ipam/crd: Fix ENI leak due to miscounting of empty interface slots by jaffcheng · Pull Request #21800 · cilium/cilium

jaffcheng · 2022-10-19T09:11:24Z

please see commit msg

Fix ENI leak in Alibaba due to miscounting of empty interface slots

Currently, in CRD ipam modes, before the operator creates a new interface (or ENI for brevity), it checks the number of remaining empty ENI slots to ensure the max ENI limit does not exceed. However, the check is made against the field `AllocationAction.AvailableInterfaces`, which is set as `(empty ENI slots) + (attached ENIs that have not yet reached the IP address capacity)` in `PrepareIPAllocation`. This makes the ENI limit check ineffective in situations where an ENI with free space somehow can't be assigned with more IPs, e.g. the subnet of ENI is exhausted. As a result, the operator continuously tries to create and attach ENIs to the instance, the createInterface calls would succeed but attachInterface calls might fail due to ENI limit, and ENIs are leaked and exhausted eventually. The cause of miscouting might be the ambiguous field name `AvailableInterfaces`, which might be interpreted with different meanings in different contexts: 1. empty ENI slots, in interface creation context 2. attached ENIs with IP space, in IP allocation context 3. sum of 1. and 2., in node ipam stats context This patch fixes this by checking max ENI limit against the correct value, and also replaces `AllocationAction.AvailableInterfaces` with clearer names `InterfaceCandidates` `EmptyInterfaceSlots` to avoid potential misunderstanding in the future. Fixes: cilium#21747 Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com>

qmonnet

Looks good as far as I can tell, but I'm not familiar with Alibaba's IPAM.

From the issue report I understand the bug has been present since at least 1.10, is this fix something that we should consider for backports?

pkg/ipam/metrics/metrics.go

Deprecate `cilium_operator_ipam_available_interfaces` and add the following metrics: * cilium_operator_ipam_interface_candidates * cilium_operator_ipam_empty_interface_slots Related: cilium#21747 Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com>

jaffcheng · 2022-10-19T15:36:01Z

Thanks for the comment.

From the issue report I understand the bug has been present since at least 1.10, is this fix something that we should consider for backports?

Yes, I think this needs to be backported. I'm a little surprised this issue hasn't been reported by another user, since it should affect AWS ENI as well if I understand correctly.

christarazi

Fix makes sense to me, thanks! Should we go a step further and ensure that we deallocate the ENI if we fail to attach it?

tommyp1ckles

Azure changes LGTM

Delete ENI after a failed AttachNetworkInterface API call. Fixes: cilium#21747 Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com>

jaffcheng · 2022-10-20T07:09:59Z

Should we go a step further and ensure that we deallocate the ENI if we fail to attach it?

@christarazi Thanks for the advice! Just realized we already have ENI rollback logic, but alibabacloud missed it after a failed AttachNetworkInterface API call. This could explain why AWS users haven't run into this.
Added a commit to fix this, please take another look.

christarazi · 2022-10-20T07:40:27Z

Looks good, thanks!

aanm · 2022-10-21T21:58:31Z

/test

pchaigno · 2022-11-07T13:07:48Z

Removing backport labels here as this PR has upgrade impact and deprecations. Please yell if some part of the PR does need to be bsckported.

christarazi · 2022-11-11T20:16:05Z

@jaffcheng Do we need to do the same thing for AWS ENI?

jaffcheng · 2022-11-14T02:10:38Z

I think this fix should also affect AWS ENI. IIUC, if an AWS node encounters this, the cilium-operator without this PR would keep creating and attaching(limit error) and deleting an ENI, but no ENI leak would happen.

christarazi · 2022-11-14T23:04:20Z

@jaffcheng Could you open a PR to resolve discrepancies between AWS and Alibaba?

jaffcheng · 2022-11-15T03:09:55Z

@jaffcheng Could you open a PR to resolve discrepancies between AWS and Alibaba?

@christarazi Sorry for my wording not being clear enough, I think this PR should have fixed the ENI slot miscounting problem for AWS:

118c148#diff-30611d880237aa1610d4ba922a8639e304d4f1e398b98418bdd4200ee4536066R225-R252

The discrepancies between Alibaba and AWS are fixed in this commit:
8e23fe4

christarazi · 2022-11-16T00:27:01Z

Ah perfect, thanks @jaffcheng!

Remove `cilium_operator_ipam_ips` and `cilium_operator_ipam_available_interfaces` IPAM metrics that have been deprecated and marked for deletion respectively since 1.15 and 1.14. Followup to #21800 Followup to #24776 Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>

jaffcheng requested review from a team as code owners October 19, 2022 09:11

jaffcheng requested review from christarazi and tommyp1ckles October 19, 2022 09:11

maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 19, 2022

jaffcheng requested a review from qmonnet October 19, 2022 09:11

qmonnet added kind/bug This is a bug in the Cilium logic. release-note/bug This PR fixes an issue in a previous release of Cilium. area/alibaba Impacts Alibaba based IPAM. and removed kind/bug This is a bug in the Cilium logic. labels Oct 19, 2022

maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Oct 19, 2022

qmonnet approved these changes Oct 19, 2022

View reviewed changes

pkg/ipam/metrics/metrics.go Outdated Show resolved Hide resolved

qmonnet added the upgrade-impact This PR has potential upgrade or downgrade impact. label Oct 19, 2022

jaffcheng force-pushed the fix-eni-leak-upstream branch from c14f045 to f35bf0b Compare October 19, 2022 15:26

christarazi approved these changes Oct 20, 2022

View reviewed changes

tommyp1ckles approved these changes Oct 20, 2022

View reviewed changes

alibabacloud: Release ENI after failure to attach

8e23fe4

Delete ENI after a failed AttachNetworkInterface API call. Fixes: cilium#21747 Signed-off-by: Jaff Cheng <jaff.cheng.sh@gmail.com>

qmonnet added needs-backport/1.10 labels Oct 20, 2022

maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Oct 21, 2022

aanm merged commit 0b7919a into cilium:master Oct 25, 2022

jaffcheng deleted the fix-eni-leak-upstream branch October 25, 2022 09:44

pchaigno removed needs-backport/1.10 labels Nov 7, 2022

pchaigno mentioned this pull request Nov 7, 2022

v1.12 backports 2022-11-07 #22028

Merged

HadrienPatte mentioned this pull request Apr 2, 2026

ipam: Remove cilium_operator_ipam_ips and cilium_operator_ipam_available_interfaces IPAM metrics that have been deprecated and marked for deletion respectively since 1.15 and 1.14. #45134

Open

Conversation

jaffcheng commented Oct 19, 2022 • edited by christarazi Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

qmonnet left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

jaffcheng commented Oct 19, 2022

Uh oh!

christarazi left a comment

Choose a reason for hiding this comment

Uh oh!

tommyp1ckles left a comment

Choose a reason for hiding this comment

Uh oh!

jaffcheng commented Oct 20, 2022

Uh oh!

christarazi commented Oct 20, 2022

Uh oh!

aanm commented Oct 21, 2022

Uh oh!

pchaigno commented Nov 7, 2022

Uh oh!

christarazi commented Nov 11, 2022

Uh oh!

jaffcheng commented Nov 14, 2022

Uh oh!

christarazi commented Nov 14, 2022

Uh oh!

jaffcheng commented Nov 15, 2022

Uh oh!

christarazi commented Nov 16, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

jaffcheng commented Oct 19, 2022 •

edited by christarazi

Loading