f1d to get more accurate results

@@            Coverage Diff             @@
##             main    #3938      +/-   ##
==========================================
+ Coverage   64.58%   66.09%   +1.51%     
==========================================
  Files         295      309      +14     
  Lines       43740    43875     +135     
==========================================
+ Hits        28251    29001     +750     
+ Misses      13215    12558     -657     
- Partials     2274     2316      +42     

Flag	Coverage Δ		*Carryforward flag
e2e-tests	60.35% <ø> (?)
kind-e2e-tests	51.15% <18.26%> (ø)		Carriedforward from 2f9134b
unit-tests	44.31% <3.84%> (ø)		Carriedforward from 2f9134b

*This pull request uses carry forward flags. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/agent_linux.go	5.14% <0.00%> (ø)
pkg/agent/cniserver/pod_configuration.go	54.59% <0.00%> (ø)
pkg/agent/util/net_linux.go	31.61% <ø> (ø)
pkg/agent/util/net.go	51.94% <21.42%> (ø)
pkg/ovs/ovsconfig/ovs_client.go	47.79% <62.50%> (ø)
pkg/agent/agent.go	52.42% <100.00%> (ø)
pkg/agent/controller/trafficcontrol/controller.go	81.08% <100.00%> (ø)
... and 36 more

[gran-vmv]

@wenyingd Which prefix you used in BM/VM?

[wenyingd]

Prefix phy is used in VM support case. But I am thinking maybe ant is better to represent it is renamed by Antrea, just like antctl? What's your thought @gran-vmv @mengdie-song ?

[gran-vmv]

@tnqn

[jianjuns]

Could we use antrea- (as antrea-gw0, antrea-tun0), or you would choose a shorter prefix due to the interface length limit?

[jianjuns]

I know NSX-T appends a single letter to the interface name (I remember it is ~, like eth0~).

[gran-vmv]

Linux has a property IFNAMSIZ to limit the network interface name length to 15 bytes, thus I prefer to use short prefix/suffix, and I feel that suffix ~ is better. @wenyingd @tnqn @mengdie-song

[wenyingd]

I am OK with the suffix, but I think we should test if it is working on Windows, let me try.

[gran-vmv]

In BM/VM and this PR, we'll restrict the uplink interface name length, thus we'd better choose a shorter prefix/suffix to improve the compatibility.

[wenyingd]

Is it possible to provide an API from ovsBridgeClient to support create a pair of ports? We could give the expected names of uplink and host internal port as parameters, along with other parameters like expected port MAC?

[gran-vmv]

Yes, but I think we can do this refactor in future.

[wenyingd]

Move this to path pkt/agent/util/net ? The same as function getTransportIPNetDeviceByName

[wenyingd]

Rename as getTransportIPNetByNameWithExcludedList as it returns []*net.IPNet but not net interface?

[gran-vmv]

Fixed name.
As you commented in getTransportIPNetDeviceByName, we should keep this func in package agent, and do refactor in future if needed.
// getTransportIPNetDeviceByName is meant to be overridden for testing.

[wenyingd]

I would prefer to add a new signature to support configuring port MAC with a specific value, since this is not a general case.

[gran-vmv]

I prefer to add MAC for this func, since MAC property is supported only in InternalPort, and the default value "" also matches OVS spec.

[wenyingd]

@tnqn @jianjuns What is your point?

[jianjuns]

No strong preference. Either way works for me. I feel no issue to add MAC to this func.

[tnqn]

No strong preference from me.

[gran-vmv]

OK. Let's keep existing changes.

[gran-vmv]

@wenyingd @tnqn @jianjuns Any more comments?

[wenyingd]

Overall LGTM, one ask.

[wenyingd]

I didn't find a consumer of this function to provide valid excludedIPs, is this parameter really needed?

I also mentioned the same question in VM patch, is it necessary in this function to filter only global IP address? I didn't find an example to say it is harm, but just a bit confuse on it.

[tnqn]

Agree with Wenying, generically we should avoid adding code/parameters that are not used anywhere to save development, review, maintenance efforts. They can be added any time when they are actually required.

[gran-vmv]

Removed unused parameter.

[tnqn]

I wonder if we should still use a predefined config.BridgeOFPort for the host interface to make the process of allocating ofport for well known ports consistent and less confusing to use config.UplinkOFPort as start port for HostInterfaceOFPort.

[jianjuns]

Guess the problem is we may potentially have multiple uplinks. @wenyingd

But why we must allocate the port in advance, rather than let CreatePort() return a OFPort?

[gran-vmv]

config.UplinkOFPort is a reserved port ID which is not valid in a port request.
This line means we apply for next available port ID and the start ID is UplinkOFPort.
Jianjun suggested another design in #3938 (comment)

[tnqn]

Agree with Wenying, generically we should avoid adding code/parameters that are not used anywhere to save development, review, maintenance efforts. They can be added any time when they are actually required.

[tnqn]

No strong preference from me.

[tnqn]

nit: getFreeOFPort(startPort int, reservedPorts ...int32) also makes sense in this case and can avoid updating callers which don't need to set reservedPorts.

[jianjuns]

To make it simpler, should we maintain the allocated port numbers in OVSBridgeClient (so no need to have the callers pass the reservedPorts)?

[gran-vmv]

Accepted Quan's comment. We can discuss here #3938 (comment) for reservedPorts cache.

[jianjuns]

This func should be moved OVSBridgeClient?

