Add label values into traffic in agent side and retrieve the values from traffic in transit side

[Hong-Chang]

What does this PR do?

1. Add necessary geneve option structs for label values
2. Add label values intro traffic in agent side
3. Retrieve label values from traffic in transit side

How was this tested?
I did manual e2e test and label values can be retrieved correctly in transit side from packet.

Are there any user facing / API changes?
No.

[vinaykul]

Can you see the labels on the wire? (e.g. tcpdump capture on the egress NIC of the node)
[Hong] The data is on the wire because it's correctly retrieved in transit side. I checked tcpdump data but it's difficult to recognize because there are many other data in the packet.

[vinaykul]

We should handle the cases where there are no labels, and cases where just one of the labels (pod / ns) are present as well.

[Hong] label value = 0 covers the cases.

[vinaykul]

Please add unit tests.

[Hong] There is no unit test for this part (src/xdp/*). And this part was written in a way of non unit testable. Let's consider whether we should put some efforts to enforce unit test for this part.

[vinaykul]

Please add unit tests.

[Hong] There is no unit test for this part (src/xdp/*). And this part was written in a way of non unit testable. Let's consider whether we should put some efforts to enforce unit test for this part.

What do we have under mizar/src/tests and mizar/tests and mizar/testse2e ?
[Hong] I don't see mizar/src/tests. For mizar/tests, it's for python code. I don't think mizar/testse2e applies for this pr.

[vinaykul]

Please add unit tests.
[Hong] There is no unit test for this part (src/xdp/*). And this part was written in a way of non unit testable. Let's consider whether we should put some efforts to enforce unit test for this part.

What do we have under mizar/src/tests and mizar/tests and mizar/testse2e ?
[Hong] I don't see mizar/src/tests. For mizar/tests, it's for python code. I don't think mizar/testse2e applies for this pr.

In the description, can you please add tcpdump trace of packets captured on the wire for each of the 4 cases for simple ping test? Scenarios: No labels, both ns and pod labels, only pod label, only ns label.

You can create two pods so that they are scheduled on different worker nodes, and ping one pod from the other using this example yaml:

apiVersion: v1
kind: Pod
metadata:
  name: netpod1
  labels:
    podkey: netpodkey1
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/hostname
            operator: In
            values:
            - kind-worker
  restartPolicy: OnFailure
  terminationGracePeriodSeconds: 2
  containers:
  - name: netctr
    image: yuvalif/fedora-tcpdump
    command: ["tail", "-f", "/dev/null"]
---
apiVersion: v1
kind: Pod
metadata:
  name: netpod2
spec:
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: podkey
            operator: In
            values:
            - netpodkey1
        topologyKey: kubernetes.io/hostname
  restartPolicy: OnFailure
  terminationGracePeriodSeconds: 2
  containers:
  - name: netctr
    image: yuvalif/fedora-tcpdump
    command: ["tail", "-f", "/dev/null"]

Then look for ICMP packets doing tcpdump on the veth of the kind-node with the ping source pod. e.g

ubuntu on ip-192-168-1-59 in ~ 
❯ docker exec -ti $(docker ps | grep kind-worker$ | awk '{print $1}') ip a s | grep ": eth0"                   
1698: eth0@if1699: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 xdpgeneric/id:1877 qdisc noqueue state UP group default 

ubuntu on ip-192-168-1-59 in ~ 
❯ ip a s | grep "1699:"                                                                                                           
1699: veth53c269b@if1698: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue master br-fea389efa3d5 state UP group default 

ubuntu on ip-192-168-1-59 in ~ 
❯ kubectl get no -owide
NAME                 STATUS   ROLES    AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION   CONTAINER-RUNTIME
kind-control-plane   Ready    master   13m   v1.18.2   172.18.0.2    <none>        Ubuntu 20.04 LTS   5.6.0-rc2        containerd://1.3.3-14-g449e9269
kind-worker          Ready    <none>   13m   v1.18.2   172.18.0.3    <none>        Ubuntu 20.04 LTS   5.6.0-rc2        containerd://1.3.3-14-g449e9269
kind-worker2         Ready    <none>   13m   v1.18.2   172.18.0.4    <none>        Ubuntu 20.04 LTS   5.6.0-rc2        containerd://1.3.3-14-g449e9269

ubuntu on ip-192-168-1-59 in ~ 
> sudo tcpdump -nvXi veth53c269b ip dst 172.18.0.4

[vinaykul]

Please add unit tests.
[Hong] There is no unit test for this part (src/xdp/*). And this part was written in a way of non unit testable. Let's consider whether we should put some efforts to enforce unit test for this part.

