Merge pull request #4 from TrekkieCoder/loxilb-iogh-877

PR: loxilb-iogh-877 Initial support for egress
TrekkieCoder · Dec 23, 2024 · 448dc5f · 448dc5f
2 parents 913a382 + 9d211bf
commit 448dc5f
Show file tree

Hide file tree

Showing 22 changed files with 549 additions and 58 deletions.
diff --git a/api/loxinlp/nlp.go b/api/loxinlp/nlp.go
@@ -583,7 +583,8 @@ func AddVxLANBridgeNoHook(vxlanid int, epIntfName string) int {
 			SrcAddr:      LocalIPs[0].IP,
 			VtepDevIndex: EndpointInterface.Attrs().Index,
 			VxlanId:      vxlanid,
-			Port:         4789, // VxLAN default port
+			Port:         8472, // VxLAN default port
+			Learning:     true,
 		}
 		if err := nlp.LinkAdd(VxlanDev); err != nil {
 			tk.LogIt(tk.LogWarning, "nlp: failed to create VxlanDev: [ %v ] with the error: %s\n", VxlanDev, err)
@@ -1270,6 +1271,26 @@ func AddRouteNoHook(DestinationIPNet, gateway, proto string) int {
 	return ret
 }
 
+func GetRouteNoHook(destination string) ([]string, error) {
+	var gws []string
+
+	dst := net.ParseIP(destination)
+	if dst == nil {
+		return []string{}, errors.New("invalid destination")
+	}
+
+	rts, err := nlp.RouteGet(dst)
+	if err != nil {
+		return []string{}, errors.New("invalid rt destination")
+	}
+
+	for _, rt := range rts {
+		gws = append(gws, rt.Gw.String())
+	}
+
+	return gws, nil
+}
+
 func DelRouteNoHook(DestinationIPNet string) int {
 	var ret int
 	var route nlp.Route

diff --git a/api/models/firewall_option_entry.go b/api/models/firewall_option_entry.go
diff --git a/api/models/loadbalance_entry.go b/api/models/loadbalance_entry.go
diff --git a/api/restapi/embedded_spec.go b/api/restapi/embedded_spec.go
diff --git a/api/restapi/handler/firewall.go b/api/restapi/handler/firewall.go
@@ -59,6 +59,7 @@ func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Respond
 	Opts.DoSnat = params.Attr.Opts.DoSnat
 	Opts.ToIP = params.Attr.Opts.ToIP
 	Opts.ToPort = uint16(params.Attr.Opts.ToPort)
+	Opts.OnDefault = params.Attr.Opts.OnDefault
 
 	FW.Rule = Rules
 	FW.Opts = Opts
@@ -179,6 +180,7 @@ func ConfigGetFW(params operations.GetConfigFirewallAllParams) middleware.Respon
 		tmpOpts.DoSnat = FW.Opts.DoSnat
 		tmpOpts.ToIP = FW.Opts.ToIP
 		tmpOpts.ToPort = int64(FW.Opts.ToPort)
+		tmpOpts.OnDefault = FW.Opts.OnDefault
 		tmpOpts.Counter = FW.Opts.Counter
 		tmpResult.RuleArguments = &tmpRule
 		tmpResult.Opts = &tmpOpts

diff --git a/api/restapi/handler/loadbalancer.go b/api/restapi/handler/loadbalancer.go
@@ -50,6 +50,7 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd
 	lbRules.Serv.Oper = cmn.LBOp(params.Attr.ServiceArguments.Oper)
 	lbRules.Serv.HostUrl = params.Attr.ServiceArguments.Host
 	lbRules.Serv.ProxyProtocolV2 = params.Attr.ServiceArguments.Proxyprotocolv2
+	lbRules.Serv.Egress = params.Attr.ServiceArguments.Egress
 
