Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

984 dockerinit should support link-local routes #986

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

984 dockerinit should support link-local routes #986

wants to merge 1 commit into from

Conversation

hww3
Copy link

@hww3 hww3 commented Apr 27, 2021

Hello-

Details of the situation this aims to correct are described in #984. A previous patch for native zones was proposed and merged through issue illumos-joyent#244. This change is not cstyle clean, though it doesn't appear to be a cstyle'd source file.

Synopsis of change:

  • add support for link-local routes (equivalent of using -interface flag to route add)
  • order creation of routes such that link-local routes are created before any default gateway or static routes
  • minor rearrangement of functions so that this behavior clear

Some testing notes:

I have a few nodes at OVH that use "failover" ip addresses. These addresses are handed out on a CIDR subnet different than the admin network. The default route, however, is that of the default network. So a link-local route needs to be created before the default route. That's the rationale for this change.

I've been using this patch on a number docker/lx zones across multiple hosts for the past year. These zones require the link local route to be created first as the default route is on the link-local network (that isn't the same as the IP address of the interface.) Without the patch, creating the default route fails with a "no route to host" error (and the zone provisioning fails after a time), but is successful with the patch.

I've also been running platform images with this fix on multiple systems that don't have static routes at all, and these all work as expected with the the patch.

Additionally, on a dummy test system, I created a simnet device and assigned a nic tag to that. I then created a series of lx/docker zones using vmadm with 2 nics each and the following combinations of routes. I used a random docker image that I already had available and used zlogin to examine the state of the routes:

  • static routes without a prefix component (ie host route)
  • static routes with a prefix component
  • link local routes without a prefix component (ie host route)
  • link local routes with a prefix component
  • varying the nic that the link local route was specified over

These all seemed to work just fine, in that:

  • no static routes (results in no errors)
  • link-local routes in combination with a default route (no errors and link local route created first)
  • ordering of non-link-local routes in combination with link-local routes (no errors and link-local route created before non-link-local route)
  • all the routes were created with correct net masks
  • the static routes were added as expected in the "non link-local" path.
  • the link local routes were created on the correct target nice

I'm happy to provide any additional details you think would be helpful. Looking forward to your feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@hww3