autodetect global addresses on loopback interfaces #95790
Conversation
k8s-ci-robot
added
release-note
|
@aojea: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-triage
k8s-ci-robot
added
sig/api-machinery
There are some network scenarios that, in order to have high availability based on routing protocols, you may have multiple interfaces in the host and you use a routing protocol to configure the routing in the host. It is common to not use global addresses on those interfaces because you don't want them to be reachable, so you assign the global address to the loopback interface. Loopback interfaces are always up, regardless of the states of physical interfaces. They are not subject to interface problems, i.e., if the interface is down or flapping you can not reach the IP despite you have connectivity through another interface. We should consider global ip addresses on loopback interfaces when: - the host has default routes - there are no global IPs on those interfaces. There can be more cases in which you have global addresses on the interfaces too, but that will open an explosion of scenarios hard to support and to "autodetect" It will be a cluster admin responsability to configure the network in such scenarios.
|
I don't have the networking context to know if this change makes sense. Can you clarify the following:
|
|
i think we should reword the release note to exclude code details and only leave the user facing part for affected components e.g.: |
for current callers that are succeeding there is no change, I've also added unit test to verify that we don't break that
the goal of In more complex scenarios that does not have the advantage of one IaaS taking care of the underlay network of the host, like in baremetal, you use to have more than one interface connected to different switches, to provide redundancy. There are different ways to provide redundancy with multiple interfaces, but that opens a lot of scenarios and I don't think that we must support any of them, but from all of those there is one that we can be sure that the the global address in the loopback interface is the right one to return unequivocally:
|
| {"interface and loopback with global, IPv6", routeV6, globalsNetworkInterface{}, preferIPv6, net.ParseIP("fd00::200")}, | ||
| {"interface and loopback with global, dual stack prefer IPv4", bothRoutes, globalsNetworkInterface{}, preferIPv4, net.ParseIP("192.168.1.1")}, | ||
| {"interface and loopback with global, dual stack prefer IPv6", bothRoutes, globalsNetworkInterface{}, preferIPv6, net.ParseIP("fd00::200")}, | ||
| {"interface and loopback with global, no routes", noRoutes, globalsNetworkInterface{}, preferIPv6, nil}, |
There was a problem hiding this comment.
@liggitt these are the tests that verify that we don't modify previous behaviour, 192.168.1.1 and fd00::200 are the ones assigned to the interfaces and we check that take precedence over the ones assigned to the loopback interfaces
k8s-ci-robot
added
the
sig/network
|
/retest |
| // In case of network setups where default routes are present, but network | ||
| // interfaces use only link-local addresses (e.g. as described in RFC5549). | ||
| // the global IP is assigned to the loopback interface | ||
| loopbackIP, err := getIPFromInterface(LoopbackInterfaceName, family, nw) |
There was a problem hiding this comment.
Do we need to make a similar check for loopback addresses in chooseIPFromHostInterfaces? Currently it also skips the loopback interface:
kubernetes/staging/src/k8s.io/apimachinery/pkg/util/net/interface.go
Lines 296 to 299 in 078d2e6
There was a problem hiding this comment.
Ah I see now -- this is only relevant when there's a default route and chooseIPFromHostInterfaces is not called unless there are no default routes anyways.
|
SIG apimachinery passed this again and still wait for SIG network feedback. |
|
/retest |
k8s-ci-robot
added
size/L
|
/retest |
|
Thanks! /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aojea, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
do we want this in 1.20 @thockin ? |
|
/remove-sig api-machinery |
k8s-ci-robot
removed
the
sig/api-machinery
|
Let's address next version, too late in this cycle for this change IMHO |
|
@aojea: You must be a member of the kubernetes/milestone-maintainers GitHub team to set the milestone. If you believe you should be able to issue the /milestone command, please contact your and have them propose you as an additional delegate for this responsibility. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/milestone 1.21 |
|
@andrewsykim: The provided milestone is not valid for this repository. Milestones in this repository: [ Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/milestone v1.21 |
What type of PR is this?
/kind bug
/kind feature
What this PR does / why we need it:
There are some network scenarios that, in order to have high availability based
on routing protocols, you may have multiple interfaces in the host and you use
a routing protocol to configure the routing.
It is common to not use global addresses on those interfaces because you don't want
them to be reachable, so you assign the global address to the loopback interface.
Loopback interfaces are always up, regardless of the states of physical interfaces.
They are not subject to interface problems, i.e., if the interface is down or flapping
you can not reach the IP despite you have connectivity through another interface.
We should consider global ip addresses on loopback interfaces when:
There can be more cases in which you have global addresses on the interfaces too,
but that will open an explosion of scenarios hard to support and to "autodetect"
It will be a cluster admin responsibility to configure the network in such
scenarios.
Which issue(s) this PR fixes:
Fixes #95779
Special notes for your reviewer:
Does this PR introduce a user-facing change?: