This plugin enables the configuration and usage of Accelerated Bridge VF networks in containers and orchestrators like Kubernetes.
Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs). A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF. With Accelerated Bridge CNI each VF can be treated as a separate network interface, assigned to a container, and configured with it's own MAC, VLAN IP and more.
Accelerated Bridge CNI plugin works with SR-IOV device plugin for VF allocation in Kubernetes. A metaplugin such as Multus gets the allocated VF's deviceID(PCI address) and is responsible for invoking the Accelerated Bridge CNI plugin with that deviceID.
This plugin uses Go modules for dependency management and requires Go 1.13+ to build.
To build the plugin binary:
make
Upon successful build the plugin binary will be available in build/accelerated-bridge.
A full guide on orchestrating Accelerated Bridge virtual functions in Kubernetes can be found at the Accelerated Bridge Device Plugin project.
Creating VFs is outside the scope of the Accelerated Bridge CNI plugin. More information about allocating VFs on different NICs can be found here
To deploy Accelerated Bridge CNI by itself on a Kubernetes 1.16+ cluster:
kubectl apply -f images/k8s-v1.16/accelerated-bridge-cni-daemonset.yaml
Note The above deployment is not sufficient to manage and configure Accelerated Bridge virtual functions. See the full orchestration guide for more information.
Accelerated Bridge CNI networks are commonly configured using Multus and Accelerated Bridge Device Plugin using Network Attachment Definitions. More information about configuring Kubernetes networks using this pattern can be found in the Multus configuration reference document.
A Network Attachment Definition for Accelerated Bridge CNI takes the form:
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: some-net
annotations:
k8s.v1.cni.cncf.io/resourceName: intel.com/intel_sriov_netdevice
spec:
config: '{
"type": "accelerated-bridge",
"cniVersion": "0.3.1",
"name": "some-net",
"ipam": {
"type": "host-local",
"subnet": "10.56.217.0/24",
"routes": [{
"dst": "0.0.0.0/0"
}],
"gateway": "10.56.217.1"
}
}'
The .spec.config field contains the configuration information used by the Accelerated Bridge CNI.
The following parameters are generic parameters which are not specific to the Accelerated Bridge CNI configuration, though (with the exception of ipam) they need to be included in the config.
cniVersion: the version of the CNI spec used.type: CNI plugin used. "accelerated-bridge" corresponds to Accelerated Bridge CNI.name: the name of the network created.ipam(optional) : the configuration of the IP Address Management plugin. Required to designate an IP for a kernel interface.
The following examples show the config needed to set up basic Accelerated Bridge networking in a container. Each of the json config objects below can be placed in the .spec.config field of a Network Attachment Definition to integrate with Multus.
This is the minimum configuration for a working kernel driver interface using an Accelerated Bridge Virtual Function. It applies an IP address using the host-local IPAM plugin in the range of the subnet provided.
{
"type": "accelerated-bridge",
"cniVersion": "0.3.1",
"name": "some-net",
"ipam": {
"type": "host-local",
"subnet": "10.56.217.0/24",
"routes": [{
"dst": "0.0.0.0/0"
}],
"gateway": "10.56.217.1"
}
}This configuration sets a number of extra parameters that may be key for Accelerated Bridge networks including a vlan tag, disabled spoof checking and enabled trust mode. These parameters are commonly set in more advanced Accelerated Bridge VF based networks.
{
"cniVersion": "0.3.1",
"name": "some-net-advanced",
"type": "accelerated-bridge",
"vlan": 1000,
"spoofchk": "off",
"trust": "on",
"ipam": {
"type": "host-local",
"subnet": "10.56.217.0/24",
"routes": [{
"dst": "0.0.0.0/0"
}],
"gateway": "10.56.217.1"
}
}The below config will configure a VF using a userspace driver (uio/vfio) for use in a container. If this plugin is used with a VF bound to a dpdk driver then the IPAM configuration will be ignored. Other config parameters should be applicable but implementation may be driver specific.
{
"cniVersion": "0.3.1",
"name": "some-net-dpdk",
"type": "accelerated-bridge",
"vlan": 1000
}Accelerated Bridge CNI allows the setting of SR-IOV options such a link-state and quality of service parameters. To learn more about how these parameters are set consult the Accelerated Bridge CNI configuration reference guide
To report a bug or request a feature, open an issue on this repo using one of the available templates.