libnetwork/d/overlay: elide vtep for local peers

corhere · corhere · commit 48e0b24ff7f9 · 2025-05-29T14:13:13.000-04:00
The VTEP value for a peer in peerDB is only accurate for a remote peer.
The VTEP for a local peer would be the driver's advertise address, which
is not necessarily constant for the lifetime of the driver instance.
The VTEP values persisted in the peerDB entries for local peers could be
stale or missing if not kept in sync with the advertise address. And the
peerDB could get polluted with duplicate entries for local peers if the
advertise address was to change, as entries which differ only by VTEP
are considered distinct by SetMatrix. Persisting the advertise address
as the VTEP for local peers creates lots of problems that are not easy
to solve.

Stop persisting the VTEP for local peers in peerDB. Any code that needs
to know the VTEP for local peers can look that up from the source of
truth: the driver's advertise address. Use the lack of a VTEP in peerDB
entries to signify local peers, making the isLocal flag redundant.

Signed-off-by: Cory Snider &lt;csnider@mirantis.com&gt;
diff --git a/libnetwork/drivers/overlay/encryption.go b/libnetwork/drivers/overlay/encryption.go
@@ -132,7 +132,7 @@ func (d *driver) checkEncryption(nid string, rIP netip.Addr, isLocal, add bool)
 	switch {
 	case isLocal:
 		if err := d.peerDbNetworkWalk(nid, func(_ netip.Addr, _ net.HardwareAddr, pEntry *peerEntry) bool {
-			if !pEntry.isLocal {
+			if !pEntry.isLocal() {
 				nodes[pEntry.vtep] = struct{}{}
 			}
 			return false
diff --git a/libnetwork/drivers/overlay/peerdb.go b/libnetwork/drivers/overlay/peerdb.go
@@ -20,9 +20,12 @@ const ovPeerTable = "overlay_peer_table"
 
 type peerEntry struct {
 	eid        string
-	vtep       netip.Addr
-	prefixBits int // number of 1-bits in network mask of peerIP
-	isLocal    bool
+	vtep       netip.Addr // Virtual Tunnel End Point for non-local peers
+	prefixBits int        // number of 1-bits in network mask of peerIP
+}
+
+func (p *peerEntry) isLocal() bool {
+	return !p.vtep.IsValid()
 }
 
 type peerMap struct {
@@ -105,7 +108,9 @@ func (d *driver) peerDbAdd(nid, eid string, peerIP netip.Prefix, peerMac net.Har
 		eid:        eid,
 		vtep:       vtep,
 		prefixBits: peerIP.Bits(),
-		isLocal:    isLocal,
+	}
+	if isLocal {
+		pEntry.vtep = netip.Addr{}
 	}
 
 	pMap.Lock()
@@ -134,7 +139,9 @@ func (d *driver) peerDbDelete(nid, eid string, peerIP netip.Prefix, peerMac net.
 		eid:        eid,
 		vtep:       vtep,
 		prefixBits: peerIP.Bits(),
-		isLocal:    isLocal,
+	}
+	if isLocal {
+		pEntry.vtep = netip.Addr{}
 	}
 
 	pMap.Lock()
@@ -170,11 +177,11 @@ func (d *driver) initSandboxPeerDB(nid string) {
 func (d *driver) peerInitOp(nid string) error {
 	return d.peerDbNetworkWalk(nid, func(peerIP netip.Addr, peerMac net.HardwareAddr, pEntry *peerEntry) bool {
 		// Local entries do not need to be added
-		if pEntry.isLocal {
+		if pEntry.isLocal() {
 			return false
 		}
 
-		d.peerAddOp(nid, pEntry.eid, netip.PrefixFrom(peerIP, pEntry.prefixBits), peerMac, pEntry.vtep, false, pEntry.isLocal)
+		d.peerAddOp(nid, pEntry.eid, netip.PrefixFrom(peerIP, pEntry.prefixBits), peerMac, pEntry.vtep, false, pEntry.isLocal())
 		// return false to loop on all entries
 		return false
 	})
@@ -322,7 +329,7 @@ func (d *driver) peerDeleteOp(nid, eid string, peerIP netip.Prefix, peerMac net.
 		log.G(context.TODO()).Errorf("peerDeleteOp unable to restore a configuration for nid:%s ip:%v mac:%v err:%s", nid, peerIP, peerMac, err)
 		return err
 	}
-	return d.peerAddOp(nid, peerEntry.eid, netip.PrefixFrom(peerIPAddr, peerEntry.prefixBits), peerMac, peerEntry.vtep, false, peerEntry.isLocal)
+	return d.peerAddOp(nid, peerEntry.eid, netip.PrefixFrom(peerIPAddr, peerEntry.prefixBits), peerMac, peerEntry.vtep, false, peerEntry.isLocal())
 }
 
 func (d *driver) peerFlush(nid string) {

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ func (d *driver) checkEncryption(nid string, rIP netip.Addr, isLocal, add bool)`
`132`	`132`	`switch {`
`133`	`133`	`case isLocal:`
`134`	`134`	`if err := d.peerDbNetworkWalk(nid, func(_ netip.Addr, _ net.HardwareAddr, pEntry *peerEntry) bool {`
`135`		`- if !pEntry.isLocal {`
	`135`	`+ if !pEntry.isLocal() {`
`136`	`136`	`nodes[pEntry.vtep] = struct{}{}`
`137`	`137`	`}`
`138`	`138`	`return false`