[DNM] Ovs cpu part2 saga revert set4 #2561
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
tssurya
changed the title
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
@tssurya: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
openshift-merge-robot
added
the
needs-rebase
Tests: - host networked pod -> nodeport -> ovnk backend (UDP) - VM (1500 mtu) -> host networked pod on another node (TCP) - ovnk pod -> host networked pod on another node (UDP) Each of these test would trigger a node to install a lower MTU route in its cache towards another node, due to PMTUD. The test fails if it detects such a route. Signed-off-by: Tim Rozet <[email protected]> (cherry picked from commit f8bf30b)
Create nftables rules to block sending ICMP needs frag/packet too big for known Kubernetes node IPs. PMTUD between nodes can be deterimental to the cluster. Note, this does not affect PMTUD messages received from an intermediary router. For shared gateway mode, also install openflow rules to drop needs frag packets from OVN GR that are destined to known kubernetes nodes. Signed-off-by: Tim Rozet <[email protected]> (cherry picked from commit b23bcb0)
This test works under the premise that sending UDP packets via netcat would trigger ICMP needs frag. For shared gateway mode, packets to a host networked pod endpoint are not fragmented and are rerouted out of GR back to the next host endpoint. However, for OVN networked endpoints and shared gateway mode, the packet will hit the GR and then even if DF bit is not set, OVN GR will send back an ICMP needs frag (because OVS is incapable of fragmentation across different MTU boundary interfaces). For local gateway mode, large packets that hit an intermediary node are DNAT'ed in iptables to the cluster IP service. Then there is a route for cluster IP service set to 1400 byte MTU. This will trigger the kernel to drop the packet when DF bit is set. Since our new logic prevents ICMP needs frag from installing a cached MTU route, the client will continue to send packets with a 1500 byte MTU and they will be dropped. We choose not to fix this for now as it was identified as not a practical use case: https://issues.redhat.com/browse/OCPBUGS-7609 It could be fixed in the future by using an ip rule to match on nodeport port range, and then redirecting traffic to another routing table with a lower MTU on the route. Signed-off-by: Tim Rozet <[email protected]> (cherry picked from commit bc261a1)
This allows ovn_cluster_router to send ICMP needs frag when too large of a packet is sent from a pod (such as from a kubevirt VM with too large an MTU). See https://issues.redhat.com/browse/FDP-1295 for more details. Signed-off-by: Tim Rozet <[email protected]> (cherry picked from commit 9577e9f)
Today, we require that VF accelerated gateway interface must be explicitly configured. This change allows VF based accelerated gateway interface without explict configuration. Signed-off-by: Yun Zhou <[email protected]> (cherry picked from commit 0851d4c)
Signed-off-by: nithyar <[email protected]> (cherry picked from commit 4dcedbe)
Signed-off-by: nithyar <[email protected]> (cherry picked from commit a13d977)
tssurya
force-pushed
the
OVS-CPU-part2-saga-revert-set4
branch
from
9985676 to
7796d12
Compare
openshift-merge-robot
removed
the
needs-rebase
This reverts commit 0ee80bf. Conflict in gateway_shared_intf.go because of https://github.com/ovn-kubernetes/ovn-kubernetes/pull/5153/files#diff-d3aa58d9b58a0a09264f072df46ab01d0501eb508c4656411ae2dc1ac68fb3c4 Signed-off-by: Surya Seetharaman <[email protected]> (cherry picked from commit ebb7339)
This reverts commit b1525c3. Signed-off-by: Surya Seetharaman <[email protected]> (cherry picked from commit 936e621)
|
/payload 4.20 nightly blocking |
|
@tssurya: trigger 11 job(s) of type blocking for the nightly release of OCP 4.20
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/01a9bb70-2f08-11f0-9b12-087fc33ce2b4-0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MTU changes from RH and NVIDIA