[Backport 17.12] Added required call to allocate VIPs when endpoints are restored#2472
[Backport 17.12] Added required call to allocate VIPs when endpoints are restored#2472fcrisciani wants to merge 2 commits into
Conversation
On leader change or leader reboot the restore logic in the allocator was allocating overlapping IP address for VIPs and Endpoints in the ingress network. The fix added as part of this commit ensures that during restore we allocate the existing VIP and endpoint. Signed-off-by: Balraj Singh <balrajsingh@ieee.org> (cherry picked from commit 5fd25d2)
|
@balrajsingh @abhi @dperny for final blessing |
Signed-off-by: Balraj Singh <balrajsingh@ieee.org> (cherry picked from commit 2397ddf)
fcrisciani
force-pushed
the
backport_17.06
branch
from
15688d5 to
da24fae
Compare
Codecov Report
@@ Coverage Diff @@
## bump_v17.12 #2472 +/- ##
===============================================
+ Coverage 61.8% 67.32% +5.52%
===============================================
Files 128 80 -48
Lines 21107 11487 -9620
===============================================
- Hits 13045 7734 -5311
+ Misses 6664 2963 -3701
+ Partials 1398 790 -608 |
|
CI error: Tried a couple of times, giving up, looks like was also failing on master |
|
when i merged the original PR all tests were succeeding... |
|
@dperny yeah but as far as I know @balrajsingh triggered the CI several times |
|
@balrajsingh can you take a look? is it possible that is an artifact of running the tests in parallel? |
|
@fcrisciani This particular test (TestNodeAllocator) seems to pass sometimes and fail at other times on the CI. |
|
@balrajsingh I looked at the test cases. It looks like this error is expected. So definitely thats not an issue.If you run |
|
This can probably be closed |
|
merged as another PR |
5 participants
From original PR (#2468):
Tracking down libnetwork/1790#issuecomment-308222053. The report is that if on a single node several services are started, and if this node is then rebooted, all the services appear to come back but some of them are no longer reachable.
On probing, the cause turned out to be an invalid assignment of IP addresses to services when they were restored. Specifically, the same IP address was assigned to one service's VIP and also a different service's endpoint. The result was that packets got delivered to the wrong container and caused symptoms like services or ports unreachable.
This is very likely to also be the cause of moby/#35675 and other duplicate-IP or overlapping IP issues.
The reason for this problem seems to be that the code path followed when services are restored, at no point contacts or informs IPAM about the IP addresses used as the restored service's VIP. So IPAM thinks that those IP addresses are still available and hands them out to endpoints and new services, causing the observed chaos.
To work out the right fix, I compared the code path when a service is created from the CLI to the code path when a service is restored on reboot. To me this fix is the bit that should have always been on the restore path but was omitted. With this fix IPAM gets correctly informed and it's state is consistent with what I see on the network.
I have tested this fix on a single node running several services and when there multiple nodes with multiple managers running many services (specifically 2 nodes and 2 managers). In both cases, without the fix a reboot would cause IP address overlaps on the ingress network. With the fix there are no overlaps.
While the fix seems to work, I'm not sure if it is at exactly the right point in this function, or indeed if it is the right or complete fix. Please take a look and let me know.