Disable RA for interfaces created by CNI (#567)
This commit is contained in:
tamilmani1989
GitHub
Родитель
11f2d74a7c
Коммит
6515faee86
|
|
@ -39,7 +39,11 @@ func (client *LinuxBridgeClient) CreateBridge() error {
|
|||
},
|
||||
}
|
||||
|
||||
return netlink.AddLink(&link)
|
||||
if err := netlink.AddLink(&link); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return epcommon.DisableRAForInterface(client.bridgeName)
|
||||
}
|
||||
|
||||
func (client *LinuxBridgeClient) DeleteBridge() error {
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ const (
|
|||
enableIPForwardCmd = "sysctl -w net.ipv4.ip_forward=1"
|
||||
toggleIPV6Cmd = "sysctl -w net.ipv6.conf.all.disable_ipv6=%d"
|
||||
enableIPV6ForwardCmd = "sysctl -w net.ipv6.conf.all.forwarding=1"
|
||||
disableRACmd = "sysctl -w net.ipv6.conf.%s.accept_ra=0"
|
||||
)
|
||||
|
||||
func getPrivateIPSpace() []string {
|
||||
|
|
@ -71,6 +72,10 @@ func CreateEndpoint(hostVethName string, containerVethName string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
if err := DisableRAForInterface(hostVethName); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -87,6 +92,10 @@ func SetupContainerInterface(containerVethName string, targetIfName string) erro
|
|||
return err
|
||||
}
|
||||
|
||||
if err := DisableRAForInterface(targetIfName); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Bring the interface back up.
|
||||
log.Printf("[net] Setting link %v state up.", targetIfName)
|
||||
return netlink.SetLinkState(targetIfName, true)
|
||||
|
|
@ -228,3 +237,13 @@ func AddSnatRule(match string, ip net.IP) error {
|
|||
target := fmt.Sprintf("SNAT --to %s", ip.String())
|
||||
return iptables.InsertIptableRule(version, iptables.Nat, iptables.Postrouting, match, target)
|
||||
}
|
||||
|
||||
func DisableRAForInterface(ifName string) error {
|
||||
cmd := fmt.Sprintf(disableRACmd, ifName)
|
||||
out, err := platform.ExecuteCommand(cmd)
|
||||
if err != nil {
|
||||
log.Errorf("[net] Diabling ra failed with err: %v out: %v", err, out)
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/Azure/azure-container-networking/log"
|
||||
"github.com/Azure/azure-container-networking/network/epcommon"
|
||||
"github.com/Azure/azure-container-networking/ovsctl"
|
||||
)
|
||||
|
||||
|
|
@ -72,6 +73,10 @@ func (client *OVSNetworkClient) CreateBridge() error {
|
|||
}
|
||||
}()
|
||||
|
||||
if err := epcommon.DisableRAForInterface(client.bridgeName); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return updateOVSConfig(ovsOpt)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -342,6 +342,10 @@ func CreateSnatBridge(snatBridgeIP string, mainInterface string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
if err := epcommon.DisableRAForInterface(SnatBridgeName); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
vethLink := netlink.VEthLink{
|
||||
LinkInfo: netlink.LinkInfo{
|
||||
Type: netlink.LINK_TYPE_VETH,
|
||||
|
|
@ -356,6 +360,14 @@ func CreateSnatBridge(snatBridgeIP string, mainInterface string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
if err := epcommon.DisableRAForInterface(azureSnatVeth0); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := epcommon.DisableRAForInterface(azureSnatVeth1); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("Assigning %v on snat bridge", snatBridgeIP)
|
||||
|
||||
ip, addr, _ := net.ParseCIDR(snatBridgeIP)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче