Release v1.10.0
Table of contents
NSM Release v1.10.0
NSM v1.10.0 has been tested on:
Schedule
Feature freeze: 4th of July
Release candidate: 11th of July
Release: 18th of July
Changes since last release
AWS: AF_XDP support
Root issue: https://github.com/networkservicemesh/cmd-forwarder-vpp/issues/859
AF_XDP socket doesn’t work on AWS cluster Logs:
Apr 3 13:24:25.406 [INFO] [cmd:vpp] libbpf: Kernel error message: veth: Peer MTU is too large to set XDP
Apr 3 13:24:25.406 [INFO] [cmd:vpp] vpp[10508]: af_xdp: af_xdp_load_program: bpf_set_link_xdp_fd(eth0) failed: Numerical result out of range
Apr 3 13:24:26.563 [ERRO] [cmd:/bin/forwarder] [duration:18.015838ms] [hostIfName:eth0] [vppapi:AfXdpCreate] VPPApiError: System call error #6 (-16)
panic: error: VPPApiError: System call error #6 (-16)
AKS: AF_XDP support
Root issue: https://github.com/networkservicemesh/cmd-forwarder-vpp/issues/859
AF_XDP socket doesn’t work on AKS cluster
Ping works only without hostNetwork: true
flag.
GKE: AF_XDP support
Root issue: https://github.com/networkservicemesh/cmd-forwarder-vpp/issues/859
AF_XDP socket doesn’t work on GKE cluster Logs:
Apr 3 05:38:16.954 [INFO] [cmd:vpp] libbpf: Kernel error message: virtio_net: XDP expects header/data in single page, any_header_sg required
Apr 3 05:38:16.954 [INFO] [cmd:vpp] vpp[10244]: af_xdp: af_xdp_load_program: bpf_set_link_xdp_fd(eth0) failed: Invalid argument
Apr 3 05:38:18.228 [ERRO] [cmd:/bin/forwarder] [duration:12.809608ms] [hostIfName:eth0] [vppapi:AfXdpCreate] VPPApiError: System call error #6 (-16)
panic: error: VPPApiError: System call error #6 (-16)
Run all integration tests in parallel
Each integration test is launched in its own namespace. If we launch several tests simultaneously they won’t interfere with each other. It will reduce time of testing on CI and also it will improve coverage and quality of the project.
Results:
Suite | Old | New | Difference |
---|---|---|---|
Basic Suite | 659.59s | 192.82s | 360.78 % |
Feature Suite | 972.89s | 283.35s | 343.35 % |
Heal Suite | 1646.46s | 1667.61s | 0 % |
Ipsec Suite | 199.73s | 38.52s | 518.51 % |
Monolith Suite | 242.04s | 258.16s | 0 % |
Memory Suite | 146.37s | 37.42s | 391.15 % |
Observability Suite | 97.84s | 89.21s | 0 % |
Rvlan Suite | 1017.88s | 1018.52s | 0 % |
Missing arm64 Linux images
Add the possible to compile & run NSM on ARM based machines.
Update go to v1.20.x
We need to update go to v1.20.x to solve issues with dependencies such like opentelemetry and also to have all benefits from latest go in NSM applications.
Generate code for running commands manually
Currently gotestmd generates only automatic tests.
A test has requirements, the main body and a cleanup.
User is expected to run tests using go test
.
There is no support to run custom commands without integrating them into the testing system.
Generated commands could be re-used in performance testing to keep performance testing up-to-date.
NSC - Add support for K8S PSS restricted/baseline profiles (for hostPath volumes)
K8S 1.25 release deprecates PSP (Pod security policy) and enables PSS (Pod Security Standards)/PSA (Pod Security Admission controller) by default. The PSS has 3 profiles - Privileged, Baseline and Restricted. NSC requires hostPath volumes for unix sockets. HostPath volumes are not permitted in Baseline/Restricted profiles.
Need a solution for NSC to work in Baseline/Restricted profiles.
Couple of options:
- NSM CSI driver : Add a NSM CSI driver plugin to mount the hostPath volume.
- Use network sockets instead of unix sockets and eliminate the need for hostPath volume.
Use counters instead of histogram for datapath metrics
Counters are more appropriate for NSM data-path metrics instead of histogram.
Replace govpp from nsm vpp appss to nsm/govpp
In NSM it’s super important to use latest patches or be able to quickly fix some issues in vpp. By this reason we need to start use govpp from nsm organization that improves control of the vpp components in the project.
Add a new example when one nsc connects to two nses with different services
Status: RESOLVED.
System stability fixes and improvements
cmd-admission-webhook-k8s generates client IDs properly only for Kind: Pod
cmd-admission-webhook-k8s generated client IDs properly only if client kind is Pod.
Kubernetes installation on Equinix Metal
Status: RESOLVED.
expire chain element with multiple registries
Status: RESOLVED.
How configuration change should be handled during healing?
Status: RESOLVED.
Community page stopped showing red arrows when PR from one repo to another failed (or not finished)
Community page stopped showing red arrows when PR from one repo to another failed (or not finished)
Add govpp arm64 ci for releases
Status: RESOLVED.
Missing log printouts in forwarder-vpp at DEBUG log level
Status: RESOLVED.
Release project board
Table of contents