add support for v4 routes over v6 nexthops #181
Conversation
Nieuwejaar
left a comment
Nieuwejaar
left a comment
There was a problem hiding this comment.
Could you some tests for this? It's not something that's going to get exercised in a normal racklette or a4x2 run.
| wd=`pwd` | ||
| export WS=$wd | ||
| STARTUP_TIMEOUT=${STARTUP_TIMEOUT:=15} | ||
| STARTUP_TIMEOUT=${STARTUP_TIMEOUT:=45} |
There was a problem hiding this comment.
I've never seen this be an issue before. Are you seeing this in CI or somewhere else?
There was a problem hiding this comment.
I see it regularly when running the tests locally on a development VM.
There was a problem hiding this comment.
I've been re-testing this after a rebase. I still hit this on a colo VM. I think we should consider colo VMs first class development environments and supported out of the box. I need to set the timeout to 45 to make things reliable. My colo VM has 8 vCPUs and 32 GB of memory. Perhaps we can come up with a better mechanism than a simple timeout. We could poll dpd until the API comes up with a more pessimistic timeout so the poll will make it work more quickly on faster machines.
There was a problem hiding this comment.
At any rate I've put this back at 15 for now and will just have to remember to manually set it on colo VMs
There was a problem hiding this comment.
If you're hitting this on a colo VM, then it seems reasonable to bump it up.
dpd-api/src/lib.rs
Outdated
| path = "/route/ipv4", | ||
| versions = ..VERSION_V4_OVER_V6_ROUTES | ||
| }] | ||
| async fn route_ipv4_list_v2( |
There was a problem hiding this comment.
Why is this v2? What was v1?
I've taken a very different approach to route versioning in the PR I sent you, which I think is cleaner - especially with a larger-scale change like I had to make. Basically all the v1 compatibility stuff gets put in a v1 module. I think this will also make it easier to pull out stuff when we decide to drop support for an older version.
I'm not wedded to that implementation style necessarily, but we do need to get our version scheme straight. Right now both PRs represent the first stab at backwards compatibility, and we chose different version numbers.
There was a problem hiding this comment.
Sorry - I have too many PRs in my head right now. I meant to point you at the underlay/isolation branch: https://github.com/oxidecomputer/dendrite/blob/isolation/dpd-api/src/lib.rs#L69
There was a problem hiding this comment.
I believe I've oriented things in this direction now.
There was a problem hiding this comment.
It might be a good idea to have Rain take a look at the versioning stuff. This is going to be dendrite's first implementation of it, and it would be good to be sure we're on the right track.
|
Thanks @Nieuwejaar. I've added a packet test. That packet test surfaced some issues that I fixed. This code will probably be on the default path for a4x2 as the datacenter topology will probably move to BGP unnumbered. |
rcgoodfellow
force-pushed
the
ry/v4-over-v6-routes
branch
4 times, most recently
from
8c5e905 to
4647860
Compare
| bool nat_ingress_hit; // NATed packet from uplink -> guest | ||
| bool nat_ingress_port; // This port accepts only NAT traffic | ||
| bool encap_needed; | ||
| bool resolve_nexthop; // signals nexthop needs to be resolved |
There was a problem hiding this comment.
Is it possible to use a variable local to the control rather than adding another field to the meta header?
There was a problem hiding this comment.
Not strictly locally, as this signal transcends controls. We could plumb an explicit inout parameter to Router4 and Router6. But I'm not sure how much that gets us and is a bit different to how we're currently plumbing things.
There was a problem hiding this comment.
This is fine. I only mentioned it because I recently ran into a case where adding a field to meta caused us to blow the stage limit, but making it an inout didn't. That all went away when I took a simpler approach, but it's now given me one more thing to watch out for.
needed for BGP unnumbered
rcgoodfellow
force-pushed
the
ry/v4-over-v6-routes
branch
from
8268e65 to
b2123c6
Compare
Nieuwejaar
left a comment
Nieuwejaar
left a comment
There was a problem hiding this comment.
Thanks. This looks good. I ticked the Approve box, but I would like it if you could get Rain to give the backwards compatibility stuff a quick look-over.
| // This Source Code Form is subject to the terms of the Mozilla Public | ||
| // License, v. 2.0. If a copy of the MPL was not distributed with this | ||
| // file, You can obtain one at https://mozilla.org/MPL/2.0/ | ||
| // | ||
| // Copyright 2026 Oxide Computer Company | ||
|
|
||
| use dpd_types::route::Ipv4Route; | ||
| use oxnet::Ipv4Net; | ||
| use schemars::JsonSchema; | ||
| use serde::{Deserialize, Serialize}; | ||
|
|
||
| /// Represents all mappings of an IPv4 subnet to a its nexthop target(s). | ||
| #[derive(Debug, Clone, Deserialize, Serialize, JsonSchema)] | ||
| pub struct Ipv4Routes { | ||
| /// Traffic destined for any address within the CIDR block is routed using | ||
| /// this information. | ||
| pub cidr: Ipv4Net, | ||
| /// All RouteTargets associated with this CIDR | ||
| pub targets: Vec<Ipv4Route>, | ||
| } |
There was a problem hiding this comment.
Looks good! Note dpd-api hasn't been transitioned over to the RFD 619 scheme yet (didn't want to step on toes given urgency of other work), so this is good. We'll convert this over to the RFD scheme once things have calmed down.
This PR adds support for adding IPv4 routes over IPv6 nexthops. This is needed for BGP unnumbered where nexthops are always IPv6 link local addresses.
There are no new tables added to this PR. Rather IPv6 variants of the exiting IPv4 actions on IPv4 router index table are added.
The API has a version bump to accommodate creating IPv4 routes over IPv6 nexhops as well is listing and fetching IPv4 routes.
This code has been tested in Maghemite CI where we have an
mgddaemon feeding unnumbered routes to dendrite and they are installed successfully here.