Try to generalize the concept of default route probing to any static …

…route Signed-off-by: Milan Lenco <milan@zededa.com>
lf-edge · Jun 24, 2024 · 369b413 · 369b413
1 parent 77f4314
commit 369b413
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 61 deletions.
diff --git a/proto/config/netcmn.proto b/proto/config/netcmn.proto
@@ -124,6 +124,7 @@ enum ConnectivityProbeMethod {
   // Try to establish TCP connection with the probed endpoint to determine the connectivity
   // status.
   CONNECTIVITY_PROBE_METHOD_TCP = 2;
+  // TODO: Consider adding support for BFD probing.
 }
 
 // Configuration for user-defined connectivity-testing probe.

diff --git a/proto/config/netinst.proto b/proto/config/netinst.proto
@@ -82,51 +82,48 @@ message IPRoute {
   string destination_network = 1;
   // Gateway IP address.
   // This must be a valid IP address and can not be all-zeroes.
+  // At least one of 'gateway' or 'port' (see below) must be defined (both can be set).
+  // This can be an external gateway IP or an IP address of one of the apps connected
+  // to the network instance.
   string gateway = 2;
+  // Output device port for the routed traffic.
+  // Either a single NI port referenced by its name (SystemAdapter.Name, aka logical label)
+  // or an adapter shared-label matching zero or more NI ports (multipath routing).
+  // Can be used additionally to or instead of `gateway` to determine the next hop
+  // and the output network interface for the destination network.
+  // At least one of 'gateway' or 'port' must be defined.
+  // Since 'port' refers to one or more physical network adapters, it is not applicable
+  // to routes where gateway points to another application running on EVE.
+  // If shared label is used, EVE will pick one of the matched ports using connectivity
+  // probing (if enabled, see 'probe' below) or randomly. Note that load-balancing is
+  // not yet supported and EVE always picks at most one port.
+  // Note that if `gateway` is defined, only ports with subnets containing the gateway
+  // IP will be considered.
+  string port = 3;
+  // Periodically probe remote endpoint to determine connectivity status of every port
+  // selected for the route (by the 'port' label, see above). One of the ports with
+  // a working connectivity is then picked for the route (preferring the currently
+  // used one if any).
+  // Provides automatic fail-over between ports.
+  // If 'port' is not defined or references only a single port (e.g. directly by
+  // the logical label), probing is skipped (nothing to fail-over to anyway).
+  PortProbe probe = 4;
+  // TODO: Add config for multipath load-balancing.
+  //       For now we will assume that load-balancing is disabled and EVE will always pick
+  //       one port for multipath route.
 }
 
 // Configuration for port connectivity probe.
 message PortProbe {
-  // EVE uses ICMP ping against the port's gateway IP to determine connectivity status.
-  // Use disable_gw_ping to switch off this probing method. This is typically needed
-  // when the gateway router is configured to drop/ignore ICMP pings and therefore
-  // this probe would return false negatives.
-  bool disable_gw_ping = 1;
+  // Use ICMP ping towards the port's gateway IP to determine connectivity status.
+  // Avoid using this probe method if the gateway router is configured to drop/ignore
+  // ICMP pings and therefore this probe would return false negatives.
+  bool enable_gw_ping = 1;
   // User-defined method to use to determine the port connectivity status.
-  // Run additionally to gateway pings (unless turned off by disable_gw_ping).
-  // If probe method and endpoint are not specified and the port is marked as management,
-  // EVE will try to run HTTP GET request against the controller's URL.
-  // For app-shared ports there is no alternative default probing mechanism other than
-  // pinging the gateway IP.
+  // Run additionally to gateway pings (if enabled).
   ConnectivityProbe custom_probe = 3;
 }
 
-// DefaultRouteSelection defines how local network instance picks the default route
-// when it has multiple ports assigned.
-message DefaultRouteSelection {
-  // Either a single NI port referenced by its name (SystemAdapter.Name, aka logical label)
-  // or an adapter shared-label matching zero or more NI ports (NI ports containing this label
-  // in SystemAdapter.SharedLabels).
-  // Empty default_port matches all NI ports.
-  // Currently, load-balancing is not supported and thus even if default_port matches multiple
-  // NI ports, EVE will pick only one of them for the default route. The selection is based on
-  // probing (if enabled, see below) or random (preferring the currently used one if any).
-  string default_port = 1;
-  // Probe remote endpoint to determine connectivity status of each port and pick one
-  // with a working connectivity (and known gateway IP) for the default route (preferring
-  // the currently used one if any).
-  // Provides automatic fail-over between ports.
-  // Probes NI ports, potentially further filtered down by default_port label (see above).
-  // If default_port references single port (e.g. directly by the logical label), probing
-  // is skipped (nothing to fail-over to anyway).
-  PortProbe probe = 2;
-  // TODO: Add config for load-balancing, applied when multiple ports match the criteria
-  //       for the default route selection (matching default_port label and have working
-  //       connectivity or probing is disabled).
-  //       For now we will assume that load-balancing is disabled and EVE will always pick
-  //       one port for the default route.
-}
-
 // Configuration for the Spanning Tree Protocol (STP), which is run for switch network
 // instance when the port label matches multiple network ports.
 message SpanningTreeProtocol {
@@ -168,18 +165,20 @@ message NetworkInstanceConfig {
   // Local network instance will apply IP routes configured for the matched ports (either
   // statically or via DHCP) to select the next hop and the output port for the given flow.
   // Traffic not matching any link-local, statically-configured, or DHCP-received route,
-  // will be routed according to the default route, which is selected based on the
-  // defaultRouteSelection algorithm (see below).
+  // will be routed according to the default route. Unless user configures a static default
+  // route with customized output port selection, EVE will pick one of the ports for
+  // the default route by periodic probing. First, NI ports are filtered down to those with
+  // a known gateway IP. Then probing is used to determine connectivity status. For management
+  // ports, EVE checks the gateway IP reachability using ICMP pings and controller reachability
+  // with TCP connect to <controller-IP>:443. For app-shared ports, only ICMP pings of the
+  // gateway IP are performed. EVE then picks port with a working connectivity, preferring
+  // the currently used one. Add a static default route (see 'static_routes" below) to customize
+  // the output port selection algorithm.
   Adapter port = 20;
 
-  // DefaultRouteSelection defines how local network instance picks the default route
-  // when it has multiple ports assigned.
-  // Not used with switch network instance.
-  DefaultRouteSelection default_route_selection = 21;
-
   // Configuration for the Spanning Tree Protocol (STP), which is run for switch network
   // instance when the port label matches multiple network ports.
-  SpanningTreeProtocol stp = 22;
+  SpanningTreeProtocol stp = 21;
 
   // cfg - Used to pass some feature-specific configuration to the
   //       network instance. For Ex: Lisp, StriongSwan etc
@@ -191,14 +190,14 @@ message NetworkInstanceConfig {
   // network ip specification
   // Note that ip.gateway must be a valid IP address and can not be all-zeroes.
   // To suppress automatic propagation of the default route into apps, configure network
-  // instance as air-gapped (without uplink) or mark the uplink as app-shared
-  // (not for management) and ensure that it will not get a default route
-  // (e.g. set ip.gateway of the attached NetworkConfig to all-zeroes IP).
+  // instance as air-gapped (without port) or mark all NI ports as app-shared
+  // (not for management) and ensure that they will not get a default route
+  // (e.g. set ip.gateway of the attached NetworkConfig(s) to all-zeroes IP).
   ipspec ip = 40;
 
