NSM datapath monitoring on TAPA NSC

Introduce optional NSM datapath monitoring/healing (or liveness check) between the tapa and proxy.
Has to be enabled via new env variables introduced in the proxy.

Author: LionelJouin

cmd/tapa/config.go

@@ -23,20 +23,23 @@ import (
 
 // Config for the TAPA
 type Config struct {
-	Name                string        `default:"nsc" desc:"Name of the target"`
-	Node                string        `default:"" desc:"Node name the target is running on" split_words:"true"`
-	Namespace           string        `default:"default" desc:"Namespace the trenches to connect to are running on" split_words:"true"`
-	Socket              string        `default:"/ambassador.sock" desc:"Path of the socket file of the TAPA" split_words:"true"`
-	NSMSocket           url.URL       `default:"unix:///var/lib/networkservicemesh/nsm.io.sock" desc:"Path of the socket file of NSM" envconfig:"nsm_socket"`
-	NSPServiceName      string        `default:"nsp-service" desc:"Domain name of the NSP Service" envconfig:"nsp_service_name"`
-	NSPServicePort      int           `default:"7778" desc:"port of the NSP Service" envconfig:"nsp_service_port"`
-	Timeout             time.Duration `default:"15s" desc:"timeout of NSM request/close, NSP register/unregister..." split_words:"true"`
-	DialTimeout         time.Duration `default:"5s" desc:"timeout to dial NSMgr" split_words:"true"`
-	MaxTokenLifetime    time.Duration `default:"24h" desc:"maximum lifetime of tokens" split_words:"true"`
-	LogLevel            string        `default:"DEBUG" desc:"Log level" split_words:"true"`
-	NSPEntryTimeout     time.Duration `default:"30s" desc:"Timeout of the entries" envconfig:"nsp_entry_timeout"`
-	GRPCMaxBackoff      time.Duration `default:"5s" desc:"Upper bound on gRPC connection backoff delay" envconfig:"grpc_max_backoff"`
-	GRPCProbeRPCTimeout time.Duration `default:"1s" desc:"RPC timeout of internal gRPC health probe" envconfig:"grpc_probe_rpc_timeout"`
+	Name                  string        `default:"nsc" desc:"Name of the target"`
+	Node                  string        `default:"" desc:"Node name the target is running on" split_words:"true"`
+	Namespace             string        `default:"default" desc:"Namespace the trenches to connect to are running on" split_words:"true"`
+	Socket                string        `default:"/ambassador.sock" desc:"Path of the socket file of the TAPA" split_words:"true"`
+	NSMSocket             url.URL       `default:"unix:///var/lib/networkservicemesh/nsm.io.sock" desc:"Path of the socket file of NSM" envconfig:"nsm_socket"`
+	NSPServiceName        string        `default:"nsp-service" desc:"Domain name of the NSP Service" envconfig:"nsp_service_name"`
+	NSPServicePort        int           `default:"7778" desc:"port of the NSP Service" envconfig:"nsp_service_port"`
+	Timeout               time.Duration `default:"15s" desc:"timeout of NSM request/close, NSP register/unregister..." split_words:"true"`
+	DialTimeout           time.Duration `default:"5s" desc:"timeout to dial NSMgr" split_words:"true"`
+	MaxTokenLifetime      time.Duration `default:"24h" desc:"maximum lifetime of tokens" split_words:"true"`
+	LogLevel              string        `default:"DEBUG" desc:"Log level" split_words:"true"`
+	NSPEntryTimeout       time.Duration `default:"30s" desc:"Timeout of the entries" envconfig:"nsp_entry_timeout"`
+	GRPCMaxBackoff        time.Duration `default:"5s" desc:"Upper bound on gRPC connection backoff delay" envconfig:"grpc_max_backoff"`
+	GRPCProbeRPCTimeout   time.Duration `default:"1s" desc:"RPC timeout of internal gRPC health probe" envconfig:"grpc_probe_rpc_timeout"`
+	LivenessCheckInterval time.Duration `default:"2s" desc:"Dataplane liveness check interval" split_words:"true"`
+	LivenessCheckTimeout  time.Duration `default:"1s" desc:"Dataplane liveness check timeout" split_words:"true"`
+	LivenessCheckEnabled  bool          `default:"false" desc:"Dataplane liveness check enabled/disabled" split_words:"true"`
 }
 
 // IsValid checks if the configuration is valid

cmd/tapa/main.go

@@ -49,6 +49,7 @@ import (
 	linuxKernel "github.com/nordix/meridio/pkg/kernel"
 	"github.com/nordix/meridio/pkg/log"
 	"github.com/nordix/meridio/pkg/nsm"
+	kernelheal "github.com/nordix/meridio/pkg/nsm/heal"
 	"github.com/nordix/meridio/pkg/nsm/interfacename"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
@@ -155,10 +156,19 @@ func main() {
 		sendfd.NewClient(),
 	}
 
