Add an annotation for enabling multicast on a namespace

Author: danwinship

pkg/sdn/api/plugin.go

@@ -17,6 +17,9 @@ const (
 	// HostSubnet annotations. (Note: should be "hostsubnet.network.openshift.io/", but the incorrect name is now part of the API.)
 	AssignHostSubnetAnnotation = "pod.network.openshift.io/assign-subnet"
 	FixedVNIDHostAnnotation    = "pod.network.openshift.io/fixed-vnid-host"
+
+	// NetNamespace annotations
+	MulticastEnabledAnnotation = "netnamespace.network.openshift.io/multicast-enabled"
 )
 
 func IsOpenShiftNetworkPlugin(pluginName string) bool {

pkg/sdn/plugin/multitenant.go

@@ -64,36 +64,38 @@ func (mp *multiTenantPlugin) updatePodNetwork(namespace string, oldNetID, netID
 		services = &kapi.ServiceList{}
 	}
 
-	movedVNIDRefs := 0
+	if oldNetID != netID {
+		movedVNIDRefs := 0
+
+		// Update OF rules for the existing/old pods in the namespace
+		for _, pod := range pods {
+			err = mp.node.UpdatePod(pod)
+			if err == nil {
+				movedVNIDRefs++
+			} else {
+				glog.Errorf("Could not update pod %q in namespace %q: %v", pod.Name, namespace, err)
+			}
+		}
+
+		// Update OF rules for the old services in the namespace
+		for _, svc := range services.Items {
+			if !kapi.IsServiceIPSet(&svc) {
+				continue
+			}
 
-	// Update OF rules for the existing/old pods in the namespace
-	for _, pod := range pods {
-		err = mp.node.UpdatePod(pod)
-		if err == nil {
+			mp.node.DeleteServiceRules(&svc)
+			mp.node.AddServiceRules(&svc, netID)
 			movedVNIDRefs++
-		} else {
-			glog.Errorf("Could not update pod %q in namespace %q: %v", pod.Name, namespace, err)
 		}
-	}
 
-	// Update OF rules for the old services in the namespace
-	for _, svc := range services.Items {
-		if !kapi.IsServiceIPSet(&svc) {
-			continue
+		if movedVNIDRefs > 0 {
+			mp.moveVNIDRefs(movedVNIDRefs, oldNetID, netID)
 		}
 
-		mp.node.DeleteServiceRules(&svc)
-		mp.node.AddServiceRules(&svc, netID)
-		movedVNIDRefs++
-	}
-
-	if movedVNIDRefs > 0 {
-		mp.moveVNIDRefs(movedVNIDRefs, oldNetID, netID)
+		// Update namespace references in egress firewall rules
+		mp.node.UpdateEgressNetworkPolicyVNID(namespace, oldNetID, netID)
 	}
 
-	// Update namespace references in egress firewall rules
-	mp.node.UpdateEgressNetworkPolicyVNID(namespace, oldNetID, netID)
-
 	// Update local multicast rules
 	mp.node.podManager.UpdateLocalMulticastRules(oldNetID)
 	mp.node.podManager.UpdateLocalMulticastRules(netID)
@@ -119,6 +121,13 @@ func (mp *multiTenantPlugin) GetNamespaces(vnid uint32) []string {
 	return mp.vnids.GetNamespaces(vnid)
 }
 
+func (mp *multiTenantPlugin) GetMCEnabled(vnid uint32) bool {
+	if vnid == osapi.GlobalVNID {
+		return false
+	}
+	return mp.vnids.GetMCEnabled(vnid)
+}
+
 func (mp *multiTenantPlugin) RefVNID(vnid uint32) {
 	if vnid == 0 {
 		return

pkg/sdn/plugin/networkpolicy.go

@@ -160,7 +160,11 @@ func (np *networkPolicyPlugin) AddNetNamespace(netns *osapi.NetNamespace) {
 }
 
 func (np *networkPolicyPlugin) UpdateNetNamespace(netns *osapi.NetNamespace, oldNetID uint32) {
-	glog.Warning("Got UpdateNetNamespace for namespace %s (%d) while using %s plugin", netns.NetName, netns.NetID, osapi.NetworkPolicyPluginName)
+	if netns.NetID != oldNetID {
+		glog.Warning("Got VNID change for namespace %s while using %s plugin", netns.NetName, osapi.NetworkPolicyPluginName)
+	}
+
+	np.node.podManager.UpdateLocalMulticastRules(netns.NetID)
 }
 
 func (np *networkPolicyPlugin) DeleteNetNamespace(netns *osapi.NetNamespace) {
@@ -178,6 +182,10 @@ func (np *networkPolicyPlugin) GetNamespaces(vnid uint32) []string {
 	return np.vnids.GetNamespaces(vnid)
 }
 
