On Tue, Mar 26, 2024 at 06:42:02PM +0100, 【外部账号】Ilya Maximets wrote: > On 3/24/24 13:16, Cheng Li wrote: > > When ovs host is also a kubernets node, pod creation/deletion may > > trigger route changes. As a result, ovs run route_table_reset(). > > As ovs do not care the kubernetes pod routes, route_table_reset() > > is not neccessary. > > > > Signed-off-by: Cheng Li <[email protected]> > > --- > > Hi, Cheng Li. Thanks for the patch! > > I'm a little confused by the use case though. Could you explain > a bit more why this is a problem (route dump is relatively fast, > unless there are millions of routes) and how this change helps? > > AFAIU, routes will not change much in kubernetes environment once > the pod is initially created and configured and the port creation > will trigger route cache reset anyway. >
Hi Ilya, thanks for reviewing this patch. When calico is used as kubernets cni and IPinIP overlay mode[1] is enabled, each time a pod created/deleted a route(dev tunl0) is avertised across all cluster nodes. ``` # ip monitor route 10.233.75.61 via 11.46.8.90 dev tunl0 proto bird onlink ``` If we have a large cluster, route update may happen in high frequency, which triggers lots of route_table_reset(). In route_table_reset(), all ovs route items are first deleted then add latest kernel route items. There is a time gap between old route items all deleted and new route items not ready. During this gap, upcall/revalidation generate bad datapath flows. As ovs does not care kuberntes route changes, seems adding a filter is the simple way to resolve this issue. [1] https://docs.tigera.io/calico/latest/networking/configuring/vxlan-ipip > And we will need to reset the cache when new interfaces are > added/removed from the filter, because otherwise we'll have > stale routes in there and the cache may become inconsistent. > Make sense, will fix in next version. > Best regards, Ilya Maximets _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
