forked from cilium/cilium
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
VXLAN Tunnel Endpoint (VTEP) Integration
In enterprise on-prem or hybrid cloud datacenter, traditional load balancer devices like BIG-IP are used for north-south load balancing to Kubernetes cluster POD either through routing mode or VXLAN tunnel mode. These VXLAN devices usually has VNI key based implementation https://datatracker.ietf.org/doc/html/rfc7348. Cilium VXLAN implementation does not use VNI key and VTEP IP/MAC mapping to direct tunnel traffic, This feature enables Cilium VXLAN Tunnel Endpoint (VTEP) Integration. Add Cilium agent option EnableVTEP to enable this feature and it is disabled by default. This feature support Cilium tunnel and route mode 1 In VXLAN tunnel mode, the egress packets from Cilium-managed pod before encapsulation use host namespace side MAC address as the destination MAC address, when egress packet arrive at VTEP device, the MAC address does not match the VTEP MAC address of the VTEP device and the packet is dropped. Thus we need to rewrite the inner packet destination MAC address to remote VTEP MAC address. 2 Cilium VXLAN use pod identity as the VXLAN tunnel key that does not match pre-configured VTEP device VNI key This patch addresses above two points. In cilium#17106 discussion, We decided to pre-populate IPCache map with VTEP devices CIDR, VNI, MAC, IP. When packets egress to VTEP devices, use the pre-populated VTEP device entry in IPCache map to encapsulate the packet. One issue observed when using eth_store_daddr() from bpf/lib/eth.h to re-write the inner packet destination MAC address,it failed to pass BPF verifier check with “R1 invalid mem access ‘inv’”, see full detail in issue kernel, both issues are resolved by initializing vtep_mac to 0 Example to enable this feature in configmap cilium-config: enable-vtep: "true" vtep-endpoint: "10.169.72.14 10.169.72.15" vtep-cidr: "10.1.99.0/24 10.1.88.0/24" vtep-mac: "52:54:00:3e:3f:c1 52:54:00:4e:01:a6" VTEP devices must use cilium reserved world id "2" as VNI Suggested-by: Joe Stringer <joe@cilium.io> Signed-off-by: Vincent Li <v.li@f5.com>
- Loading branch information
1 parent
a93ae9f
commit a6739a8
Showing
9 changed files
with
104 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters