feat(vm): switch VM network datapath to eBPF bpfbridge binding#2212
Draft
LopatinDmitr wants to merge 6 commits into
Draft
feat(vm): switch VM network datapath to eBPF bpfbridge binding#2212LopatinDmitr wants to merge 6 commits into
LopatinDmitr wants to merge 6 commits into
Conversation
5de385a to
ba5c9bb
Compare
d647add to
71140af
Compare
6260cbb to
6d276fd
Compare
2476389 to
011d989
Compare
c602ae8 to
f73c46f
Compare
b80dc91 to
bce14c5
Compare
8cd0998 to
b281e23
Compare
2e51d62 to
db90cbc
Compare
daf411d to
b3ac7fd
Compare
1df8bc7 to
6ce6259
Compare
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Signed-off-by: Maksim Garmonov <maksim.garmonov@flant.com> Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
6ce6259 to
9d20d01
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Integrates the new
bpfbridgenetwork binding plugin (kubevirt side: deckhouse/3p-kubevirt#99) into the virtualization module and switches VM network interfaces to it, replacing the classic tap + veth + Linux-bridge datapath used for VM networks.Module-side changes in this PR:
3p-kubevirtto the branch that adds thebpfbridgebinding plugin (feat(vm): add bpfbridge network binding plugin 3p-kubevirt#99).bpf_bridge.oinvirt-artifact(addsclang/libbpf-devel) and ship it intovirt-handlerat/usr/share/network-bpf-bridge-binding/bpf_bridge.o.bpfbridgenetwork binding plugin in the KubeVirt CR (domainAttachmentType: tap, migration enabled).binding: bpfbridgeinstead ofBridge.network.deckhouse.io/tap-provision-by-dvp-supportedannotation to coordinate TAP provisioning by DVP.Why do we need it, and what problem does it solve?
The classic tap + veth + Linux-bridge wiring for VM networks adds a per-packet bridge hop and extra devices inside the pod. The
bpfbridgeplugin replaces it with a small eBPF (tc) L2 proxy (tc_l2_proxy) that redirects frames directly between the VM tap and the pod/CNI veth by ifindex. This gives a leaner datapath for the Main network and, importantly, makes additional ClusterNetwork interfaces work: VMs can talk over an additional network, keep it across live migration, and hotplug/hotunplug ClusterNetworks — including VMs that have only an additional network and no Main.What is the expected result?
Checklist
Changelog entries