+	healOptions := []heal.Option{}
+	if config.LivenessCheckEnabled {
+		healOptions = []heal.Option{
+			heal.WithLivenessCheckInterval(config.LivenessCheckInterval),
+			heal.WithLivenessCheckTimeout(config.LivenessCheckTimeout),
+			heal.WithLivenessCheck(kernelheal.KernelLivenessCheck),
+		}
+	}
+
 	networkServiceClient := client.NewClient(ctx,
 		client.WithClientURL(&nsmAPIClient.Config.ConnectTo),
 		client.WithName(config.Name),
-		client.WithHealClient(heal.NewClient(ctx)),
+		client.WithHealClient(heal.NewClient(ctx, healOptions...)),
 		client.WithAdditionalFunctionality(additionalFunctionality...),
 		client.WithDialTimeout(nsmAPIClient.Config.DialTimeout),
 		client.WithDialOptions(nsmAPIClient.GRPCDialOption...),

docs/components/tapa.md

@@ -59,6 +59,9 @@ MERIDIO_LOG_LEVEL | string | Log level | DEBUG
 MERIDIO_NSP_ETRY_TIMEOUT | time.Duration | Timeout of the entries registered in NSP | 30s
 MERIDO_GRPC_MAX_BACKOFF | time.Duration | Upper bound on gRPC connection backoff delay | 5s
 MERIDIO_GRPC_PROBE_RPC_TIMEOUT | time.Duration | RPC timeout of internal gRPC health probes if any | 1s
+MERIDIO_LIVENESS_CHECK_INTERVAL | time.Duration | Dataplane liveness check interval | 2s
+MERIDIO_LIVENESS_CHECK_TIMEOUT | time.Duration | Dataplane liveness check timeout | 1s
+MERIDIO_LIVENESS_CHECK_ENABLED | bool | Dataplane liveness check enabled/disabled | false
 
 ## Command Line 
 

pkg/ambassador/tap/conduit/conduit.go

@@ -384,7 +384,8 @@ func (c *Conduit) SetVIPs(ctx context.Context, vips []string) error {
 			Labels:         c.connection.GetLabels(),
 			Payload:        c.connection.GetPayload(),
 			Context: &networkservice.ConnectionContext{
-				IpContext: c.connection.GetContext().GetIpContext(),
+				ExtraContext: c.connection.GetContext().GetExtraContext(),
+				IpContext:    c.connection.GetContext().GetIpContext(),
 			},
 		},
 	}

pkg/proxy/proxy.go

@@ -265,7 +265,10 @@ func (p *Proxy) SetIPContext(ctx context.Context, conn *networkservice.Connectio
 	}
 
 	if interfaceType == networking.NSE {
-		p.setNSEIpContext(id, conn.GetContext().GetIpContext(), srcIPAddrs, dstIpAddrs)
+		if conn.GetContext().ExtraContext == nil {
+			conn.GetContext().ExtraContext = map[string]string{}
+		}
+		p.setNSEIpContext(id, conn.GetContext().GetIpContext(), conn.GetContext().GetExtraContext(), srcIPAddrs, dstIpAddrs)
 	} else if interfaceType == networking.NSC {
 		ipContext := conn.GetContext().GetIpContext()
 		oldSrcIpAddrs := ipContext.SrcIpAddrs
@@ -300,11 +303,15 @@ func (p *Proxy) SetIPContext(ctx context.Context, conn *networkservice.Connectio
 	return nil
 }
 
-func (p *Proxy) setNSEIpContext(id string, ipContext *networkservice.IPContext, srcIPAddrs []string, dstIpAddrs []string) {
+func (p *Proxy) setNSEIpContext(id string, ipContext *networkservice.IPContext, extraContext map[string]string, srcIPAddrs []string, dstIpAddrs []string) {
 	if len(ipContext.SrcIpAddrs) == 0 && len(ipContext.DstIpAddrs) == 0 { // First request
 		ipContext.SrcIpAddrs = srcIPAddrs
 		ipContext.DstIpAddrs = dstIpAddrs
 		ipContext.ExtraPrefixes = p.Bridge.GetLocalPrefixes()
+		if p.Bridge != nil {
+			extraContext[kernelheal.DatapathSourceIPsKey] = strings.Join(ipContext.SrcIpAddrs, kernelheal.DatapathIPsSeparator)
+			extraContext[kernelheal.DatapathDestinationIPsKey] = strings.Join(p.Bridge.GetLocalPrefixes(), kernelheal.DatapathIPsSeparator)
+		}
 		p.logger.V(1).Info("Set IP Context of initial connection request",
 			"id", id, "ipContext", ipContext, "interfaceType", "NSE")
 		return