Upgrade go-ipfix to v0.13.0 #6998
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
antoninbas
added
the
area/flow-visibility
antoninbas
force-pushed
the
upgrade-go-ipfix-to-0.13.0
branch
4 times, most recently
from
09b8c16 to
31bbde9
Compare
luolanzone
reviewed
Feb 20, 2025
| @@ -144,7 +150,8 @@ func (e *IPFIXExporter) UpdateOptions(opt *options.Options) { | |||
| e.observationDomainID = genObservationDomainID(e.clusterUUID) | |||
| } | |||
| e.templateRefreshTimeout = opt.TemplateRefreshTimeout | |||
| klog.InfoS("New IPFIXExporter configuration", "collectorAddress", e.externalFlowCollectorAddr, "collectorProtocol", e.externalFlowCollectorProto, "sendJSON", e.sendJSONRecord, "domainID", e.observationDomainID, "templateRefreshTimeout", e.templateRefreshTimeout) | |||
| e.maxIPFIXMsgSize = int(opt.Config.FlowCollector.MaxIPFIXMsgSize) | |||
There was a problem hiding this comment.
Any range for this? should we check if the value provided by the user is a reasonable value?
There was a problem hiding this comment.
I added validation code, using the same limits as in the go-ipfix library
tnqn
reviewed
Feb 20, 2025
pkg/flowaggregator/exporter/ipfix.go
Outdated
Comment on lines
172
to
174
| if klog.V(7).Enabled() { | ||
| klog.InfoS("Data set sent successfully", "bytes sent", sentBytes) | ||
| klog.InfoS("Data record added successfully") | ||
| } |
There was a problem hiding this comment.
should it just call klog.V(7).InfoS("Data record added successfully"), getting rid of Enabled check?
There was a problem hiding this comment.
I assume you are suggesting this because the "cost" is the same in the absence of fields to log?
There was a problem hiding this comment.
Right, it's not common to have a dedicated Enabled check when there is no big overhead to serialize the values as it could have been written in one line.
pkg/flowaggregator/exporter/ipfix.go
Outdated
Comment on lines
156
to
157
| if e.exportingProcess != nil { | ||
| e.exportingProcess.CloseConnToCollector() |
There was a problem hiding this comment.
should it flush bufferedExporter first like Stop()?
There was a problem hiding this comment.
I would say it's reasonable not to flush in case of error?
There was a problem hiding this comment.
This is when user changes the configuration, right? If not flushed, could some records received in the last second be lost. My understanding this is similar to Stop + Start, so I wonder why we flush upon Stop but not here.
There was a problem hiding this comment.
you're right actually, I thought you left that comment in a different place. I'll make the change
As part of this upgrade, we make the following changes: * Switch to buffered IPFIX exporter in the Flow Aggregator. This exporter has better performance for UDP IPFIX messages, by ensuring that multiple data records can be batched together in a single message. * Provide Path MTU (PMTU) when creating the IPFIX exporter in the Flow Aggregator. The value is used by the new buffered exporter to determine how many IPFIX records can fit in a single message while avoiding IP fragmentation. In our case, we "approximate" the Path MTU by looking up the MTU of the Flow Aggregator Pod's eth0 interface. * Add a MaxMsgSize configuration parameter to the Flow Aggregator as a way to override the default behavior, which is to use the MTU (minus header overhead) when the UDP protocol is used. * Add periodic flushing when exporting IPFIX records, which is necessary after switching to the buffered exporter. In Aggregation mode, flushing happens after processing a given batch of expired records. In Proxy mode, flushing happens every second. * Use updated reference IPFIX collector in e2e tests. The updated collector handles the case where multiple data records are included in the same IPFIX message more gracefully, which leads to some simplification in the test code. Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
antoninbas
force-pushed
the
upgrade-go-ipfix-to-0.13.0
branch
from
31bbde9 to
8942f97
Compare
luolanzone
reviewed
Feb 21, 2025
| @@ -34,6 +34,7 @@ Kubernetes: `>= 1.19.0-0` | |||
| | flowAggregatorAddress | string | `""` | Provide an extra DNS name or IP address of flow aggregator for generating TLS certificate. | | |||
| | flowCollector.address | string | `""` | Provide the flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. If no L4 transport proto is given, we consider tcp as default. | | |||
| | flowCollector.enable | bool | `false` | Determine whether to enable exporting flow records to external flow collector. | | |||
| | flowCollector.maxIPFIXMsgSize | int | `0` | Maximum message size to use for IPFIX records. If set to 0 (recommended), a reasonable default value will be used based on the protocol (tcp or udp) used to connect to the collector. | | |||
There was a problem hiding this comment.
Suggested change
| | flowCollector.maxIPFIXMsgSize | int | `0` | Maximum message size to use for IPFIX records. If set to 0 (recommended), a reasonable default value will be used based on the protocol (tcp or udp) used to connect to the collector. | | |
| | flowCollector.maxIPFIXMsgSize | int | `0` | Maximum message size to use for IPFIX records. If set to 0 (recommended), a reasonable default value will be used based on the protocol (tcp or udp) used to connect to the collector. Min valid value is 512 and max valid value is 65535. | |
|
/test-all |
|
closed by mistake... |
|
/test-all |
antoninbas
force-pushed
the
upgrade-go-ipfix-to-0.13.0
branch
from
17e2d9d to
cb16327
Compare
tnqn
previously approved these changes
Feb 21, 2025
Comment on lines
119
to
122
| return nil, fmt.Errorf("maxIPFIXMsgSize cannot be smaller than minimum valid IPFIX mesage size %d", flowaggregatorconfig.MinValidIPFIXMsgSize) | ||
| } | ||
| if opt.Config.FlowCollector.MaxIPFIXMsgSize > flowaggregatorconfig.MaxValidIPFIXMsgSize { | ||
| return nil, fmt.Errorf("maxIPFIXMsgSize cannot be greater than the maximum valid IPFIX mesage size %d", flowaggregatorconfig.MaxValidIPFIXMsgSize) |
There was a problem hiding this comment.
should the error message have "the" in front of minimum/maximum consistently?
Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
antoninbas
force-pushed
the
upgrade-go-ipfix-to-0.13.0
branch
from
cb16327 to
314fd64
Compare
|
/test-all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As part of this upgrade, we make the following changes:
exporter has better performance for UDP IPFIX messages, by ensuring
that multiple data records can be batched together in a single
message.
Aggregator. The value is used by the new buffered exporter to
determine how many IPFIX records can fit in a single message while
avoiding IP fragmentation. In our case, we "approximate" the Path MTU
by looking up the MTU of the Flow Aggregator Pod's eth0 interface.
way to override the default behavior, which is to use the MTU (minus
header overhead) when the UDP protocol is used.
after switching to the buffered exporter. In Aggregation mode,
flushing happens after processing a given batch of expired records. In
Proxy mode, flushing happens every second.
collector handles the case where multiple data records are included in
the same IPFIX message more gracefully, which leads to some
simplification in the test code.