+func (np *networkPolicyPlugin) GetMCEnabled(vnid uint32) bool {
+	return np.vnids.GetMCEnabled(vnid)
+}
+
 func (np *networkPolicyPlugin) syncNamespace(npns *npNamespace) {
 	inUse := npns.refs > 0
 	if !inUse && !npns.inUse {

pkg/sdn/plugin/node.go

@@ -40,6 +40,7 @@ type osdnPolicy interface {
 
 	GetVNID(namespace string) (uint32, error)
 	GetNamespaces(vnid uint32) []string
+	GetMCEnabled(vnid uint32) bool
 
 	RefVNID(vnid uint32)
 	UnrefVNID(vnid uint32)

pkg/sdn/plugin/pod.go

@@ -205,7 +205,10 @@ func localMulticastOutputs(runningPods map[string]*runningPod, vnid uint32) stri
 }
 
 func (m *podManager) updateLocalMulticastRulesWithLock(vnid uint32) {
-	outputs := localMulticastOutputs(m.runningPods, vnid)
+	var outputs string
+	if m.policy.GetMCEnabled(vnid) {
+		outputs = localMulticastOutputs(m.runningPods, vnid)
+	}
 	otx := m.ovs.NewTransaction()
 	if len(outputs) > 0 {
 		otx.AddFlow("table=120, priority=100, reg0=%d, actions=%s", vnid, outputs)

pkg/sdn/plugin/singletenant.go

@@ -37,6 +37,10 @@ func (sp *singleTenantPlugin) GetNamespaces(vnid uint32) []string {
 	return nil
 }
 
+func (sp *singleTenantPlugin) GetMCEnabled(vnid uint32) bool {
+	return false
+}
+
 func (sp *singleTenantPlugin) RefVNID(vnid uint32) {
 }
 

pkg/sdn/plugin/vnids_node.go

@@ -23,6 +23,7 @@ type nodeVNIDMap struct {
 	// Synchronizes add or remove ids/namespaces
 	lock       sync.Mutex
 	ids        map[string]uint32
+	mcEnabled  map[string]bool
 	namespaces map[uint32]sets.String
 }
 
@@ -31,6 +32,7 @@ func newNodeVNIDMap(policy osdnPolicy, osClient *osclient.Client) *nodeVNIDMap {
 		policy:     policy,
 		osClient:   osClient,
 		ids:        make(map[string]uint32),
+		mcEnabled:  make(map[string]bool),
 		namespaces: make(map[uint32]sets.String),
 	}
 }
@@ -74,6 +76,22 @@ func (vmap *nodeVNIDMap) GetVNID(name string) (uint32, error) {
 	return 0, fmt.Errorf("Failed to find netid for namespace: %s in vnid map", name)
 }
 
+func (vmap *nodeVNIDMap) GetMCEnabled(id uint32) bool {
+	vmap.lock.Lock()
+	defer vmap.lock.Unlock()
+
+	set, exists := vmap.namespaces[id]
+	if !exists || set.Len() == 0 {
+		return false
+	}
+	for _, ns := range set.List() {
+		if !vmap.mcEnabled[ns] {
+			return false
+		}
+	}
+	return true
+}
+
 // Nodes asynchronously watch for both NetNamespaces and services
 // NetNamespaces populates vnid map and services/pod-setup depend on vnid map
 // If for some reason, vnid map propagation from master to node is slow
@@ -99,17 +117,18 @@ func (vmap *nodeVNIDMap) WaitAndGetVNID(name string) (uint32, error) {
 	}
 }
 
-func (vmap *nodeVNIDMap) setVNID(name string, id uint32) {
+func (vmap *nodeVNIDMap) setVNID(name string, id uint32, mcEnabled bool) {
 	vmap.lock.Lock()
 	defer vmap.lock.Unlock()
 
 	if oldId, found := vmap.ids[name]; found {
 		vmap.removeNamespaceFromSet(name, oldId)
 	}
 	vmap.ids[name] = id
+	vmap.mcEnabled[name] = mcEnabled
 	vmap.addNamespaceToSet(name, id)
 
