fix static mac pod conflict with gateway mac (#5623)

* fix static mac pod conflict with gateway mac

Signed-off-by: clyi <[email protected]>

---------

Signed-off-by: clyi <[email protected]>

Author: changluyi

pkg/controller/subnet.go

@@ -815,6 +815,18 @@ func (c *Controller) handleAddOrUpdateSubnet(key string) error {
 		return err
 	}
 
+	// Record the gateway MAC in ipam if router port exists
+	if needRouter {
+		routerPortName := ovs.LogicalRouterPortName(vpc.Status.Router, subnet.Name)
+		if lrp, err := c.OVNNbClient.GetLogicalRouterPort(routerPortName, true); err == nil && lrp != nil && lrp.MAC != "" {
+			if err := c.ipam.RecordGatewayMAC(subnet.Name, lrp.MAC); err != nil {
+				klog.Warningf("failed to record gateway MAC %s for subnet %s: %v", lrp.MAC, subnet.Name, err)
+			}
+		} else {
+			klog.V(3).Infof("router port %s not found or has no MAC, skipping gateway MAC record", routerPortName)
+		}
+	}
+
 	multicastSnoopFlag := map[string]string{"mcast_snoop": "true", "mcast_querier": "false"}
 	if subnet.Spec.EnableMulicastSnoop {
 		if err := c.OVNNbClient.LogicalSwitchUpdateOtherConfig(subnet.Name, ovsdb.MutateOperationInsert, multicastSnoopFlag); err != nil {

pkg/ipam/ipam.go

@@ -438,3 +438,17 @@ func (ipam *IPAM) IPPoolStatistics(subnet, ippool string) (
 	}
 	return s.IPPoolStatistics(ippool)
 }
+
+func (ipam *IPAM) RecordGatewayMAC(subnetName, gatewayMAC string) error {
+	ipam.mutex.Lock()
+	defer ipam.mutex.Unlock()
+
+	subnet, ok := ipam.Subnets[subnetName]
+	if !ok {
+		return fmt.Errorf("subnet %s not found in ipam", subnetName)
+	}
+
+	subnet.GatewayMAC = gatewayMAC
+	klog.Infof("recorded gateway MAC %s for subnet %s", gatewayMAC, subnetName)
+	return nil
+}

pkg/ipam/subnet.go

@@ -37,6 +37,7 @@ type Subnet struct {
 	PodToNicList map[string][]string
 	V4Gw         string
 	V6Gw         string
+	GatewayMAC   string
 
 	IPPools map[string]*IPPool
 }
@@ -133,8 +134,14 @@ func (s *Subnet) GetRandomMac(podName, nicName string) string {
 	if mac, ok := s.NicToMac[nicName]; ok {
 		return mac
 	}
+
+	var exclusionMACs []string
+	if s.GatewayMAC != "" {
+		exclusionMACs = append(exclusionMACs, s.GatewayMAC)
+	}
+
 	for {
-		mac := util.GenerateMac()
+		mac := util.GenerateMacWithExclusion(exclusionMACs)
 		if _, ok := s.MacToPod[mac]; !ok {
 			s.MacToPod[mac] = podName
 			s.NicToMac[nicName] = mac
@@ -152,6 +159,11 @@ func (s *Subnet) GetStaticMac(podName, nicName, mac string, checkConflict bool)
 			klog.Errorf("mac %s has been allocated to pod %s", mac, p)
 			return ErrConflict
 		}
+		// Check if static MAC conflicts with gateway MAC
+		if s.GatewayMAC != "" && mac == s.GatewayMAC {
+			klog.Errorf("static MAC %s conflicts with gateway MAC", mac)
+			return ErrConflict
+		}
 	}
 	s.MacToPod[mac] = podName
 	s.NicToMac[nicName] = mac

pkg/util/net.go

@@ -8,6 +8,7 @@ import (
 	"math/big"
 	"net"
 	"os"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -47,6 +48,15 @@ func GenerateMac() string {
 	return net.HardwareAddr(buf).String()
 }
 
+func GenerateMacWithExclusion(exclusionMACs []string) string {
+	for {
+		mac := GenerateMac()
+		if !slices.Contains(exclusionMACs, mac) {
+			return mac
+		}
+	}
+}
+
 func IP2BigInt(ipStr string) *big.Int {
 	ipBigInt := big.NewInt(0)
 	if CheckProtocol(ipStr) == kubeovnv1.ProtocolIPv4 {