Skip to content

CHECK fails with ptp plugin and non default routes #886

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
champtar opened this issue Apr 20, 2023 · 0 comments · Fixed by #887
Closed

CHECK fails with ptp plugin and non default routes #886

champtar opened this issue Apr 20, 2023 · 0 comments · Fixed by #887

Comments

@champtar
Copy link
Contributor

I'm trying to switch from containerd to cri-o, and one big difference seems to be that cri-o call CheckNetworkList() https://github.com/cri-o/ocicni/blob/4fcbe80ee01fbc4c0401ae96537b3ee807c92c2c/pkg/ocicni/ocicni.go#L731

Here an example config that fails with Error checking network: Expected Route {Dst:{IP:198.18.128.0 Mask:ffff8000} GW:<nil>} not found in routing table

{
  "cniVersion": "0.4.0",
  "name": "mgmt",
  "type": "ptp",
  "ipMasq": true,
  "ipam": {
    "type": "host-local",
    "ranges": [
      [{"subnet": "198.18.0.0/17"}],
      [{"subnet": "fd61:7465:6d65:1000::/112"}]
    ],
    "routes": [
      { "dst": "0.0.0.0/0" },
      { "dst": "198.18.128.0/17" },
      { "dst": "198.19.254.254/32" },
      { "dst": "::/0" },
      { "dst": "fd61:7465:6d65:2000::/112" },
      { "dst": "fd61:7465:6d65:ffff::/128" }
    ]
  }
}

Using "cniVersion": "0.3.1" to bypass the check, the routes are created but with a gateway

# ip r
default via 198.18.0.1 dev eth0 
198.18.0.0/17 via 198.18.0.1 dev eth0 src 198.18.66.190 
198.18.0.1 dev eth0 scope link src 198.18.66.190 
198.18.128.0/17 via 198.18.0.1 dev eth0 
198.19.254.254 via 198.18.0.1 dev eth0

If I keep only the default routes (v4 & v6) it works, but I actually need the more precise routes as my full use case is with multus and being able to configure some extra interfaces with any routes (/1 included)
Looking at the code I fail to see why default routes are a special case:

plugins/pkg/ip/utils_linux.go

Line 82 in 9f1f9a5

func ValidateExpectedRoute(resultRoutes []*types.Route) error {

related review: #264 (comment)
champtar added a commit to champtar/cni-plugins that referenced this issue Apr 20, 2023
@champtar
Fix ValidateExpectedRoute with non default routes and nil GW
c347755 
Using ptp plugin with non default routes, we get the following error
when cri-o call CheckNetworkList():
```
Expected Route {Dst:{IP:198.18.128.0 Mask:ffff8000} GW:<nil>} not found in routing table
```
Using cniVersion 0.3.1 to bypass the check, we can see that the
route is added with a gateway
```
$ ip r
198.18.0.0/17 via 198.18.0.1 dev eth0 src 198.18.3.102
198.18.0.1 dev eth0 scope link src 198.18.3.102
198.18.128.0/17 via 198.18.0.1 dev eth0
```

If GW is nil only check if we have a route with a DST that matches, and
ignore the GW.

Fixes containernetworking#886
Signed-off-by: Etienne Champetier <[email protected]>
@champtar champtar mentioned this issue Apr 20, 2023
Merged
@dcbw dcbw closed this as completed in #887 Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix ValidateExpectedRoute with non default routes and nil GW champtar/cni-plugins
1 participant
@champtar