Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

egressgw: improvements for FIB-driven redirect path #30576

Merged
merged 2 commits into from Feb 5, 2024
Merged

egressgw: improvements for FIB-driven redirect path #30576

merged 2 commits into from Feb 5, 2024

Conversation

julianwiedmann
Copy link
Member

@julianwiedmann julianwiedmann commented Feb 1, 2024
edited

Iron out a few corner-cases in the new BPF-redirect logic for egressgw. This follows #26215 and #29379.

@julianwiedmann julianwiedmann added sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/misc This PR makes changes that have no direct user impact. feature/egress-gateway Impacts the egress IP gateway feature. needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Feb 1, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.15.1 Feb 1, 2024
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann changed the title 1.16 bpf egressgw fib egressgw: improvements for FIB-driven redirect path Feb 1, 2024
@julianwiedmann julianwiedmann marked this pull request as ready for review February 1, 2024 13:06
@julianwiedmann julianwiedmann requested a review from a team as a code owner February 1, 2024 13:06
@julianwiedmann julianwiedmann mentioned this pull request Feb 1, 2024
Closed
@lmb lmb removed their request for review February 2, 2024 14:43
@julianwiedmann
bpf: egressgw: handle FIB lookup without ifindex
fe43767 
On kernels without HAVE_FIB_IFINDEX, we need to consider that a FIB lookup
with BPF_FIB_LKUP_RET_NO_NEIGH doesn't return a valid fib_params.l.ifindex
(see d1c362e1dd68 ("bpf: Always return target ifindex in bpf_fib_lookup")).

Instead:
- for the redirect in to-netdev, we exit on the current interface.
- for the redirect in from-overlay, we route via the stack.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
bpf: egressgw: clarify egress ifindex for BPF redirect
8b52869 
When the FIB lookup in to-netdev returns the same ifindex as the current
interface, we want to skip the redirect. But that doesn't apply for the
lookup in from-overlay - here we *always* need to redirect to the selected
interface.

As we previously handled the !is_defined(HAVE_FIB_IFINDEX) case, we can
pass oif = 0 and trust that fib_do_redirect() will always use the ifindex
from the fib_params.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
Copy link
Member Author

/test

@julianwiedmann julianwiedmann added this pull request to the merge queue Feb 5, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Feb 5, 2024
Merged via the queue into cilium:main with commit 840cc57 Feb 5, 2024
62 checks passed
@julianwiedmann julianwiedmann deleted the 1.16-bpf-egressgw-fib branch February 5, 2024 17:24
@nbusseneau nbusseneau mentioned this pull request Feb 8, 2024
Merged
12 tasks
@nbusseneau nbusseneau added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Feb 8, 2024
@github-actions github-actions bot removed the backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. label Feb 9, 2024
@github-actions github-actions bot added the backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. label Feb 9, 2024
@maintainer-s-little-helper maintainer-s-little-helper bot removed this from Needs backport from main in 1.15.1 Feb 9, 2024
@michi-covalent michi-covalent mentioned this pull request Feb 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jibi jibi jibi approved these changes

@ysksuzuki ysksuzuki ysksuzuki approved these changes

Assignees
No one assigned
Labels
backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. feature/egress-gateway Impacts the egress IP gateway feature. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@julianwiedmann @jibi @ysksuzuki @nbusseneau