Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cilium operator doesn't release excess IPv4 CIDR block in AWS ENI when prefix delegation is enabled #32209

Open
2 of 3 tasks
tianhaopx opened this issue Apr 28, 2024 · 1 comment
Open
2 of 3 tasks

Cilium operator doesn't release excess IPv4 CIDR block in AWS ENI when prefix delegation is enabled #32209

tianhaopx opened this issue Apr 28, 2024 · 1 comment
Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps. sig/agent Cilium agent related. sig/ipam IP address management, including cloud IPAM

Comments

@tianhaopx
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

In cilium operator, --aws-enable-prefix-delegation and --aws-release-excess-ips are enabled.

/28 IPv4 CIDR blocks are assigned to AWS ENI, it can assign multiple IPv4 blocks based on required IPs/pod numbers in the node. However, when pod number reduces in the node, excess IPv4 CIDR blocks are not released.

From source code, https://github.com/cilium/cilium/blame/198b79470687f7e9a7786e768be0c9ec032cf5f8/pkg/aws/ec2/ec2.go#L734 function UnassignENIPrefixes is never used.
image

I think #18463 added support for AWS ENI prefix delegation, but it didn't consider release excess IPv4 prefix.

Cilium Version

v1.12.3

Kernel Version

Linux 5.15.0-1022-aws 20.04.1-Ubuntu

Kubernetes Version

v1.23.5

Regression

No response

Sysdump

No response

Relevant log output

No response

Anything else?

No response

Cilium Users Document

  • Are you a user of Cilium? Please add yourself to the Users doc

Code of Conduct

  • I agree to follow this project's Code of Conduct
@tianhaopx tianhaopx added kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps. labels Apr 28, 2024
@falmar
Copy link

falmar commented Apr 28, 2024

I was looking at this same issue seeing my instances ENI prefixes not released while testing out the prefix delegation feature... and i found this:

cilium/pkg/aws/eni/node.go

Lines 144 to 152 in 198b794

// Iterate over ENIs on this node, select the ENI with the most
// addresses available for release
for _, eniId := range eniIds {
e := n.enis[eniId]
// IP release for prefixes is not currently supported. Will skip releasing from this ENI
if len(e.Prefixes) > 0 {
continue
}

I do of course don't know the exact reasons :) but hopefully will be implemented at some point, hope that answer your question as it did mine

@youngnick youngnick added sig/ipam IP address management, including cloud IPAM sig/agent Cilium agent related. labels Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. needs/triage This issue requires triaging to establish severity and next steps. sig/agent Cilium agent related. sig/ipam IP address management, including cloud IPAM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tianhaopx @youngnick @falmar