antrea
antrea copied to clipboard
antrea-io
Use a Node's primary NIC as the secondary OVS bridge physical interface
@jianjuns I'm facing a weird problem.
EnsureIPv6EnabledOnInterface succeeds but I end up with IPv6 disabled on the internal port and I ultimately end up losing the IPv6 address. I tired to log the value of sysctl periodically in a go-routine and noticed that the path /proc/sys/netipv6/conf/eth0/disable_ipv6 disappears for a few seconds and then magically appears back with the default value of 1.
I0415 18:17:43.764311 1 server.go:524] "CmdAdd for container succeeded" container="6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51"
--->
I0415 18:17:43.829266 1 net_linux.go:477] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=0
I0415 18:17:43.829292 1 net_linux.go:482] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0
<---
I0415 18:17:44.506174 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-1" allocation={"ipAddresses":[{"ipAddress":"148.14.24.2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth1"}}}],"usage":{"total":253,"used":1}}
I0415 18:17:44.512202 1 pod_configuration.go:260] "Configured container interface" Pod="testvlannetwork-qprush5v/vlan-pod2" container="6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51" interface="eth1" hostInterface="vlan-pod-725b29"
I0415 18:17:44.519200 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-1" allocation={"ipAddresses":[{"ipAddress":"148.14.24.2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth1"}}},{"ipAddress":"148.14.24.3","phase":"Allocated","owner":{"pod":{"name":"vlan-pod1","namespace":"testvlannetwork-qprush5v","containerID":"7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8","ifName":"eth1"}}}],"usage":{"total":253,"used":2}}
I0415 18:17:44.524549 1 pod_configuration.go:260] "Configured container interface" Pod="testvlannetwork-qprush5v/vlan-pod1" container="7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8" interface="eth1" hostInterface="vlan-pod-39ea04"
I0415 18:17:44.530864 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-3" allocation={"ipAddresses":[{"ipAddress":"148.14.26.2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth2"}}}],"usage":{"total":253,"used":1}}
I0415 18:17:44.539065 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-2" allocation={"ipAddresses":[{"ipAddress":"148.14.25.111","phase":"Allocated","owner":{"pod":{"name":"vlan-pod3","namespace":"testvlannetwork-qprush5v","containerID":"15d503003f071d1805251ad02118496fd13aeb3c01c31b9c1be4fa06b2a6200e","ifName":"eth1"}}},{"ipAddress":"148.14.25.112","phase":"Allocated","owner":{"pod":{"name":"vlan-pod1","namespace":"testvlannetwork-qprush5v","containerID":"7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8","ifName":"eth2"}}}],"usage":{"total":13,"used":2}}
I0415 18:17:44.539751 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv6-3" allocation={"ipAddresses":[{"ipAddress":"10:2400::2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth2"}}}],"usage":{"total":65535,"used":1}}
I0415 18:17:44.546449 1 pod_configuration.go:260] "Configured container interface" Pod="testvlannetwork-qprush5v/vlan-pod1" container="7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8" interface="eth2" hostInterface="vlan-pod-4f9443"
I0415 18:17:44.584129 1 server.go:564] "Received CmdDel request" request="cni_args:{container_id:\"5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593\" netns:\"/var/run/netns/cni-e8b97ba8-09ee-0705-b75d-a90ff851c7c9\" ifname:\"eth0\" args:\"K8S_POD_NAME=coredns-76f75df574-mdjs4;K8S_POD_INFRA_CONTAINER_ID=5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593;K8S_POD_UID=ff9296c5-873c-498f-a4e7-feb67b420e88;IgnoreUnknown=1;K8S_POD_NAMESPACE=kube-system\" path:\"/opt/cni/bin\" network_configuration:\"{\\\"cniVersion\\\":\\\"0.3.0\\\",\\\"ipam\\\":{\\\"type\\\":\\\"host-local\\\"},\\\"name\\\":\\\"antrea\\\",\\\"type\\\":\\\"antrea\\\"}\"}"
I0415 18:17:44.588840 1 pod_configuration.go:574] "Deleted container OVS port" container="5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593" interface="coredns--4a2562"
I0415 18:17:44.643405 1 server.go:550] "Deleted interfaces for container" container="5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593"
I0415 18:17:44.647260 1 server.go:558] "CmdDel for container succeeded" container="5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593"
I0415 18:17:44.668347 1 server.go:564] "Received CmdDel request" request="cni_args:{container_id:\"e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b\" ifname:\"eth0\" args:\"K8S_POD_UID=ff9296c5-873c-498f-a4e7-feb67b420e88;IgnoreUnknown=1;K8S_POD_NAMESPACE=kube-system;K8S_POD_NAME=coredns-76f75df574-mdjs4;K8S_POD_INFRA_CONTAINER_ID=e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b\" path:\"/opt/cni/bin\" network_configuration:\"{\\\"cniVersion\\\":\\\"0.3.0\\\",\\\"ipam\\\":{\\\"type\\\":\\\"host-local\\\"},\\\"name\\\":\\\"antrea\\\",\\\"type\\\":\\\"antrea\\\"}\"}"
I0415 18:17:44.668519 1 server.go:550] "Deleted interfaces for container" container="e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b"
I0415 18:17:44.672504 1 server.go:558] "CmdDel for container succeeded" container="e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b"
E0415 18:17:44.830058 1 net_linux.go:475] "failed to get sysctl" path="ipv6/conf/eth0/disable_ipv6"
--->
E0415 18:31:00.538942 1 net_linux.go:475] "failed to get sysctl" path="ipv6/conf/eth0/disable_ipv6"
I0415 18:17:44.830462 1 net_linux.go:477] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=-1
I0415 18:17:44.830505 1 net_linux.go:482] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0
<---
I0415 18:31:23.964727 1 allocator.go:250] "IP Pool update succeeded" pool="secnet-ipv4-1" allocation={"usage":{"total":253,"used":0}}
I0415 18:31:23.965513 1 pod_configuration.go:574] "Deleted container OVS port" container="c2416b575410ded7efbf4329e0636565c2ed77577403023db612b11082d51a2a" interface="vlan-pod-192a59"
I0415 18:31:24.016187 1 allocator.go:250] "IP Pool update succeeded" pool="secnet-ipv4-3" allocation={"usage":{"total":253,"used":0}}
I0415 18:31:24.025363 1 allocator.go:250] "IP Pool update succeeded" pool="secnet-ipv6-3" allocation={"usage":{"total":65535,"used":0}}
--->
I0415 18:31:24.575449 1 net_linux.go:477] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=1
I0415 18:31:24.575549 1 net_linux.go:482] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0
<---
Do we need to provide some other_config for creating IPv6 enabled ovs internal port ?
@wenyingd : do you know the /proc/sys/netipv6/conf/eth0/disable_ipv6 problem on OVS port that Daman described: https://github.com/antrea-io/antrea/pull/6108#issuecomment-2057567133
@jianjuns I'm facing a weird problem.
EnsureIPv6EnabledOnInterfacesucceeds but I end up with IPv6 disabled on the internal port and I ultimately end up losing the IPv6 address. I tired to log the value of sysctl periodically in a go-routine and noticed that the path/proc/sys/netipv6/conf/eth0/disable_ipv6disappears for a few seconds and then magically appears back with the default value of 1.I0415 18:17:43.764311 1 server.go:524] "CmdAdd for container succeeded" container="6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51" ---> I0415 18:17:43.829266 1 net_linux.go:477] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=0 I0415 18:17:43.829292 1 net_linux.go:482] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0 <--- I0415 18:17:44.506174 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-1" allocation={"ipAddresses":[{"ipAddress":"148.14.24.2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth1"}}}],"usage":{"total":253,"used":1}} I0415 18:17:44.512202 1 pod_configuration.go:260] "Configured container interface" Pod="testvlannetwork-qprush5v/vlan-pod2" container="6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51" interface="eth1" hostInterface="vlan-pod-725b29" I0415 18:17:44.519200 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-1" allocation={"ipAddresses":[{"ipAddress":"148.14.24.2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth1"}}},{"ipAddress":"148.14.24.3","phase":"Allocated","owner":{"pod":{"name":"vlan-pod1","namespace":"testvlannetwork-qprush5v","containerID":"7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8","ifName":"eth1"}}}],"usage":{"total":253,"used":2}} I0415 18:17:44.524549 1 pod_configuration.go:260] "Configured container interface" Pod="testvlannetwork-qprush5v/vlan-pod1" container="7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8" interface="eth1" hostInterface="vlan-pod-39ea04" I0415 18:17:44.530864 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-3" allocation={"ipAddresses":[{"ipAddress":"148.14.26.2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth2"}}}],"usage":{"total":253,"used":1}} I0415 18:17:44.539065 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv4-2" allocation={"ipAddresses":[{"ipAddress":"148.14.25.111","phase":"Allocated","owner":{"pod":{"name":"vlan-pod3","namespace":"testvlannetwork-qprush5v","containerID":"15d503003f071d1805251ad02118496fd13aeb3c01c31b9c1be4fa06b2a6200e","ifName":"eth1"}}},{"ipAddress":"148.14.25.112","phase":"Allocated","owner":{"pod":{"name":"vlan-pod1","namespace":"testvlannetwork-qprush5v","containerID":"7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8","ifName":"eth2"}}}],"usage":{"total":13,"used":2}} I0415 18:17:44.539751 1 allocator.go:154] "IP Pool update succeeded" pool="secnet-ipv6-3" allocation={"ipAddresses":[{"ipAddress":"10:2400::2","phase":"Allocated","owner":{"pod":{"name":"vlan-pod2","namespace":"testvlannetwork-qprush5v","containerID":"6ed33ecc46e5ba305c51d99d5211ac00f9e58d25e497312b0d0be95c8247ea51","ifName":"eth2"}}}],"usage":{"total":65535,"used":1}} I0415 18:17:44.546449 1 pod_configuration.go:260] "Configured container interface" Pod="testvlannetwork-qprush5v/vlan-pod1" container="7c79866797a73d1e98b9018e03524c348bae65c82e4b7bb23ffdb7d56659c5d8" interface="eth2" hostInterface="vlan-pod-4f9443" I0415 18:17:44.584129 1 server.go:564] "Received CmdDel request" request="cni_args:{container_id:\"5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593\" netns:\"/var/run/netns/cni-e8b97ba8-09ee-0705-b75d-a90ff851c7c9\" ifname:\"eth0\" args:\"K8S_POD_NAME=coredns-76f75df574-mdjs4;K8S_POD_INFRA_CONTAINER_ID=5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593;K8S_POD_UID=ff9296c5-873c-498f-a4e7-feb67b420e88;IgnoreUnknown=1;K8S_POD_NAMESPACE=kube-system\" path:\"/opt/cni/bin\" network_configuration:\"{\\\"cniVersion\\\":\\\"0.3.0\\\",\\\"ipam\\\":{\\\"type\\\":\\\"host-local\\\"},\\\"name\\\":\\\"antrea\\\",\\\"type\\\":\\\"antrea\\\"}\"}" I0415 18:17:44.588840 1 pod_configuration.go:574] "Deleted container OVS port" container="5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593" interface="coredns--4a2562" I0415 18:17:44.643405 1 server.go:550] "Deleted interfaces for container" container="5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593" I0415 18:17:44.647260 1 server.go:558] "CmdDel for container succeeded" container="5765fd5bf0b10e5ac209197afc1d77f0da632debf11db685348f7ad5b0133593" I0415 18:17:44.668347 1 server.go:564] "Received CmdDel request" request="cni_args:{container_id:\"e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b\" ifname:\"eth0\" args:\"K8S_POD_UID=ff9296c5-873c-498f-a4e7-feb67b420e88;IgnoreUnknown=1;K8S_POD_NAMESPACE=kube-system;K8S_POD_NAME=coredns-76f75df574-mdjs4;K8S_POD_INFRA_CONTAINER_ID=e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b\" path:\"/opt/cni/bin\" network_configuration:\"{\\\"cniVersion\\\":\\\"0.3.0\\\",\\\"ipam\\\":{\\\"type\\\":\\\"host-local\\\"},\\\"name\\\":\\\"antrea\\\",\\\"type\\\":\\\"antrea\\\"}\"}" I0415 18:17:44.668519 1 server.go:550] "Deleted interfaces for container" container="e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b" I0415 18:17:44.672504 1 server.go:558] "CmdDel for container succeeded" container="e081278ff1c222dbd1e8abc119048e56e02d6c6347c993b21116549894e7813b" E0415 18:17:44.830058 1 net_linux.go:475] "failed to get sysctl" path="ipv6/conf/eth0/disable_ipv6" ---> E0415 18:31:00.538942 1 net_linux.go:475] "failed to get sysctl" path="ipv6/conf/eth0/disable_ipv6" I0415 18:17:44.830462 1 net_linux.go:477] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=-1 I0415 18:17:44.830505 1 net_linux.go:482] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0 <--- I0415 18:31:23.964727 1 allocator.go:250] "IP Pool update succeeded" pool="secnet-ipv4-1" allocation={"usage":{"total":253,"used":0}} I0415 18:31:23.965513 1 pod_configuration.go:574] "Deleted container OVS port" container="c2416b575410ded7efbf4329e0636565c2ed77577403023db612b11082d51a2a" interface="vlan-pod-192a59" I0415 18:31:24.016187 1 allocator.go:250] "IP Pool update succeeded" pool="secnet-ipv4-3" allocation={"usage":{"total":253,"used":0}} I0415 18:31:24.025363 1 allocator.go:250] "IP Pool update succeeded" pool="secnet-ipv6-3" allocation={"usage":{"total":65535,"used":0}} ---> I0415 18:31:24.575449 1 net_linux.go:477] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=1 I0415 18:31:24.575549 1 net_linux.go:482] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0 <---Do we need to provide some
other_configfor creating IPv6 enabled ovs internal port ?
May I know the default value for config /proc/sys/net/ipv6/conf/default/disable_ipv6 on your testbed? And did you explicitly set the value as "0" for the OVS internal port "eth0". If the default value is "1", and you didn't explicitly update the value for a given interface (e.g., the new netlink created by OVS internal port), the system is supposed to use the default value "1".
Besides, it seems some re-creation on "eth0" happened as we may see this log intermittently, which may happen when the netlink doesn't exist on the host. If that is true, we may see that a change history on the the value of "disable_ipv6", -1 -> 1.
E0415 18:17:44.830058 1 net_linux.go:475] "failed to get sysctl" path="ipv6/conf/eth0/disable_ipv6"
...
I0415 18:17:44.830462 1 net_linux.go:477] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=-1
I0415 18:17:44.830505 1 net_linux.go:482] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0
A strange observation is why the initial value of eth0 is "0" if the default is 1, did you manually set it?
@wenyingd I'm using kind(0.22.0) cluster on ubuntu (22.04.1 LTS <> 5.15.0-102-generic kernel) as testbed.
/proc/sys/net/ipv6/conf/default/disable_ipv6 is 1.
In the current setup eth0 (IPv6 enabled) is the default interface created by docker.
We rename eth0 to eth0~ and then create an ovs internal port named eth0. We explicitly enable IPv6 on this interface, and assign the IPs(both ip-family) and routes(both ip-family) to this interface. The assignment succeeds without any error.
Netlink is just an API, even if it disappears for a while it shouldn't affect the underlying value which we set initially, right?
