From: "Michael S. Tsirkin" <mst@redhat.com>
To: Liran Alon <liran.alon@oracle.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Si-Wei Liu <si-wei.liu@oracle.com>,
Sridhar Samudrala <sridhar.samudrala@intel.com>,
Alexander Duyck <alexander.duyck@gmail.com>,
Jakub Kicinski <kubakici@wp.pl>, Jiri Pirko <jiri@resnulli.us>,
David Miller <davem@davemloft.net>,
Netdev <netdev@vger.kernel.org>,
virtualization@lists.linux-foundation.org,
boris.ostrovsky@oracle.com, vijay.balakrishna@oracle.com,
jfreimann@redhat.com, ogerlitz@mellanox.com,
vuhuong@mellanox.com
Subject: Re: [summary] virtio network device failover writeup
Date: Wed, 20 Mar 2019 06:25:01 -0400 [thread overview]
Message-ID: <20190320061632-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <79F5D7C0-BBAA-4F78-9039-27A444970002@oracle.com>
On Wed, Mar 20, 2019 at 01:25:58AM +0200, Liran Alon wrote:
>
>
> > On 19 Mar 2019, at 23:19, Michael S. Tsirkin <mst@redhat.com> wrote:
> >
> > On Tue, Mar 19, 2019 at 08:46:47AM -0700, Stephen Hemminger wrote:
> >> On Tue, 19 Mar 2019 14:38:06 +0200
> >> Liran Alon <liran.alon@oracle.com> wrote:
> >>
> >>> b.3) cloud-init: If configured to perform network-configuration, it attempts to configure all available netdevs. It should avoid however doing so on net-failover slaves.
> >>> (Microsoft has handled this by adding a mechanism in cloud-init to blacklist a netdev from being configured in case it is owned by a specific PCI driver. Specifically, they blacklist Mellanox VF driver. However, this technique doesn’t work for the net-failover mechanism because both the net-failover netdev and the virtio-net netdev are owned by the virtio-net PCI driver).
> >>
> >> Cloud-init should really just ignore all devices that have a master device.
> >> That would have been more general, and safer for other use cases.
> >
> > Given lots of userspace doesn't do this, I wonder whether it would be
> > safer to just somehow pretend to userspace that the slave links are
> > down? And add a special attribute for the actual link state.
>
> I think this may be problematic as it would also break legit use case
> of userspace attempt to set various config on VF slave.
> In general, lying to userspace usually leads to problems.
I hear you on this. So how about instead of lying,
we basically just fail some accesses to slaves
unless a flag is set e.g. in ethtool.
Some userspace will need to change to set it but in a minor way.
Arguably/hopefully failure to set config would generally be a safer
failure.
Which things to fail? Probably sending/receiving packets? Getting MAC?
More?
> If we reach
> to a scenario where we try to avoid userspace issues generically and
> not on a userspace component basis, I believe the right path should be
> to hide the net-failover slaves such that explicit action is required
> to actually manipulate them (As described in blog-post). E.g.
> Automatically move net-failover slaves by kernel to a different netns.
>
> -Liran
>
> >
> > --
> > MST
next prev parent reply other threads:[~2019-03-20 10:25 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-17 13:55 [summary] virtio network device failover writeup Michael S. Tsirkin
2019-03-19 12:38 ` Liran Alon
2019-03-19 12:38 ` Liran Alon
2019-03-19 15:46 ` Stephen Hemminger
2019-03-19 21:19 ` Michael S. Tsirkin
2019-03-19 23:25 ` Liran Alon
2019-03-20 10:25 ` Michael S. Tsirkin
2019-03-20 10:25 ` Michael S. Tsirkin [this message]
2019-03-20 12:23 ` Liran Alon
2019-03-20 14:09 ` Michael S. Tsirkin
2019-03-20 21:43 ` Liran Alon
2019-03-20 21:43 ` Liran Alon
2019-03-20 22:10 ` Michael S. Tsirkin
2019-03-20 22:19 ` Liran Alon
2019-03-20 22:19 ` Liran Alon
2019-03-21 8:58 ` Michael S. Tsirkin
2019-03-21 10:07 ` Liran Alon
2019-03-21 10:07 ` Liran Alon
2019-03-21 12:37 ` Michael S. Tsirkin
2019-03-21 12:37 ` Michael S. Tsirkin
2019-03-21 12:47 ` Liran Alon
2019-03-21 12:47 ` Liran Alon
2019-03-21 12:57 ` Michael S. Tsirkin
2019-03-21 12:57 ` Michael S. Tsirkin
2019-03-21 13:04 ` Liran Alon
2019-03-21 13:04 ` Liran Alon
2019-03-21 13:12 ` Michael S. Tsirkin
2019-03-21 13:24 ` Liran Alon
2019-03-21 13:51 ` Michael S. Tsirkin
2019-03-21 13:51 ` Michael S. Tsirkin
2019-03-21 14:16 ` Liran Alon
2019-03-21 14:16 ` Liran Alon
2019-03-21 15:15 ` Michael S. Tsirkin
2019-03-21 15:15 ` Michael S. Tsirkin
2019-03-21 13:24 ` Liran Alon
2019-03-21 13:12 ` Michael S. Tsirkin
2019-03-21 15:45 ` Stephen Hemminger
2019-03-21 15:50 ` Michael S. Tsirkin
2019-03-21 16:31 ` Liran Alon
2019-03-21 16:31 ` Liran Alon
2019-03-21 17:12 ` Michael S. Tsirkin
2019-03-21 17:12 ` Michael S. Tsirkin
2019-03-21 17:15 ` Liran Alon
2019-03-21 17:15 ` Liran Alon
2019-03-21 15:50 ` Michael S. Tsirkin
2019-03-21 15:45 ` Stephen Hemminger
2019-03-21 15:44 ` Stephen Hemminger
2019-03-21 22:33 ` si-wei liu
2019-03-21 15:44 ` Stephen Hemminger
2019-03-21 8:58 ` Michael S. Tsirkin
2019-03-20 22:10 ` Michael S. Tsirkin
2019-03-20 14:09 ` Michael S. Tsirkin
2019-03-20 12:23 ` Liran Alon
2019-03-19 23:25 ` Liran Alon
2019-03-19 21:19 ` Michael S. Tsirkin
2019-03-19 15:46 ` Stephen Hemminger
2019-03-19 21:06 ` Michael S. Tsirkin
2019-03-19 23:05 ` Liran Alon
2019-03-19 23:05 ` Liran Alon
2019-03-19 21:06 ` Michael S. Tsirkin
2019-03-19 21:55 ` si-wei liu
-- strict thread matches above, loose matches on Subject: below --
2019-03-17 13:55 Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190320061632-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=alexander.duyck@gmail.com \
--cc=boris.ostrovsky@oracle.com \
--cc=davem@davemloft.net \
--cc=jfreimann@redhat.com \
--cc=jiri@resnulli.us \
--cc=kubakici@wp.pl \
--cc=liran.alon@oracle.com \
--cc=netdev@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=si-wei.liu@oracle.com \
--cc=sridhar.samudrala@intel.com \
--cc=stephen@networkplumber.org \
--cc=vijay.balakrishna@oracle.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=vuhuong@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.