Prefix on nicv6 support #3658
Merged
Prefix on nicv6 support #3658
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
@microsoft-github-policy-service agree company="Microsoft" |
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
from
99288e4 to
61784dc
Compare
Member
|
@rbtr can you review this as well since it touches cns changes for aks swift too |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces changes to support dual-stack NIC functionality for Prefix on NICv6 scenarios by extending both CNS and IPAM components. Key updates include:
- CNS: Populating the MACAddress in podIPInfo and skipping NC version sync when a MAC address is present.
- IPAM: Adjusting IP allocation logic by mapping and handling multiple IP families and updating error messages accordingly.
- Additional updates in tests, internal API, conversion, network container contract, and Azure IPAM integration to support IPv6 gateway addresses and related deduplication.
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| cns/restserver/util.go | Added MACAddress population to podIPInfo |
| cns/restserver/ipam.go | Adjusted IP assignment logic for dual-stack handling and introduced generateAssignedIPKey |
| cns/restserver/internalapi_test.go | Added test to verify skipping NC version sync for prefix on NIC swift v2 |
| cns/restserver/internalapi_linux.go | Added IPv4 check in SNAT rule programming |
| cns/restserver/internalapi.go | Skips sync for prefix on NIC when MAC address is set |
| cns/kubecontroller/nodenetworkconfig/conversion_linux.go | Updated static NC request conversion to handle single IP prefix cases properly |
| cns/NetworkContainerContract.go | Added IPv6 gateway field and IPFamily enum definition |
| azure-ipam/ipconfig/ipconfig.go | Updated response processing to include IPv6 gateway parsing |
| azure-ipam/ipam.go | Modified CmdAdd to integrate IPv6 gateway assignment and deduplicate interfaces |
Comments suppressed due to low confidence (2)
cns/restserver/ipam.go:1029
- Consider adding an inline comment to clarify why the slice size for podIPInfo is set to the number of IP families, emphasizing how dual-stack handling determines the number of IPs to assign.
numberOfIPs = numOfIPFamilies
azure-ipam/ipam.go:150
- [nitpick] Consider adding a comment explaining that the deduplication of interfaces by MAC address is deliberate to avoid duplicate interface entries when multiple IP family entries point to the same network interface.
if podIPInfo.MacAddress == "" || seenInterfaces[podIPInfo.MacAddress] {
rbtr
requested changes
Jun 11, 2025
Collaborator
rbtr
left a comment
rbtr
left a comment
There was a problem hiding this comment.
are there AzCNI changes I'm missing here or is this only for Cilium?
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
from
a00a067 to
7de69b1
Compare
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
from
8024c9f to
052330e
Compare
tamilmani1989
requested changes
Jun 23, 2025
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
2 times, most recently
from
85118ff to
14d0336
Compare
Contributor
Author
The changes are related to only Cilium, no azure cni changes made |
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
2 times, most recently
from
b132f7b to
14aa47b
Compare
tamilmani1989
previously approved these changes
Aug 6, 2025
rbtr
requested changes
Aug 6, 2025
|
This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days |
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
from
f6ba445 to
22d6b48
Compare
Contributor
Author
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
2 times, most recently
from
4c2c741 to
a875692
Compare
Contributor
Author
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
NihaNallappagari
force-pushed
the
prefixOnNicv6Support
branch
from
ecf933e to
d242430
Compare
Contributor
Author
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
tamilmani1989
approved these changes
Sep 24, 2025
rbtr
approved these changes
Sep 29, 2025
NihaNallappagari
added a commit
to NihaNallappagari/azure-container-networking
that referenced
this pull request
Oct 3, 2025
