Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote subnet feature #1061

Merged
merged 2 commits into from
Dec 17, 2018
Merged

Remote subnet feature #1061

merged 2 commits into from
Dec 17, 2018

Conversation

ksubrmnn
Copy link
Contributor

@ksubrmnn ksubrmnn commented Nov 9, 2018
edited
Loading

Description

This PR implements the HNS Remote Subnet feature. With this feature, Flannel in overlay will create one network policy per subnet instead of creating several endpoints per subnet.

Todos

  • Tests
  • Documentation

Release Note

Requires Windows Build 18301 or later

@ksubrmnn ksubrmnn closed this Nov 12, 2018
@ksubrmnn ksubrmnn reopened this Nov 13, 2018
@rajatchopra
Copy link
Contributor

@ksubrmnn do you plan to add the tests and documentation in this PR?

@ksubrmnn
Copy link
Contributor Author

ksubrmnn commented Dec 4, 2018

@rajatchopra Testing and documentation will probably take about 2 weeks. I think it's fine to merge this PR and follow up with testing/docs in a separate PR, if that's okay with you. This has been manually validated.

@rajatchopra rajatchopra mentioned this pull request Dec 4, 2018
Closed
rajatchopra
rajatchopra reviewed Dec 12, 2018
View reviewed changes
backend/vxlan/vxlan_network_windows.go

networkPolicySettings := hcn.RemoteSubnetRoutePolicySetting{
IsolationId: 4096,
DistributedRouterMacAddress: net.HardwareAddr(vxlanAttrs.VtepMAC).String(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a question. How was it even working with ConjureMAC before? Not ARP right? Or was the MAC manufactured and dropped on the interface?

Copy link
Contributor Author

@ksubrmnn ksubrmnn Dec 12, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Previously there was a remote endpoint for each IP in the subnet on the host. For example if Host A has subnet 192168.1.0/24 and Host B has 192.168.2.0/24, then Host A had 250+ remote endpoints from 192.168.2.1-254. Vice versa for Host B

This was before HNS had the remote subnet feature. And before Remote Subnet, many things were not working properly like service vip, node port access, etc. With remote subnet feature, this RemoteSubnetPolicy replaces the tens/hundreds of endpoints you previously had to create per other node in the cluster.

With the previous remote endpoint strategy, it worked because flannel sets the mac by using a similar approach with mac prefix and then setting the mac based on IP. So we just used conjureMac in flanneld to replicate that logic. So it was a real mac, that we sort of figured out from the IP.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One would have hoped that the MAC can be learned through ARP. But I assume this is for added security.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated my previous response after consulting with Dinesh when I realized I misunderstood your original question

rajatchopra
rajatchopra approved these changes Dec 12, 2018
View reviewed changes
Copy link
Contributor

@rajatchopra rajatchopra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
@ksubrmnn Minor nit and a question. Otherwise ready to go, let me know if there are any more changes planned.

@ksubrmnn
Copy link
Contributor Author

@rajatchopra let me do one final run in the morning for peace of mind, then we can merge.

Only upcoming changes I can foresee are removing hardcoding of VNI (necessary for now until I can add a small Linux change) and testing. Both of those will be separate PRs from this though.

@ksubrmnn
Copy link
Contributor Author

@rajatchopra this looks good to merge.

@rajatchopra
Copy link
Contributor

@ksubrmnn Thanks.

@rajatchopra rajatchopra merged commit 39af3d7 into flannel-io:master Dec 17, 2018
@ksubrmnn ksubrmnn mentioned this pull request Feb 27, 2019
Closed
6 tasks
@ksubrmnn ksubrmnn mentioned this pull request Oct 14, 2019
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajatchopra rajatchopra rajatchopra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ksubrmnn @rajatchopra