Tunneled routing support for boundary services.

[rcgoodfellow]

Introduces tunnel routing as described in RFD 404. The primary changes here are the following.

• Removes the assumption of a single boundary services endpoint address.
• Adds a virt-to-boundary table (V2B) that maps destination prefixes on a VPC to a boundary services address on the physical/underlay network.
• Implements a longest-prefix-match routing table for V2B using a poptrie

Fixes

• Multiple boundary services targets per VPC #374

[FelixMcFelix]

Looks good! A handful of nits/potential oversights, otherwise I think it's clear and looks to be a reasonable approach to store and use V2B mappings.

[FelixMcFelix]

I agree that this is a better construction than a newtype struct as before.

[luqmana]

So, this probably wouldn't be an issue for this specific type but the newtype construction is to avoid an unfortunate footgun with matching on repr C enums, see #322

[FelixMcFelix]

For my own understanding/confirmation, this is because of the move to an anycast gateway IP?

[rcgoodfellow]

This has been reworked and this code no longer exists. Instead of doing anycast at the gateways, we're doing unicast and handling multipath decisions in OPTE based on flow hashing.

[luqmana]

So, this probably wouldn't be an issue for this specific type but the newtype construction is to avoid an unfortunate footgun with matching on repr C enums, see #322

[luqmana]

did the ioctl machinery not like this zero-sized?

[rcgoodfellow]

I believe this is the case. I'm following suit with what's in DumpVirt2PhysReq.

[luqmana]

Would phys.vni be different than BOUNDARY_SERVICES_VNI? And speaking of which, do we even need a fixed BOUNDARY_SERVICES_VNI in opte anymore with the v2b map (besides tests)? I imagine the contract is now between the p4 and sled-agent who'll be setting these mappings.

[rcgoodfellow]

On the latter part, we're still using 99 for boundary services egress traffic - even though the tunnel endpoint addresses are now dynamic and determined through advertisements.

[luqmana]

The self.ip4 lock afaik will get dropped at the end of that first statement and so there's a chance of a race before update_poptrie_v4 tries to grab the lock again. In fact, by the time we're returning the inserted TunnelEndpoint e, it might've already been removed.

Perhaps just hold both structures (ip4,pt4/ip6,pt6) behind the same RwLock. Or at the very least perhaps make update_poptrie_v{4,6} take a MutexGuard

[rcgoodfellow]

Good catch. Done.

[luqmana]

This falls into the physical devices space of our MAC address space. We also have some further constraints on the software-defined/virtual space noted in omicron.

This is just for tests but FF:00:00-FF:7F:FF would be where we can draw from for fixed addresses (i.e. GW_MAC_ADDR).

I also realize now that the boundary services mac addr we're using also conflicts :/ It falls into the guest addresses range (F0:00:00-FE:FF:FF) so an instance could potentially get assigned the same address. Opened issue for that oxidecomputer/omicron#3984

[luqmana]

Thinking on it a lil more, can we move GW_MAC_ADDR, BS_MAC_ADDR, BS_IP_ADDR, BOUNDARY_SERVICES_VNI to be exported from oxide-vpc to omicron can also use them leaving us with less places to have to keep in sync.

[rcgoodfellow]

• I've moved GW_MAC_ADDR to oxide_vpc::api
• Redefined BS_MAC_ADDR in terms of oxide_vpc::engine::overlay::INTERNET_GATEWAY_MAC
• BS_IP_ADDR is staying put, as that's no longer a static entity, but we need to choose something for the purpose of this test.

[FelixMcFelix]

Thanks, Ry! I'm happy on the whole with this, just some nits.

[FelixMcFelix]

Since you impl Ord, you can rely on that instead:

Suggested change

	Some(self.ip.cmp(&other.ip))
	Some(self.cmp(other))

[rcgoodfellow]

Done

[FelixMcFelix]

This seems identical to the new oxide_vpc::api::GW_MAC_ADDR.

[rcgoodfellow]

These are slightly different.

pub const INTERNET_GATEWAY_MAC: [u8; 6] = [0xA8, 0x40, 0x25, 0x77, 0x77, 0x77];
pub const GW_MAC_ADDR: MacAddr =
    MacAddr::from_const([0xA8, 0x40, 0x25, 0xFF, 0x77, 0x77]);

The former is meant to represent the MAC of a physical gateway / tunnel endpoint, e.g. a sidecar. INTERNET_GATEWAY_MAC is not a great name for that, so I've renamed to TUNNEL_ENDPOINT_MAC.

[FelixMcFelix]

Ah, I'd missed that distinction. Thanks for clarifying!

[FelixMcFelix]

You can always just use alloc::string::ToString, it doesn't need a cfg_if!{ ... } after #391. std re-exports the exact same types as alloc.

[rcgoodfellow]

Done

[FelixMcFelix]

What type is tripping this up? Do we have the wrong bounds on KRwLock/KMutex?

[rcgoodfellow]

There are several of these in xde

warning: usage of an `Arc` that is not `Send` or `Sync`
   --> xde/src/xde.rs:244:20
    |
244 |         let ectx = Arc::new(ExecCtx { log: Box::new(opte::KernelLog {}) });
    |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = note: the trait `Send` is not implemented for `ExecCtx`
    = note: the trait `Sync` is not implemented for `ExecCtx`
    = note: required for `Arc<ExecCtx>` to implement `Send` and `Sync`
    = help: consider using an `Rc` instead or wrapping the inner type with a `Mutex`
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#arc_with_non_send_sync
    = note: `#[warn(clippy::arc_with_non_send_sync)]` on by default

warning: usage of an `Arc` that is not `Send` or `Sync`
   --> xde/src/xde.rs:991:14
    |
991 |     let u1 = Arc::new(create_underlay_port(u1_name, "xdeu0")?);
    |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = note: the trait `Send` is not implemented for `xde_underlay_port`
    = note: the trait `Sync` is not implemented for `xde_underlay_port`
    = note: required for `Arc<xde_underlay_port>` to implement `Send` and `Sync`
    = help: consider using an `Rc` instead or wrapping the inner type with a `Mutex`
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#arc_with_non_send_sync

warning: usage of an `Arc` that is not `Send` or `Sync`
   --> xde/src/xde.rs:992:14
    |
992 |     let u2 = Arc::new(create_underlay_port(u2_name, "xdeu1")?);
    |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = note: the trait `Send` is not implemented for `xde_underlay_port`
    = note: the trait `Sync` is not implemented for `xde_underlay_port`
    = note: required for `Arc<xde_underlay_port>` to implement `Send` and `Sync`
    = help: consider using an `Rc` instead or wrapping the inner type with a `Mutex`
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#arc_with_non_send_sync

warning: usage of an `Arc` that is not `Send` or `Sync`
    --> xde/src/xde.rs:2024:8
     |
2024 |     Ok(Arc::new(pb.create(net, limit, limit)?))
     |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     |
     = note: the trait `Send` is not implemented for `Port<VpcNetwork>`
     = note: the trait `Sync` is not implemented for `Port<VpcNetwork>`
     = note: required for `Arc<Port<VpcNetwork>>` to implement `Send` and `Sync`
     = help: consider using an `Rc` instead or wrapping the inner type with a `Mutex`
     = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#arc_with_non_send_sync

warning: `xde` (lib) generated 5 warnings (1 duplicate)
    Finished dev [unoptimized + debuginfo] target(s) in 25.69s