 	if lbRules.Serv.Proto == "sctp" {
 		for _, data := range params.Attr.SecondaryIPs {
@@ -175,6 +176,7 @@ func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) mid
 		tmpSvc.Snat = lb.Serv.Snat
 		tmpSvc.Host = lb.Serv.HostUrl
 		tmpSvc.Proxyprotocolv2 = lb.Serv.ProxyProtocolV2
+		tmpSvc.Egress = lb.Serv.Egress
 
 		tmpLB.ServiceArguments = &tmpSvc
 

diff --git a/api/swagger.yml b/api/swagger.yml
@@ -3041,6 +3041,9 @@ definitions:
           proxyprotocolv2:
             type: boolean
             description: flag to enable proxy protocol v2
+          egress:
+            type: boolean
+            description: flag to indicate an egress rule
 
       endpoints:
         type: array
@@ -3778,6 +3781,9 @@ definitions:
       toPort:
         type: integer
         description: Modify to given Port (Zero if port is not to be modified)
+      onDefault:
+        type: boolean
+        description: Trigger only on default cases
       counter:
         type: string
         description: traffic counters

diff --git a/cicd/httpsep/config.sh b/cicd/httpsep/config.sh
@@ -55,7 +55,7 @@ $dexec llb1 pkill loxilb
 $dexec llb1 ip link del llb0
 docker exec -dt llb1 /root/loxilb-io/loxilb/loxilb
 
-sleep 5
+sleep 25
 
 $dexec llb1 loxicmd create endpoint 31.31.31.1 --probetype=https --probeport=8080 --probereq="health" --proberesp="OK" --period=60 --retries=2
 $dexec llb1 loxicmd create endpoint 32.32.32.1 --probetype=https --probeport=8080 --probereq="health" --proberesp="OK" --period=60 --retries=2

diff --git a/common/common.go b/common/common.go
@@ -408,6 +408,8 @@ type FwOptArg struct {
 	DoSnat bool   `json:"doSnat"`
 	ToIP   string `json:"toIP"`
 	ToPort uint16 `json:"toPort"`
+	// OnDefault - Trigger only on default cases
+	OnDefault bool `json:"onDefault"`
 	// Counter - Traffic counter
 	Counter string `json:"counter"`
 }
@@ -583,6 +585,8 @@ type LbServiceArg struct {
 	HostUrl string `json:"path"`
 	// ProxyProtocolV2 - Enable proxy protocol v2
 	ProxyProtocolV2 bool `json:"proxyprotocolv2"`
+	// Egress - Egress Rule
+	Egress bool `json:"egress"`
 }
 
 // LbEndPointArg - Information related to load-balancer end-point
@@ -891,7 +895,8 @@ type BFDMod struct {
 // ClusterNodeMod - information related to a cluster node instance
 type ClusterNodeMod struct {
 	// Instance - Cluster Instance
-	Addr net.IP `json:"Addr"`
+	Addr   net.IP `json:"Addr"`
+	Egress bool   `json:"egress"`
 }
 
 const (

diff --git a/loxilb-ebpf b/loxilb-ebpf
diff --git a/options/options.go b/options/options.go
@@ -40,4 +40,5 @@ var Opts struct {
 	ConfigPath        string         `long:"config-path" description:"Config file path" default:"/etc/loxilb/"`
 	ProxyModeOnly     bool           `long:"proxyonlymode" description:"Run loxilb in proxy mode only, no Datapath"`
 	WhiteList         string         `long:"whitelist" description:"Regex string of whitelisted interface(experimental)" default:"none"`
+	ClusterInterface  string         `long:"clusterinterface" description:"cluster interface for egress HA" default:""`
 }
+4 −4		common/llb_dp_mdi.h
+8 −1		common/llb_dpapi.h
+27 −11		kernel/llb_kern_devif.c
+23 −2		kernel/llb_kern_entry.c
+2 −2		kernel/llb_kern_fw.c
+39 −13		kernel/llb_kern_l3fwd.c
+4 −2		kernel/llb_kern_natlbfwd.c