* Prefix on NIC v6 support * update dedup comment in ipam * add log for a gatway error scenario * handle synchostversion sync on pon swiftv2 nic * handle gatewayip parse failure or nil scenario * remove unused code Address PR comments remove unnecessary logger update synhost skip test scenario fix linting error updated lint error fix linting error . update synhost skip test scenario fix linting error updated lint error fix linting error . * add test scenario * update test to handle gatway nil case * remove synchost skip and single ip skip . . * Add missing test scenarios * fix ipam_test conflicts * fix conflits small fixes fix lint errors lint fix . Delete examples/imds_nc_lookup.go Signed-off-by: NihaNallappagari <[email protected]> fix lint . * fix linting * add todo and remove multiple interface scenario * Skip add primary ip's to secondary config for swiftv2 pon scenarios fix lint error . * code review comment * Update gateway ipv6 to use default value, that auto detects and adds to neigh table * remove unwanted changes * address ipfamily comment * fix test failure * Handle nilgateway scenario * remove unnedded else block * comments changes --------- Co-authored-by: Kaushik Vuligonda <[email protected]> Co-authored-by: nn052161 <[email protected]>
NihaNallappagari
added a commit
to NihaNallappagari/azure-container-networking
that referenced
this pull request
Oct 9, 2025
* Prefix on NIC v6 support * update dedup comment in ipam * add log for a gatway error scenario * handle synchostversion sync on pon swiftv2 nic * handle gatewayip parse failure or nil scenario * remove unused code Address PR comments remove unnecessary logger update synhost skip test scenario fix linting error updated lint error fix linting error . update synhost skip test scenario fix linting error updated lint error fix linting error . * add test scenario * update test to handle gatway nil case * remove synchost skip and single ip skip . . * Add missing test scenarios * fix ipam_test conflicts * fix conflits small fixes fix lint errors lint fix . Delete examples/imds_nc_lookup.go Signed-off-by: NihaNallappagari <[email protected]> fix lint . * fix linting * add todo and remove multiple interface scenario * Skip add primary ip's to secondary config for swiftv2 pon scenarios fix lint error . * code review comment * Update gateway ipv6 to use default value, that auto detects and adds to neigh table * remove unwanted changes * address ipfamily comment * fix test failure * Handle nilgateway scenario * remove unnedded else block * comments changes --------- Co-authored-by: Kaushik Vuligonda <[email protected]> Co-authored-by: nn052161 <[email protected]>
sivakami-projects
pushed a commit
that referenced
this pull request
Oct 23, 2025
* Prefix on NIC v6 support * update dedup comment in ipam * add log for a gatway error scenario * handle synchostversion sync on pon swiftv2 nic * handle gatewayip parse failure or nil scenario * remove unused code Address PR comments remove unnecessary logger update synhost skip test scenario fix linting error updated lint error fix linting error . update synhost skip test scenario fix linting error updated lint error fix linting error . * add test scenario * update test to handle gatway nil case * remove synchost skip and single ip skip . . * Add missing test scenarios * fix ipam_test conflicts * fix conflits small fixes fix lint errors lint fix . Delete examples/imds_nc_lookup.go Signed-off-by: NihaNallappagari <[email protected]> fix lint . * fix linting * add todo and remove multiple interface scenario * Skip add primary ip's to secondary config for swiftv2 pon scenarios fix lint error . * code review comment * Update gateway ipv6 to use default value, that auto detects and adds to neigh table * remove unwanted changes * address ipfamily comment * fix test failure * Handle nilgateway scenario * remove unnedded else block * comments changes --------- Co-authored-by: Kaushik Vuligonda <[email protected]> Co-authored-by: nn052161 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for Change:
Current Problem:
VNET currently limits scaling to 64K IP addresses per VNET due to per-IP route mappings. To support larger AKS clusters, the platform is introducing per-prefix (CIDR) route mapping, allowing a single mapping to represent multiple IPs (e.g., /24 enables 256 IPs per mapping). This enables scaling up to 16 million IPs per VNET without impacting the underlying platform.
Change needed:
Prefix on NIC v4 is supported in Swiftv1, but Swiftv1 does not support IPv6. This change upgrades Prefix on NIC v4 functionality to Swiftv2 and introduces IPv6 support in Swiftv2.
Changes
This PR has changes specific to Prefix on NICv6
CNS
--Consuming PrimaryIPv6, GatewayIPv6, MacAddress (DelegatedNIC) from NNC CRD because of dualstack NC
--IP allocation: Assign IPs of each IPFamily as part of RequestIPs api request (Currently when a pod is created, IPAM RequestsIPs from CNS where CNS picks one IP from each NC and hands it over to IPAM.
IPAM
--Change RequestIPs response parsing to read GatewayIPv6 and MacAddress
--Populates Interfaces with MacAddress which is used by CNI to plumb routes to send traffic
Design doc for pocv6 with sample NNC
Requirements:
Notes: