Delayed IP release of NSM connection IPs #524
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Short term solution to avoid duplicated IPs by only releasing them with a configurable delay.
Operator environment variable PROXY_IP_RELEASE_DELAY is set to 20 seconds.
zolug
added
kind/bug
LionelJouin
reviewed
Apr 29, 2024
| @@ -73,6 +73,9 @@ func (i *Proxy) getEnvVars(allEnv []corev1.EnvVar) []corev1.EnvVar { | |||
| if mtu := common.GetConduitMTU(); mtu != "" { | |||
| operatorEnv = append(operatorEnv, corev1.EnvVar{Name: "NSM_MTU", Value: mtu}) | |||
| } | |||
| if ipReleaseDelay := common.GetProxyIPReleaseDelay(); ipReleaseDelay != "" { | |||
There was a problem hiding this comment.
Otherwise the option could stay in the template
| ctxRelease, cancelRelease := context.WithTimeout(ctx, 4*time.Second) | ||
| defer cancelRelease() | ||
| for _, subnet := range p.Subnets { | ||
| child := &ipamAPI.Child{ |
LionelJouin
approved these changes
Apr 29, 2024
Co-authored-by: Lionel Jouin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
It's really hard to asses when IP addresses allocated to NSM connections are no longer needed,
without risking early re-allocation that could result in duplicated IP issues across the NSM interfaces.
For example NSM Close() might fail, but even if it succeeds there's no guarantee that the NSM interfaces associated
with the connection are actually removed. (After nsmgr restart the new instance will not return an error for a Close() request the connection is not known to it.)
As a short-term fix, IP release is delayed by a configurable value. The main goal is to avoid freeing up IPs of NSM connections subject to NSM heal even if the related Close/Request calls might timeout. The default delay value is set to exceed the current timeout value of NSM requests (15s).
The delay can be configured via the Operator environment variable PROXY_IP_RELEASE_DELAY which in turn configures a respective env variable for the proxy containers.
Issue link
#521
Checklist