[jianjuns]

To make it simpler, should we maintain the allocated port numbers in OVSBridgeClient (so no need to have the callers pass the reservedPorts)?

[gran-vmv]

@wenyingd Any idea about this?
Current implementation is more flexible, and Jianjun's suggestion is safer.

[jianjuns]

Guess the problem is we may potentially have multiple uplinks. @wenyingd

But why we must allocate the port in advance, rather than let CreatePort() return a OFPort?

[jianjuns]

To make it simpler, should we maintain the allocated port numbers in OVSBridgeClient (so no need to have the callers pass the reservedPorts)?

[wenyingd]

Guess the problem is we may potentially have multiple uplinks. @wenyingd

But why we must allocate the port in advance, rather than let CreatePort() return a OFPort?

The workflow that allocating an OF port first then consuming it but not creating OVS port directlly is not about multiple uplink support, it is existing only in AntreaIPAM, because we need the expected uplink OF port number in the OpenFlow pipeline init stage to install many flows which is not per Pod perspective, but the uplink interface is attached to OVS after this stage, accurately, it should be performed when the flow-restored flag is set as true.

For VM support or Windows cases, we don't have this additional requirement.

[jianjuns]

The workflow that allocating an OF port first then consuming it but not creating OVS port directly is not about multiple uplink support

The original question from Quan is whether we can use pre-defined constant OFPort for the host interface. And I guess one reason we do not do that is because we may support multiple uplinks later?

it is existing only in AntreaIPAM, because we need the expected uplink OF port number in the OpenFlow pipeline init stage to install many flows which is not per Pod perspective, but the uplink interface is attached to OVS after this stage, accurately, it should be performed when the flow-restored flag is set as true.

I did not remember the code well, but can we change the order to create the host port first? @wenyingd @gran-vmv

[gran-vmv]

The workflow that allocating an OF port first then consuming it but not creating OVS port directly is not about multiple uplink support

The original question from Quan is whether we can use pre-defined constant OFPort for the host interface. And I guess one reason we do not do that is because we may support multiple uplinks later?

it is existing only in AntreaIPAM, because we need the expected uplink OF port number in the OpenFlow pipeline init stage to install many flows which is not per Pod perspective, but the uplink interface is attached to OVS after this stage, accurately, it should be performed when the flow-restored flag is set as true.

I did not remember the code well, but can we change the order to create the host port first? @wenyingd @gran-vmv

We can use a pre-defined constant OFPort for the host interface, but this is not best practice since Wenying already added support for dynamic OFPort for HostInterface/Uplink port, and a constant may conflict with existing OFPort. (e.g. User created many regular Pods and then enable FlexibleIPAM)

Previously we create BridgePort (br-int) as HostInterfacePort and it works well. However, since we need to change the BridgePort to an InternalPort with same name as Uplink, we can only create this port after Uplink is renamed.
The process is:

1. Occupy OFPortID for Uplink/HostInterfacePort
2. [not-this-PR] Init OVS flows
3. [not-this-PR] Release flow-restore-wait flag (Important!)
4. Rename Uplink and create Uplink OVS port (eth0->eth0~, then create eth0~ port)
5. Create OVS port for HostInterface (create eth0 port on OVS with same MACAddress)
6. [not-this-PR] Run CNIServer

[jianjuns]

1. Occupy OFPortID for Uplink/HostInterfacePort
2. [not-this-PR] Init OVS flows
3. [not-this-PR] Release flow-restore-wait flag (Important!)
4. Rename Uplink and create Uplink OVS port (eth0->eth0~, then create eth0~ port)
5. Create OVS port for HostInterface (create eth0 port on OVS with same MACAddress)
6. [not-this-PR] Run CNIServer

I meant can we change to:

1. Rename Uplink and create Uplink OVS port (eth0->eth0~, then create eth0~ port)
2. Create OVS port for HostInterface (create eth0 port on OVS with same MACAddress)
3. [not-this-PR] Init OVS flows
4. [not-this-PR] Release flow-restore-wait flag (Important!)
5. [not-this-PR] Run CNIServer

If we have to reserve OFPorts, I suggest to move the func into OVSBridgeClient, and maintain allocated OFPorts there, to simplify the caller side.

[gran-vmv]

I meant can we change to:

1. Rename Uplink and create Uplink OVS port (eth0->eth0~, then create eth0~ port)
2. Create OVS port for HostInterface (create eth0 port on OVS with same MACAddress)
3. [not-this-PR] Init OVS flows
4. [not-this-PR] Release flow-restore-wait flag (Important!)
5. [not-this-PR] Run CNIServer

If we have to reserve OFPorts, I suggest to move the func into OVSBridgeClient, and maintain allocated OFPorts there, to simplify the caller side.

We cannot change the sequence since antrea-agent is unable to access K8s apiserver after step 1, but this access is required by some other steps in initialization.
I'll move this func to OVSBridgeClient.

[tnqn]

two nits, otherwise LGTM

[tnqn]

I think the qualifier “transport" shouldn't here. The function in pkg/agent/agent.go has it because it's used to fetch transport interface's IPs, but this is a generic util function and its implementation has nothing to do with transport interface.

[gran-vmv]

Changed to GetAllIPNetsByName, since we already have GetIPNetDeviceByName

[tnqn]

Perhaps just AllocateOFPort

[gran-vmv]

Fixed.

[jianjuns]

A nit

[jianjuns]

port -> port number

[gran-vmv]

Fixed.

[tnqn]

LGTM

[tnqn]

/test-networkpolicy