SessionAffinity timeout max value #1578
Labels
area/ovs
Issues or PRs related to OVS
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
wontfix
This will not be worked on
Comments
antoninbas
added
kind/bug
|
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment, or this will be closed in 180 days |
github-actions
bot
added
the
lifecycle/stale
antoninbas
removed
the
lifecycle/stale
|
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment, or this will be closed in 180 days |
github-actions
bot
added
the
lifecycle/stale
antoninbas
removed
the
lifecycle/stale
|
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days |
github-actions
bot
added
the
lifecycle/stale
antoninbas
removed
the
lifecycle/stale
antoninbas
added a commit
to antoninbas/antrea
that referenced
this issue
Apr 9, 2022
SessionAffinity timeout is implemented using a hard_timeout in OVS. hard_timeout is represented by a uint16 in the OpenFlow protocol, hence we cannot support timeouts greater than 65535 seconds. However, the K8s Service spec allows timeout values up to 86400 seconds for ClientIP-based SessionAffinity (https://godoc.org/k8s.io/api/core/v1#ClientIPConfig). For values greater than 65535 seconds, we need to set the hard_timeout to 65535 rather than let the timeout value wrap around. For antrea-io#1578 Signed-off-by: Antonin Bas <[email protected]>
antoninbas
added a commit
to antoninbas/antrea
that referenced
this issue
Apr 12, 2022
SessionAffinity timeout is implemented using a hard_timeout in OVS. hard_timeout is represented by a uint16 in the OpenFlow protocol, hence we cannot support timeouts greater than 65535 seconds. However, the K8s Service spec allows timeout values up to 86400 seconds for ClientIP-based SessionAffinity (https://godoc.org/k8s.io/api/core/v1#ClientIPConfig). For values greater than 65535 seconds, we need to set the hard_timeout to 65535 rather than let the timeout value wrap around. For antrea-io#1578 Signed-off-by: Antonin Bas <[email protected]>
antoninbas
added a commit
that referenced
this issue
Apr 13, 2022
…3609) SessionAffinity timeout is implemented using a hard_timeout in OVS. hard_timeout is represented by a uint16 in the OpenFlow protocol, hence we cannot support timeouts greater than 65535 seconds. However, the K8s Service spec allows timeout values up to 86400 seconds for ClientIP-based SessionAffinity (https://godoc.org/k8s.io/api/core/v1#ClientIPConfig). For values greater than 65535 seconds, we need to set the hard_timeout to 65535 rather than let the timeout value wrap around. For #1578 Signed-off-by: Antonin Bas <[email protected]>
antoninbas
added
lifecycle/frozen
|
Since #3609, we do the following when the user-provided timeout exceeds the maximum supported value (65535):
Freezing this issue and tagging it as "wontfix" because this is not something we can resolve further without a huge effort, and using a timeout larger than 65535 seconds is probably a very niche scenario. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
According to the K8s API documentation, the maximum value for
service.spec.sessionAffinityConfig.clientIP.timeoutSecondsis 86400, which corresponds to 1 day. See https://godoc.org/k8s.io/api/core/v1#ClientIPConfig.In Antrea, the maximum value is actually 65535, since this timeout is implemented using an OpenFlow hard timeout, which is a uint16.
I am not sure there is too much we can do about this, except for documenting this limitation somewhere.
Versions:
The text was updated successfully, but these errors were encountered: