Skip to content

KVM: add configurable MAC/IP script hook for static ARP/NDP and routes#13495

Open
wido wants to merge 1 commit into
apache:mainfrom
wido:vxlan-static-macip
Open

KVM: add configurable MAC/IP script hook for static ARP/NDP and routes#13495
wido wants to merge 1 commit into
apache:mainfrom
wido:vxlan-static-macip

Conversation

@wido

@wido wido commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Introduces a new agent.properties option vm.network.macip.static (false disabled by default) that makes BridgeVifDriver invoke modifymacip.sh on every NIC plug (VM start) and unplug (VM stop).

This will lead to static IPv4/IPv6 ARP/NDP entries to be programmed into the kernel.

This is very useful in EVPN+VXLAN environments as it can reduce BUM traffic. By setting static ARP/NDP entries bridges can be configured using 'neigh_suppress on' as the ARP/NDP entries are already set statically by CloudStack. No ARP/NDP traffic is needed in this case as it's handled locally.

When using EVPN+VXLAN you will need to change the modifyvxlan.sh script so that it does this:

bridge link show|grep ${VXLAN_BR}|awk '{print $2}'|grep "^${VXLAN_DEV}\$" > /dev/null
    if [[ $? -gt 0 ]]; then
        ip link set ${VXLAN_DEV} master ${VXLAN_BR}
        bridge link set dev ${VXLAN_DEV} neigh_suppress on
        bridge link set dev ${VXLAN_DEV} learning off
    fi

Further improvements can be made in general to the VXLAN+EVPN integration, but this should already resolve many problems people might have with BUM traffic.

@codecov

codecov Bot commented Jun 25, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 10.00000% with 45 lines in your changes missing coverage. Please review.
✅ Project coverage is 18.93%. Comparing base (d2c8aa7) to head (642f086).

Files with missing lines Patch % Lines
...cloud/hypervisor/kvm/resource/BridgeVifDriver.java 8.16% 43 Missing and 2 partials ⚠️
Additional details and impacted files
@@            Coverage Diff            @@
##               main   #13495   +/-   ##
=========================================
  Coverage     18.93%   18.93%           
- Complexity    18471    18475    +4     
=========================================
  Files          6221     6221           
  Lines        560045   560095   +50     
  Branches      68289    68298    +9     
=========================================
+ Hits         106048   106074   +26     
- Misses       442372   442392   +20     
- Partials      11625    11629    +4     
Flag Coverage Δ
uitests 3.50% <ø> (ø)
unittests 20.14% <10.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@DaanHoogland DaanHoogland left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm, why not set your script as default value for the property @wido ? (if it is well tested and robust, that is)

@wido

wido commented Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

clgtm, why not set your script as default value for the property @wido ? (if it is well tested and robust, that is)

Thanks, the reason the script does not always execute is that it could break existing setups. Therefor it is not set by default.

@DaanHoogland

Copy link
Copy Markdown
Contributor

clgtm, why not set your script as default value for the property @wido ? (if it is well tested and robust, that is)

Thanks, the reason the script does not always execute is that it could break existing setups. Therefor it is not set by default.

yeah, that is what I meant by robust ;) np, fine like this as well.

Introduces a new agent.properties option `vm.network.macip.static`
(false by default) that makes BridgeVifDriver invoke on modifymacip.sh
on every NIC plug (VM start) and unplug (VM stop).

This is very useful in EVPN+VXLAN environments as it can reduce BUM
traffic. By setting static ARP/NDP entries bridges can be configured
using 'neigh_suppress on' as the ARP/NDP entries are already set
statically by CloudStack.

Setting 'neigh_suppress on' requires a manual change in the modifyvxlan.sh
script as this is not the default behavior.
@wido wido force-pushed the vxlan-static-macip branch from 3f8193c to 642f086 Compare June 30, 2026 15:24
@wido

wido commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

I tested and reviewed the code again. It worked on our environment, would be great to get feedback. This can be merged without changing anything to existing setups as you will need to enable it manually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants