Data path traffic separation option in swarm mode#32717
Data path traffic separation option in swarm mode#32717cpuguy83 merged 2 commits intomoby:masterfrom
Conversation
|
@aaronlehmann @aboch had to reopen it because the previous pull #32615 was not getting updated. |
fcrisciani
force-pushed
the
data_path
branch
3 times, most recently
from
30952b1 to
3aee03b
Compare
aaronlehmann
added
status/2-code-review
status/needs-vendoring
and removed
status/0-triage
labels
fcrisciani
changed the title
|
LGTM |
|
looks good to me |
|
Can you squash so there are two commits, one for libnetwork and one for the new flag/test/etc |
|
/ test / etc |
|
@cpuguy83 good like that? |
|
@cpuguy83 the powerpc pipeline is stuck |
|
Can we move these cli changes over to the docker/cli repo? |
|
I thought the CLI code hadn't been moved over yet. Shouldn't we make changes here until it is? |
|
Every change is 1 more rebase. |
|
I'm concerned about having two diverging implementations. I think we should continue making changes here until the switch happens. Among other things, the integration test being added here wouldn't pass because there would be a circular dependency between the test and the code being added in |
daemon/cluster/swarm.go
Outdated
There was a problem hiding this comment.
If --data-path-addr not specified, should it use AdvertiseAddr, or empty string?
There was a problem hiding this comment.
According to document, it should use AdvertiseAddr.
+If unspecified, Docker will use the same IP address or interface that is used for the
+advertise address.
There was a problem hiding this comment.
The config is saved consistently with the user input, this way we are not losing track of the original value inserted from the CLI.
The final decision on what to use in case the parameter is not specified is left to the final user of the flag itself.
Today libnetwork if the DataPathAddr is not specified will fallback using the AdvertiseAddr.
There was a problem hiding this comment.
Make sense. I think the GetDataPathAddress should clarify its description.
daemon/cluster/cluster.go
Outdated
There was a problem hiding this comment.
GetDataPathAddress returns the address configured for data path traffic.
There was a problem hiding this comment.
Would you prefer something like: GetDataPathAddress returns the address to be used for the data path traffic, if specified.
There was a problem hiding this comment.
k will change it
Vendor libnetwork changes for --data-path-addr flag Signed-off-by: Flavio Crisciani <[email protected]>
This new flag will allow the configuration of an interface that can be used for data path traffic to be isolated from control plane traffic. This flag is simply percolated down to libnetwork and will be used by all the global scope drivers (today overlay) Negative test added for invalid flag arguments Signed-off-by: Flavio Crisciani <[email protected]>
|
looks good to me |
thaJeztah
added
impact/changelog
impact/cli
impact/documentation
and removed
status/needs-vendoring
labels
|
/cc @johndmulhausen @mstanleyjones for docs |
| if err != errNoSuchInterface { | ||
| specifiedIP, err := resolveInputIPAddr(specifiedHost, true) | ||
| if err != nil { | ||
| if err == errBadNetworkIdentifier { |
There was a problem hiding this comment.
This is the resolveListenAddr that validates the listening address so the error is converted in a way that report an issue on the listening address
| func (s *DockerSwarmSuite) TestSwarmInitUnspecifiedDataPathAddr(c *check.C) { | ||
| d := s.AddDaemon(c, false, false) | ||
|
|
||
| out, err := d.Cmd("swarm", "init", "--data-path-addr", "0.0.0.0") |
There was a problem hiding this comment.
Here I would add a test with a completely invalid data path addr to check if the error is consistent
There was a problem hiding this comment.
non valid IP addresses are captured by the net.ParseIP() and all collapsed to the same error message errBadNetworkIdentifier.
|
|
||
| #get libnetwork packages | ||
| github.com/docker/libnetwork b13e0604016a4944025aaff521d9c125850b0d04 | ||
| github.com/docker/libnetwork 5dc95a3f9ce4b70bf08492ca37ec55c5b6d84975 |
There was a problem hiding this comment.
I see that this commit implements your required changes from libnetwork but why not using the latest commit at this stage?
There was a problem hiding this comment.
for those who need a compare:
Proposed commit
moby/libnetwork@b13e060...5dc95a3
Master:
moby/libnetwork@b13e060...master
Is there something I'm missing?
There was a problem hiding this comment.
Not sure I follow, this patch got merged already several days ago
There was a problem hiding this comment.
@fntlnz this PR was merged 25 days ago, so wouldn't be able to get all changes in master that are available now :)
There was a problem hiding this comment.
daf*** haven't noticed the merged label :D had it in my review list and finally found time to look at it! Anyway @fcrisciani super nice feature!
|
This looks to be broken - #33936 |
|
@praving55 ah! I see you commented here as well; I see the flag was renamed during the design/PR review process (originally |
10 participants
- What I did
In SWARM mode is now possible to pass a new flag to specify which is the interface to use for data path traffic. This will allow to separate data traffic (container to container pkts) from control traffic (grpc between workers and managers)
- How I did it
Introduced a new flag
--data-path-addrin the docker swarm init and docker swarm join- How to verify it
Create a swarm cluster on hosts with at least 2 interfaces, one will be dedicated for the management and will be the one that will be used in the --advertise-addr, the other instead will be the one for the
--data-path-addrflag.Second step is to create an overlay network
Third step is to launch containers on different workers using the overlay network.
At this point the traffic between the containers on different workers will happen on the interface identified by the
--data-path-addr- Description for the changelog
Data path traffic separation option in swarm mode
Fixes #32446
- A picture of a cute animal (not mandatory but encouraged)