Netlink is just an API, even if it disappears for a while it shouldn't affect the underlying value which we set initially, right?
I wonder the thing is it doesn't disappear for a while, but is deleted and then re-created. So the latter is a new one without your previous manual configurations.
To fix it, can we set the default value as "0" in advance. Then even for the new created ports, it can be enabled.
thanks @wenyingd! After setting up default config to enable IPv6 the interface config comes back with IPv6 enabled.
I0421 14:47:14.876941 1 net_linux.go:417] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=0
I0421 14:47:14.877009 1 net_linux.go:420] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0
I0421 14:47:14.877049 1 net_linux.go:423] "sysctl" path="ipv6/conf/default/disable_ipv6" value=0
.......
.......
.......
I0421 14:47:44.158820 1 net_linux.go:417] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=-1
I0421 14:47:44.158953 1 net_linux.go:420] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0
I0421 14:47:44.159017 1 net_linux.go:423] "sysctl" path="ipv6/conf/default/disable_ipv6" value=0
.......
.......
.......
I0421 14:47:45.659625 1 net_linux.go:417] "sysctl" path="ipv6/conf/eth0/disable_ipv6" value=0
I0421 14:47:45.659695 1 net_linux.go:420] "sysctl" path="ipv6/conf/eth0~/disable_ipv6" value=0
I0421 14:47:45.659732 1 net_linux.go:423] "sysctl" path="ipv6/conf/default/disable_ipv6" value=0
@jianjuns should we update the default config ipv6/conf/default/disable_ipv6 as part of initialization?
@jianjuns should we update the default config
ipv6/conf/default/disable_ipv6as part of initialization?
@wenyingd : for an IPv6 cluster, is the flag set to 1 or 0? If it can be 1, do we have another solution to resolve the issue with interface moving/creation without setting the flag to 0?
@jianjuns should we update the default config
ipv6/conf/default/disable_ipv6as part of initialization?@wenyingd : for an IPv6 cluster, is the flag set to 1 or 0?
For IPv6 cluster, I didn't remember we have steps in the code to modify sysctl configurations dedicated for IPv6, so we may require that IPv6 is enabled by default on any Nodes in the cluster if they plan to run IPv6 (including the IPv6 configurations enabled on interface and the network forwarding configurations). We used to hit issues that IPv6 networking forwarding is not enabled by default in our lab env before (not received similar reports from users), and the solution is to manually enable it in the env as it is one-time setting.
If it can be 1, do we have another solution to resolve the issue with interface moving/creation without setting the flag to 0?
1 means IPv6 is disabled on the target interface, which is a kernel configuration. We may not have userspace workaround on it. If you mean a substitution to not update the default value, we can add the logic to enable the sysctl values in the implementations. A reference is ipam.ConfigureIface, we can think about calling the func in our logic for static configurations, which is also called when configuring Pod's IP for container cases.
@aroradaman : seems there are some Windows build errors. Could you check the failed tests like "Go / Build Antrea Windows binaries"?
There is another error. Check "Go / Golangci-lint (ubuntu-latest)". @aroradaman
Kind / E2e tests on a Kind cluster on Linux with all features enabled (pull_request) this fails at initializing secnet, empty config is passed. I guess this somehow bypassed validation.
Maybe we can exclude secnet from this test, as secondary bridge and secondary network needs to be created before hand.
Kind / E2e tests on a Kind cluster on Linux with all features enabled (pull_request)this fails at initializing secnet, empty config is passed. I guess this somehow bypassed validation. Maybe we can exclude secnet from this test, as secondary bridge and secondary network needs to be created before hand.
Could you share more info for me to understand the failure? @aroradaman
Could you share more info for me to understand the failure? @aroradaman
I was directly accessing the first ovs bridge of sec net config which was causing panic / index error.
secNetConfig.OVSBridges[0].PhysicalInterfaces
I thought the validation required at least one bridge for the secondary network config.
Checked validateSecondaryNetworkConfig, we do allow empty config.