   // static DNS entry, if we are running DNS/DHCP service
   repeated ZnetStaticDNSEntry dns = 41;
-  // Enable to use DHCP to automatically propagate routes for uplink subnets
+  // Enable to use DHCP to automatically propagate routes for port subnets
   // into applications connected to them indirectly through local network instances.
   // This option is only valid for local network instances. For other types
   // of network instances, it will be ignored.
@@ -219,8 +218,8 @@ message NetworkInstanceConfig {
   //
   // Note that the default route (with the bridge IP as the gateway) is automatically
   // propagated to connected applications, unless network instance is air-gapped
-  // (without uplink) or the uplink is app-shared (not management) and does not have
-  // a default route of its own. In both cases, it is possible to enforce default
+  // (without port) or all NI ports are app-shared (not management) and neither
+  // of them has a default route. In both cases, it is possible to enforce default
   // route propagation by configuring a static default route for the network instance.
   //
   // For more info on static and connected routes please refer to:
@@ -260,10 +259,12 @@ message NetworkInstanceConfig {
   // instances, the user can run his own external DHCP server in the network with the MTU
   // option configured.
   // Please note that application traffic leaving or entering the device via a network
-  // adapter associated with the network instance is additionally limited by the MTU
-  // value of the adapter, configured within the NetworkConfig object (refer to netconfig.proto).
-  // If the configured network instance MTU differs from the network adapter MTU, EVE will
-  // flag the network instance with an error and use the adapter's MTU for the network
-  // instance instead (to prevent traffic from being dropped or fragmented inside EVE).
+  // adapter associated with the network instance is additionally limited by MTU values
+  // of NI ports, configured within their NetworkConfig objects (refer to netconfig.proto).
+  // If the configured network instance MTU is higher than MTU of any of the NI ports,
+  // EVE will flag the network instance with an error and use the lowest MTU among
+  // all the NI ports for the network instance instead. This is to prevent apps from sending
+  // packets exceeding the path MTU. Packets entering NI via port with a higher MTU and with
+  // size exceeding the NI MTU will get fragmented inside EVE (if allowed by IP header).
   uint32 mtu = 44;
 }
diff --git a/proto/info/info.proto b/proto/info/info.proto
@@ -1044,8 +1044,9 @@ message ZInfoNetworkInstance {
   // Current uplink interface in use by this NI.
   // Deprecated - network instance can be associated with multiple device ports,
   // not just one. To find out which ports are being used by network instance,
-  // read the reported field "ports" instead (see below). Additionally, ports
-  // with the default route enabled are reported in the field "default_ports".
+  // read the reported field "ports" instead (see below). Additionally, "routes"
+  // informs about the routes configured for the NI and which ports are currently
+  // used to route the traffic out (this includes info for the default route)
   string CurrentUplinkIntf = 10 [deprecated = true];
   // User defined namestring alias to this CurrentUplinkIntf.
   // Deprecated for the same reason as CurrentUplinkIntf. Additionally, logical
@@ -1055,10 +1056,6 @@ message ZInfoNetworkInstance {
   // Ports are referenced by logical labels.
   // Empty if network instance is air-gapped.
   repeated string ports = 12;
-  // List of device ports with the default route enabled.
-  // Ports are referenced by logical labels.
-  // Until EVE supports load-balancing, this list will always contain at most one port.
-  repeated string default_ports = 13;
   uint32 bridgeNum = 20;
   string bridgeName = 21;
   string bridgeIPAddr = 22;
@@ -1087,6 +1084,32 @@ message ZInfoNetworkInstance {
   // used and reported here if the configured MTU is invalid or conflicts with the MTU
   // of the associated device port (see NetworkInstanceConfig.mtu in netinst.proto).
   uint32 mtu = 42;
+
+  // Global routes configured for the network instance (i.e. does not include link-local
+  // routes).
+  // This includes user-defined static routes (NetworkInstanceConfig.static_routes).
+  // Note that some user-defined static routes might not be applied (and thus not reported
+  // here) if they do not match IP config of currently used device ports.
+  // Additionally, static routes with shared port labels (matching multiple ports)
+  // are reported here each with the logical label of the (single) port, currently selected
+  // for the route by probing (see PortProbe).
+  IPRoute routes = 43;
+}
+
+// Info about IP route configured for a network instance.
+message IPRoute {
+  // Destination network address in the CIDR format: <IP-address>/<prefix-length>
+  string destination_network = 1;
+  // Gateway IP address.
+  string gateway = 2;
+  // Logical label of the output device port for the routed traffic.
+  // Empty if the gateway is IP address of one of the applications. In that case,
+  // 'gateway_app' is defined instead.
+  string port = 3;
+  // UUID of the application used as the gateway for the route.
+  // Empty if the gateway is external (not one of the apps but outside of the device).
+  // In that case, 'port' is defined instead.
+  string gateway_app = 4;
 }
 
 message UsageInfo {