[Backport 17.06] Overlay fix for transient IP reuse #1965
Conversation
In the peerDelete the updateDB flag was always true In the peerAdd the updateDB flag was always true except for the initSandbox case. But now the initSandbox is handled by the go routing of the peer operations, so we can move that flag down and remove it from the top level functions Signed-off-by: Flavio Crisciani <[email protected]> (cherry picked from commit 396db35)
Use the string concatenation operator instead of using Sprintf for simple string concatenation. This is usually easier to read, and allows the compiler to detect problems with the type or number of operands, which would be runtime errors with Sprintf. Signed-off-by: Aaron Lehmann <[email protected]> (cherry picked from commit dbd2925)
- Handle IP reuse in overlay (cherry picked from commit 49200cb) - flush peerdb entries on network delete (cherry picked from commit 2ec096a) - log for miss notification (cherry picked from commit 097b363) - Changed ipMask to string (cherry picked from commit d93b9b0) Signed-off-by: Flavio Crisciani <[email protected]>
|
Given the dates, it looks like it's not in 17.06.2. Is 17.06.3 planned? |
| @@ -760,58 +757,38 @@ func (n *network) watchMiss(nlSock *nl.NetlinkSocket) { | |||
| continue | |||
| } | |||
|
|
|||
| logrus.Debugf("miss notification: dest IP %v, dest MAC %v", ip, mac) | |||
There was a problem hiding this comment.
miss notifications were a handy signature of ipvs connection tracking timeouts, since the after-timeout connection attempt arps for the VIP. i miss them. when is time.Since(t) expected to exceed a second?
There was a problem hiding this comment.
time.Since is simple used as a rate limiter below, in order not to flood the logs with a notification that potentially is driven by data packets.
Anyway just as an heads up, the whole watchMiss logic is gone from swarm mode, so nothing of this code will be executed
There was a problem hiding this comment.
ah. that would explain the lack of messages then.
There was a problem hiding this comment.
have l2miss and l3miss been disabled on vxlan0? No reason to generate the notification if it's not being consumed.
There was a problem hiding this comment.
actually, for my diagnostic purposes, there might be :-).
ip -t monitor neigh in the overlay namespace can provide the record of miss notifications we used to get from the daemon.
There was a problem hiding this comment.
actually the whole go routine is neither spawned.
this will save per overlay namespace: 1 thread (that was used for the recv syscall) and 1 netlink socket. Definitely too many resources only to print a log :)
Backport of the PR: #1935
Squashed all the commits into single one and added 2 dependecies to avoid conflict resolution