enable dual NIC support in transparent VLAN #4057
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR enables dual NIC support in transparent VLAN by adding the ability to skip default routes and improving ARP proxy configuration for transparent VLAN clients. This enhancement allows for better network isolation and custom routing scenarios in multi-interface container environments.
- Added SkipDefaultRoutes field to network container request/response contracts
- Implemented ARP proxy setting and custom subnet route addition for VLAN interfaces
- Enabled dual NIC feature support on Linux platform
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| network/transparent_vlan_endpointclient_linux.go | Added ARP proxy configuration and custom routing logic with SkipDefaultRoutes support |
| cns/restserver/util.go | Propagated SkipDefaultRoutes field in network container responses and IP configuration |
| cns/NetworkContainerContract.go | Added SkipDefaultRoutes field to request/response contracts and updated string representation |
| cni/network/network_linux.go | Enabled dual NIC feature support for Linux platform |
| cni/network/multitenancy.go | Added SkipDefaultRoutes field to interface info configuration |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| cmd := fmt.Sprintf("echo 1 > /proc/sys/net/ipv4/conf/%v/proxy_arp", ifName) | ||
| _, err := client.plClient.ExecuteRawCommand(cmd) |
There was a problem hiding this comment.
Using shell command execution with string formatting could be vulnerable to command injection if ifName contains malicious characters. Consider using a safer approach or validating the interface name against a whitelist of allowed characters.
Copilot uses AI. Check for mistakes.
| // Route 2: default via 169.254.2.1 dev <linkToName> | ||
| func (client *TransparentVlanEndpointClient) addCustomRoutes(linkToName string, gatewayIP net.IP, subnetCIDR net.IPNet, table int) error { | ||
| // Add route for virtualgwip (ip route add <gatewayIP> dev <linkToName>) | ||
| gWIP, gwNet, _ := net.ParseCIDR(gatewayIP.String() + "/32") |
There was a problem hiding this comment.
Error values from net.ParseCIDR are being ignored. These parsing operations could fail and should be handled to prevent potential runtime panics or incorrect network configuration.
| gWIP, gwNet, _ := net.ParseCIDR(gatewayIP.String() + "/32") | |
| gWIP, gwNet, err := net.ParseCIDR(gatewayIP.String() + "/32") | |
| if err != nil { | |
| return errors.Wrapf(err, "failed to parse CIDR for gatewayIP %s", gatewayIP.String()) | |
| } |
Copilot uses AI. Check for mistakes.
mugeshsp
requested review from
QxBytes and
tamilmani1989
and removed request for
QxBytes
| return errors.Wrap(err, "failed container ns add custom routes") | ||
| } | ||
| return nil | ||
| } else { |
| return errors.Wrap(err, "failed container ns add default routes") | ||
| if epInfo.SkipDefaultRoutes { | ||
| logger.Info("Skipping adding default routes in container ns as requested") | ||
| if err := client.addCustomRoutes(client.containerVethName, epInfo.Subnets[0].Gateway, epInfo.Subnets[0].Prefix, 0); err != nil { |
There was a problem hiding this comment.
i think we decided not to add any custom routes. let the orchestrator add it
There was a problem hiding this comment.
Removed addition of custom routes.
| if err != nil { | ||
| logger.Error("Failed to set ARP proxy", zap.String("interface", ifName), zap.Error(err)) | ||
| } else { | ||
| logger.Info("ARP proxy enabled", zap.String("interface", ifName)) | ||
| } | ||
| return err |
There was a problem hiding this comment.
| if err != nil { | |
| logger.Error("Failed to set ARP proxy", zap.String("interface", ifName), zap.Error(err)) | |
| } else { | |
| logger.Info("ARP proxy enabled", zap.String("interface", ifName)) | |
| } | |
| return err | |
| if err != nil { | |
| logger.Error("Failed to set ARP proxy", zap.String("interface", ifName), zap.Error(err)) | |
| return err | |
| } | |
| return nil |
|
@mugeshsp please fix lint errors |
mugeshsp
force-pushed
the
mugeshsp/pg-dual-nic
branch
from
850cadc to
6fde3f8
Compare
|
@microsoft-github-policy-service agree company="Microsoft" |
Fixed the lint errors |
| if err := client.setArpProxy(client.vnetVethName); err != nil { | ||
| logger.Error("setArpProxy failed with", zap.Error(err)) | ||
| return err | ||
| } | ||
|
|
||
| return nil |
There was a problem hiding this comment.
| if err := client.setArpProxy(client.vnetVethName); err != nil { | |
| logger.Error("setArpProxy failed with", zap.Error(err)) | |
| return err | |
| } | |
| return nil | |
| return client.setArpProxy(client.vnetVethName) |
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
|
||
| func platformInit(cniConfig *cni.NetworkConfig) {} | ||
|
|
||
| // isDualNicFeatureSupported returns if the dual nic feature is supported. Currently it's only supported for windows hnsv2 path |
There was a problem hiding this comment.
nit: could you also update the comment here if linux now supports dual nic?
| } | ||
|
|
||
| // Set ARP proxy on the vlan interface to respond to ARP requests for the gateway IP | ||
| func (client *TransparentVlanEndpointClient) setArpProxy(ifName string) error { |
There was a problem hiding this comment.
nit: for the comment, the function itself is not necessarily on the vlan interface, just whatever interface is passed in
Reason for Change:
Enables dual NIC feature support in Azure Container Networking by adding the ability to skip default routes and improving ARP proxy configuration for transparent VLAN clients. This enhancement allows for better network isolation and custom routing scenarios in multi-interface container environments.
Requirements:
Notes:
This PR includes three main commits: