Closed sriramec closed 3 years ago
DANM doesn't modify the attributes of the VFs. it is done by the SR-IOV CNI.
DANM doesn't set spoof check parameter in the SR-IOV config: https://github.com/nokia/danm/blob/master/pkg/cnidel/cniconfs.go#L41 if I tell the SR-IOV CNI to not do anything with the spoof check parameter, I expect it to be the case. based on code it should be: https://github.com/k8snetworkplumbingwg/sriov-cni/blob/master/pkg/sriov/sriov.go#L334
so I'm not sure where and why exactly the CNI is changing this attribute, but it is an error there. what's the version of the SR-IOV CNI you are using? maybe try updateing it to the latest version
@sriramec any updates?
Hi,
This seems to be a mellanox nic specific issue. With all the s/w versions being same, when I tried on Intel NICs, this issue is not observed. So, I have raised a ticket on Mellanox . Thanks for all the support.
Regards, Sriram
BTW this comment: https://github.com/k8snetworkplumbingwg/sriov-cni/pull/114/files#r391395504 sounds like the issue you describe so make sure the CNI version you use contains this PR
Is this a BUG REPORT or FEATURE REQUEST?:
What happened:
What you expected to happen:
How to reproduce it: sriov-f1c network
sriovipsec network
netcat pod
ipsecpod
"ip a s" output in netcat
"ip a s" in ipsec pod
ping from netcat pod to ipsec pod
ip link output in host
Turn off the spoof check
Run the spoof check script ./set_spoof_off.sh
Now ping
ping works.
So the question is how to keep this spoof check off always.
Anything else we need to know?:
Environment:
DANM version (use
danm -version
): -> controller-1:/usr/libexec/cni# ./danm -version 2021/01/27 07:27:03 DANM binary was built from release: v4.2.1 2021/01/27 07:27:03 DANM binary was built from commit: abd3c48d_dirtyKubernetes version (use
kubectl version
):DANM configuration (K8s manifests, kubeconfig files, CNI config file):
OS (e.g. from /etc/os-release):
Kernel (e.g.
uname -a
): controller-1:/usr/libexec/cni# uname -a Linux controller-1 4.18.0-147.3.1.rt24.96.el8_1.tis.8.x86_64 #1 SMP PREEMPT RT Wed Aug 5 06:21:07 UTC 2020 x86_64 x86_64 x86_64 GNU/LinuxOthers: