Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GracefulRestart support in control-node (Phase 1)
At present, when ever xmpp connection to an agent goes down, all routes learned
from that agent are deleted and also withdrawn from all other peers. This causes
traffic loss end-to-end even if vrouter associated with the agent going down has
routes retained in the data plane for hit-less forwarding until new session comes
up and routes are re-learned and re-advertised again to other peers
With this change,
o Added support in control-node to retain routes learned from agents when xmpp
session goes down (In the hope that the session comes back up)
o Used mark and sweep approach to retain and later purge routes. Routes are
purged after graceful restart timer expires
1. When ever session is closed, all routes learned from the agent going down
are marked as stale (but retained in the routing table and still eligible
for best path election, outbound advertisement, etc.). Also a GR timer
is triggered to expire after a minute or so
2. If and when the session comes backup, and some/all paths are relearned,
stale flag is cleared (only for those relearned paths)
3. When the GR timer expires, table is walked again and any paths that are
still marked as Stale are swept (deleted) from the table
4. During the GR wait time (when the timer has not yet fired), subsequent
session flaps are considered double failures and all paths are deleted
(There by not doing GR)
o When the new session comes up, most of the old connection's data structures
are retained.
o Only XmppSession and XmppStateMachine are switched from the new connection to
the old
o Code mainly tests via unit tests
TODO (In subsequent phases)
o Fix code and add tests for configuration changes during the midst of GR
(e.g. routing-instance deletion)
o EndOfRib marker (Instead of always waiting on the GR timer to expire)
o Add GR support to BGP IPeers as well
o Handle route-targets cleanup properly
o Re-enable couple of connection endpoint's unit tests
o Enable GR for control-node process (and run systests)
o Enable GR in bgp_stress_test
o Configurable GR timer on a per peer basis
o Configurable GR ability on a per peer basis
o Do not do (4) above. Instead retain routes and remain in GR mode even after
multiple session closures (Work towards LLGR)
-----------------------------------------------------------------
GracefulRestart Phase 2 -- Handle routing-instance deletions during GR
When GR is in progress, all routes and subscription states (in BgpXmppChannel)
are retained in the hope that agent resubscribes after GR. But if the config
changes between the time agent went down and came back up, new agent may not
re-subscribe to all the instances it had subscribed before. Such sticky
subscriptions must also be cleaned up properly using mark and sweep approach
(Similar to how routes are handled)
Mark and sweep approach is already implemented for routes in PeerCloseManager.
BgpXmppChannel rides on this to get necessary callback for
o When to mark all subscription states as stale
o If agent re-subscribes after restart, stale flag is cleared in the
subscription state.
o When to sweep all subscription states (and delete still stale entries)
Only after all (still) stale subscription states are deleted, routing-instance
deletion process can resume and complete.
Btw, during GR, all route-targets retained as is, similar to how routes are
retained. At the moment, the rtarget entries are not individually marked
stale (and then swept). Instead, it is handled by marking the subscription
states which is already maintained on a per instance basis in BgpXmppChannel
Added test cases to cover many (but not all) scenarios
-----------------------------------------------------------------
GracefulRestart Phase 3 -- Send and process EoR marker
After agent restarts and sends routes to all instances across all
address families, it can send EoR marker to trigger termination
of GR process sooner. This prevents possible traffic black-holing
until GR timer expiry, which could be potentially a minute or so.
At the moment, empty publish and collection are used to denote
EoR marker.
e.g.
<?xml version="1.0"?>
<iq type="set" from="agent0@vnsw.contrailsystems.com" to="network-control@contrailsystems.com/bgp-peer">
<pubsub xmlns="http://jabber.org/protocol/pubsub">
<publish/>
</pubsub>
</iq>
<?xml version="1.0"?>
<iq type="set" from="agent0@vnsw.contrailsystems.com" to="network-control@contrailsystems.com/bgp-peer">
<pubsub xmlns="http://jabber.org/protocol/pubsub">
<collection/>
</pubsub>
</iq>
Added test cases to verify this part.
-----------------------------------------------------------------
GracefulRestart Phase 4 - Handle some of the initial review comments
o Increase WAIT_FOR_IDLE time for certain stressful unit tests
o Rename some functions from delete to close if applicable
o Simplify route stale login in BgpTable::InputCommon()
o Restore the asserts disabled in previous commits
o Stablize tests
o Add code to support LLGR (nested closures restart GR afresh)
-----------------------------------------------------------------
GracefulRestart Phase 5 - Handle LLGR Cases
o When sessions flap in GR_TIMER state, cancel the timer and restart GR all over
again. This is required in order to mark newly sent (partial) routes as stale
o Modfify tests to handle the nested closure cases as well
o Eventually when ever GR timer fires, routes are kept and swept if the session
is established, deleted otherwise.
-----------------------------------------------------------------
Change-Id: Ie589d69b6390356d4a052cc4415bff4b5dabd499
Partial-Bug: #1537933- Loading branch information
1 parent
4a81880
commit 1b62a30