Delete stale v6 address from cilium_host #25962
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
jschwinger233
added
the
release-note/bug
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
jschwinger233
added
upgrade-impact
maintainer-s-little-helper
bot
removed
dont-merge/needs-release-note-label
|
The patch has been tested and confirmed to fix the issue. |
|
Thanks! I think we should open this PR for the |
jschwinger233
requested review from
nathanjsweet,
chancez,
kaworu and
viktor-kurchenko
and removed request for
kaworu,
nathanjsweet and
chancez
brb
reviewed
Jun 7, 2023
jschwinger233
force-pushed
the
gray/fix-downgrade
branch
from
d36afa9
to
b775211
Compare
brb
reviewed
Jun 7, 2023
jschwinger233
force-pushed
the
gray/fix-downgrade
branch
from
b775211
to
475ce7f
Compare
brb
reviewed
Jun 7, 2023
Prior to 1.14, Cilium set the cilium_host IPv6 addr to the same one as the native iface, but cilium#24208 replaces the native IPv6 with the one allocated from IPAM. That change breaks the downgrade path due to failures on installing CIDR routes. To fix the downgrade path, the ideal way is to delete the stale IPv6 on cilium_host, as long as the IPv6 is from IPAM; but in practical, we don't have a perfect approach to tell if an IPv6 is from IPAM due to the complicated situations for multi-pool IPAM, ENI IPAM, and so on. Therefore, this commit deletes global scope IPv6 on cilium_host as long as the address is not the one we want. We believe this is so far the most robust way to make sure stale addresses are gone. Fixes: cilium#25938 Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
jschwinger233
force-pushed
the
gray/fix-downgrade
branch
from
475ce7f
to
adf8659
Compare
Closed
|
/test |
|
|
|
/test-backport-1.13 |
|
Tested with the downgrade CI - it works! https://github.com/cilium/cilium/actions/runs/5198987404/jobs/9375802753 (please ignore the red builds, as they are suffering from other problems). |
lmb
reviewed
Jun 7, 2023
lmb
approved these changes
Jun 7, 2023
|
/test-1.19-4.19 |
|
All the |
jschwinger233
added
the
ready-to-merge
This was referenced Jun 9, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prior to 1.14, Cilium set the cilium_host IPv6 addr to the same one as the native iface, but #24208 replaces the native IPv6 with the one allocated from IPAM. That change breaks the downgrade path due to failures on installing CIDR routes.
To fix the downgrade path, the ideal way is to delete the stale IPv6 on cilium_host, as long as the IPv6 is from IPAM; but in practical, we don't have a perfect approach to tell if an IPv6 is from IPAM due to the complicated situations for multi-pool IPAM, ENI IPAM, and so on.
Therefore, this PR deletes global scope IPv6 on cilium_host as long as the address is not the one we want. We believe this is so far the most robust way to make sure stale addresses are gone.
Fixes: #25938
Signed-off-by: Zhichuan Liang gray.liang@isovalent.com