What do we have under mizar/src/tests and mizar/tests and mizar/testse2e ?
[Hong] I don't see mizar/src/tests. For mizar/tests, it's for python code. I don't think mizar/testse2e applies for this pr.

Also, if you want to respond to my comment, please reply below or quote-reply. If you edit my comment, I don't get notification.

I don't think we should even have that permission to edit someone else's comments. Let me investigate that ..

[phudtran]

Looks ok to me

[phudtran]

Also check the option class like above

[w-yue]

Also I see option type is not checked or used anywhere in transit xdp. Should we check here as well?

[Hong-Chang]

Added check for both class and type.

[phudtran]

Also check the option class like above

[w-yue]

Same as above for option type comment.

[Hong-Chang]

Added check for both class and type.

[Hong-Chang]

Please add unit tests.
[Hong] There is no unit test for this part (src/xdp/*). And this part was written in a way of non unit testable. Let's consider whether we should put some efforts to enforce unit test for this part.

What do we have under mizar/src/tests and mizar/tests and mizar/testse2e ?
[Hong] I don't see mizar/src/tests. For mizar/tests, it's for python code. I don't think mizar/testse2e applies for this pr.

In the description, can you please add tcpdump trace of packets captured on the wire for each of the 4 cases for simple ping test? Scenarios: No labels, both ns and pod labels, only pod label, only ns label.

You can create two pods so that they are scheduled on different worker nodes, and ping one pod from the other using this example yaml:

apiVersion: v1
kind: Pod
metadata:
  name: netpod1
  labels:
    podkey: netpodkey1
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/hostname
            operator: In
            values:
            - kind-worker
  restartPolicy: OnFailure
  terminationGracePeriodSeconds: 2
  containers:
  - name: netctr
    image: yuvalif/fedora-tcpdump
    command: ["tail", "-f", "/dev/null"]
---
apiVersion: v1
kind: Pod
metadata:
  name: netpod2
spec:
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: podkey
            operator: In
            values:
            - netpodkey1
        topologyKey: kubernetes.io/hostname
  restartPolicy: OnFailure
  terminationGracePeriodSeconds: 2
  containers:
  - name: netctr
    image: yuvalif/fedora-tcpdump
    command: ["tail", "-f", "/dev/null"]

Then look for ICMP packets doing tcpdump on the veth of the kind-node with the ping source pod. e.g

ubuntu on ip-192-168-1-59 in ~ 
❯ docker exec -ti $(docker ps | grep kind-worker$ | awk '{print $1}') ip a s | grep ": eth0"                   
1698: eth0@if1699: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 xdpgeneric/id:1877 qdisc noqueue state UP group default 

ubuntu on ip-192-168-1-59 in ~ 
❯ ip a s | grep "1699:"                                                                                                           
1699: veth53c269b@if1698: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue master br-fea389efa3d5 state UP group default 

ubuntu on ip-192-168-1-59 in ~ 
❯ kubectl get no -owide
NAME                 STATUS   ROLES    AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE           KERNEL-VERSION   CONTAINER-RUNTIME
kind-control-plane   Ready    master   13m   v1.18.2   172.18.0.2    <none>        Ubuntu 20.04 LTS   5.6.0-rc2        containerd://1.3.3-14-g449e9269
kind-worker          Ready    <none>   13m   v1.18.2   172.18.0.3    <none>        Ubuntu 20.04 LTS   5.6.0-rc2        containerd://1.3.3-14-g449e9269
kind-worker2         Ready    <none>   13m   v1.18.2   172.18.0.4    <none>        Ubuntu 20.04 LTS   5.6.0-rc2        containerd://1.3.3-14-g449e9269

ubuntu on ip-192-168-1-59 in ~ 
> sudo tcpdump -nvXi veth53c269b ip dst 172.18.0.4

I added a new issue and let's work on this later.
#480 Optimize Geneve option to be dynamic spaced

[Hong-Chang]

Addressed comments

[Hong-Chang]

Added check for both class and type.

[Hong-Chang]

Added check for both class and type.

[vinaykul]

/approve

[vinaykul]

@phudtran Does it look good to you now?