On 8/17/22 21:19, Ilya Maximets wrote:
On 8/17/22 14:49, Andrey Zhadchenko via dev wrote:
Hi!
CRIU currently do not support checkpoint/restore of OVS configurations, but
there was several requests for it. For example,
https://github.com/lxc/lxc/issues/2909
The main problem is ifindexes of newly created interfaces. We realy need to
preserve them after restore. Current openvswitch API does not allow to
specify ifindex. Most of the time we can just create an interface via
generic netlink requests and plug it into ovs but datapaths (generally any
OVS_VPORT_TYPE_INTERNAL) can only be created via openvswitch requests which
do not support selecting ifindex.
Hmm. Assuming you restored network interfaces by re-creating them
on a target system, but I'm curious how do you restore the upcall PID?
Are you somehow re-creating the netlink socket with the same PID?
If that will not be done, no traffic will be able to flow through OVS
anyway until you remove/re-add the port in userspace or re-start OVS.
Or am I missing something?
Best regards, Ilya Maximets.
Yes, CRIU is able to restore socket nl_pid. We get it via
NDIAG_PROTO_ALL netlink protocol requests (see net/netlink/diag.c)
Upcall pid is exported by get requests via OVS_VPORT_ATTR_UPCALL_PID.
So everything is fine here.
I should note that I did not test *complicated* setups with
ovs-vswitchd, mostly basic ones like veth plugging and several
containers in network. We mainly supported Weave Net k8s SDN which is
based on ovs but do not use its daemon.
Maybe if this is merged and people start use this we will find more
problems with checkpoint/restore, but for now the only problem is
volatile ifindex.
Best regards, Andrey Zhadchenko
This patch allows to do so.
For new datapaths I decided to use dp_infindex in header as infindex
because it control ifindex for other requests too.
For internal vports I reused OVS_VPORT_ATTR_IFINDEX.
The only concern I have is that previously dp_ifindex was not used for
OVS_DP_VMD_NEW requests and some software may not set it to zero. However
we have been running this patch at Virtuozzo for 2 years and have not
encountered this problem. Not sure if it is worth to add new
ovs_datapath_attr instead.
As a broader solution, another generic approach is possible: modify
__dev_change_net_namespace() to allow changing ifindexes within the same
netns. Yet we will still need to ignore NETIF_F_NETNS_LOCAL and I am not
sure that all its users are ready for ifindex change.
This will be indeed better for CRIU so we won't need to change every SDN
module to be able to checkpoint/restore it. And probably avoid some bloat.
What do you think of this?
Andrey Zhadchenko (1):
openvswitch: allow specifying ifindex of new interfaces
include/uapi/linux/openvswitch.h | 4 ++++
net/openvswitch/datapath.c | 16 ++++++++++++++--
net/openvswitch/vport-internal_dev.c | 1 +
net/openvswitch/vport.h | 2 ++
4 files changed, 21 insertions(+), 2 deletions(-)
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