-	log.Infof("Associate netid %d to namespace %q", id, name)
+	log.Infof("Associate netid %d to namespace %q with mcEnabled %v", id, name, mcEnabled)
 }
 
 func (vmap *nodeVNIDMap) unsetVNID(name string) (id uint32, err error) {
@@ -122,18 +141,24 @@ func (vmap *nodeVNIDMap) unsetVNID(name string) (id uint32, err error) {
 	}
 	vmap.removeNamespaceFromSet(name, id)
 	delete(vmap.ids, name)
+	delete(vmap.mcEnabled, name)
 	log.Infof("Dissociate netid %d from namespace %q", id, name)
 	return id, nil
 }
 
+func netnsIsMulticastEnabled(netns *osapi.NetNamespace) bool {
+	enabled, ok := netns.Annotations[osapi.MulticastEnabledAnnotation]
+	return enabled == "true" && ok
+}
+
 func (vmap *nodeVNIDMap) populateVNIDs() error {
 	nets, err := vmap.osClient.NetNamespaces().List(kapi.ListOptions{})
 	if err != nil {
 		return err
 	}
 
 	for _, net := range nets.Items {
-		vmap.setVNID(net.Name, net.NetID)
+		vmap.setVNID(net.Name, net.NetID, netnsIsMulticastEnabled(&net))
 	}
 	return nil
 }
@@ -156,12 +181,14 @@ func (vmap *nodeVNIDMap) watchNetNamespaces() {
 		log.V(5).Infof("Watch %s event for NetNamespace %q", delta.Type, netns.ObjectMeta.Name)
 		switch delta.Type {
 		case cache.Sync, cache.Added, cache.Updated:
-			// Skip this event if the old and new network ids are same
+			// Skip this event if nothing has changed
 			oldNetID, err := vmap.GetVNID(netns.NetName)
-			if (err == nil) && (oldNetID == netns.NetID) {
+			oldMCEnabled := vmap.mcEnabled[netns.NetName]
+			mcEnabled := netnsIsMulticastEnabled(netns)
+			if err == nil && oldNetID == netns.NetID && oldMCEnabled == mcEnabled {
 				break
 			}
-			vmap.setVNID(netns.NetName, netns.NetID)
+			vmap.setVNID(netns.NetName, netns.NetID, mcEnabled)
 
 			if delta.Type == cache.Added {
 				vmap.policy.AddNetNamespace(netns)

pkg/sdn/plugin/vnids_node_test.go

@@ -19,10 +19,10 @@ func TestNodeVNIDMap(t *testing.T) {
 
 	// set vnids, non-overlapping
 
-	vmap.setVNID("alpha", 1)
-	vmap.setVNID("bravo", 2)
-	vmap.setVNID("charlie", 3)
-	vmap.setVNID("delta", 4)
+	vmap.setVNID("alpha", 1, false)
+	vmap.setVNID("bravo", 2, false)
+	vmap.setVNID("charlie", 3, false)
+	vmap.setVNID("delta", 4, false)
 
 	checkExists(t, vmap, "alpha", 1)
 	checkExists(t, vmap, "bravo", 2)
@@ -71,8 +71,8 @@ func TestNodeVNIDMap(t *testing.T) {
 
 	// change vnids
 
-	vmap.setVNID("bravo", 1)
-	vmap.setVNID("delta", 2)
+	vmap.setVNID("bravo", 1, false)
+	vmap.setVNID("delta", 2, false)
 
 	checkExists(t, vmap, "bravo", 1)
 	checkExists(t, vmap, "delta", 2)
@@ -86,12 +86,12 @@ func TestNodeVNIDMap(t *testing.T) {
 
 	// overlapping vnids
 
-	vmap.setVNID("echo", 3)
-	vmap.setVNID("foxtrot", 5)
-	vmap.setVNID("golf", 1)
-	vmap.setVNID("hotel", 1)
-	vmap.setVNID("india", 1)
-	vmap.setVNID("juliet", 3)
+	vmap.setVNID("echo", 3, false)
+	vmap.setVNID("foxtrot", 5, false)
+	vmap.setVNID("golf", 1, false)
+	vmap.setVNID("hotel", 1, false)
+	vmap.setVNID("india", 1, false)
+	vmap.setVNID("juliet", 3, false)
 
 	checkExists(t, vmap, "bravo", 1)
 	checkExists(t, vmap, "delta", 2)