fix overlay MTU in vxlan/stt tunnels (#1693)

kubeovn · Jul 18, 2022 · 1ab5505 · 1ab5505
1 parent c9d9923
commit 1ab5505
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 21 deletions.
diff --git a/dist/images/install.sh b/dist/images/install.sh
@@ -2782,7 +2782,7 @@ spec:
           - --service-cluster-ip-range=$SVC_CIDR
           - --iface=${IFACE}
           - --dpdk-tunnel-iface=${DPDK_TUNNEL_IFACE}
-          - --network-type=$NETWORK_TYPE
+          - --network-type=$TUNNEL_TYPE
           - --default-interface-name=$VLAN_INTERFACE_NAME
           - --cni-conf-name=${CNI_CONFIG_PRIORITY}-kube-ovn.conflist
           - --logtostderr=false

diff --git a/docs/dual-stack.md b/docs/dual-stack.md
@@ -24,7 +24,7 @@ spec:
   protocol: Dual
 ```
 
-The fields of subnet can be found at [Subnets](https://github.com/kubeovn/kube-ovn/blob/master/docs/subnet.md).
+The fields of subnet can be found at [Subnets](./subnet.md).
 
 ## Test for dual-stack
 
@@ -54,7 +54,7 @@ podIP: 10.16.0.9
 ```
 
 ## Others
-The crd resources of IP and Subnet had been adapted for dual-stack.The result is displayed by protocol.
+The CRD resources of IP and Subnet had been adapted for dual-stack. The result is displayed by protocol.
 
 ```shell
 mac@localhost ~ % kubectl get ips

diff --git a/docs/install.md b/docs/install.md
@@ -7,7 +7,7 @@ Kube-OVN includes two parts:
 ## Prerequisite
 - Kubernetes >= 1.16
 - Docker >= 1.12.6
-- OS: CentOS 7/8, Ubuntu 16.04/18.04 
+- OS: CentOS 7/8, Ubuntu 16.04/18.04
 - Other Linux distributions with geneve, openvswitch and ip_tables module installed. You can use commands  `modinfo geneve`, `modinfo openvswitch` and `modinfo ip_tables` to verify
 - Kernel boot with `ipv6.disable=0`
 - Kube-proxy *MUST* be ready so that Kube-OVN can connect to apiserver by service address
@@ -20,7 +20,7 @@ Kube-OVN includes two parts:
 *Ports that Kube-OVN uses:*
 
 | Component           | Port                                          | Usage                  |
-|---------------------|-----------------------------------------------|------------------------|
+| ------------------- | --------------------------------------------- | ---------------------- |
 | ovn-central         | 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp        | ovn-db and raft server |
 | ovs-ovn             | Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp | Tunnel port            |
 | kube-ovn-controller | 10660/tcp                                     | Metrics                |
@@ -35,7 +35,6 @@ Kube-OVN provides a one script install to easily install a high-available, produ
 
 1. Download the stable release installer scripts.
 
-For Kubernetes version>=1.16:
 `wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.10/dist/images/install.sh`
 
 If you want to try the latest developing Kube-OVN, try the script below:
@@ -52,8 +51,8 @@ If you want to try the latest developing Kube-OVN, try the script below:
  VERSION="v1.10.0"
 ```
 
-> Note: 
-> 1. `SVC_CIDR` here is just to tell Kube-OVN the Service CIDR in this cluster to configure related rules, Kube-OVN will *NOT* set the cluster Service CIDR 
+> Note:
+> 1. `SVC_CIDR` here is just to tell Kube-OVN the Service CIDR in this cluster to configure related rules, Kube-OVN will *NOT* set the cluster Service CIDR
 > 2. If the desired nic names are different across nodes and can not be easily expressed by regex, you can add node annotation `ovn.kubernetes.io/tunnel_interface=xxx` to exact math the interface name
 
 This basic setup works for default overlay network. If you are using default underlay/vlan network, please refer [Vlan/Underlay Support](vlan.md).
@@ -169,7 +168,7 @@ You can use `--default-cidr` flags below to config default Pod CIDR or create a
       --logtostderr                       log to standard error instead of files (default true)
       --mirror-iface string               The mirror nic name that will be created by kube-ovn (default "mirror0")
       --mtu int                           The MTU used by pod iface in overlay networks (default iface MTU - 100)
-      --network-type string               The ovn network type (default "geneve")
+      --network-type string               Tunnel encapsulation protocol in overlay networks (default "geneve")
       --node-local-dns-ip string          If use nodelocaldns the local dns server ip should be set here.
       --ovs-socket string                 The socket to local ovs-server
       --pprof-port int                    The port to get profiling data (default 10665)
@@ -183,7 +182,7 @@ You can use `--default-cidr` flags below to config default Pod CIDR or create a
 
 ### Install with customized kubeconfig
 
-By default, Kube-OVN uses in-cluster config to init kube client. In this way, Kube-OVN relies on kube-proxy to provide service discovery to connect to Kubernetes apiserver. 
+By default, Kube-OVN uses in-cluster config to init kube client. In this way, Kube-OVN relies on kube-proxy to provide service discovery to connect to Kubernetes apiserver.
 To use an external or high available Kubernetes apiserver, users can use self customized kubeconfig to connect to apiserver.
 
 1. Generate configmap from an existing kubeconfig:

diff --git a/docs/ipv6.md b/docs/ipv6.md
@@ -1,5 +1,5 @@
 # IPv6
 
-Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and  service discovery if you use a protocol other than the kubernetes control plan. We recommend you use only one same ip protocol that same with kubernetes control plan.
+Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and service discovery if you use a protocol other than the kubernetes control plane. We recommend you use only one same ip protocol that same with kubernetes control plane.
 
-To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start.
+To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](../yamls/kube-ovn-ipv6.yaml) at [installation step 3](./install.md#to-install) for a quick start.
diff --git a/pkg/daemon/config.go b/pkg/daemon/config.go
@@ -73,7 +73,7 @@ func ParseFlags() *Configuration {
 		argEnablePprof           = pflag.Bool("enable-pprof", false, "Enable pprof")
 		argPprofPort             = pflag.Int("pprof-port", 10665, "The port to get profiling data")
 
-		argsNetworkType            = pflag.String("network-type", "geneve", "The ovn network type")
+		argsNetworkType            = pflag.String("network-type", util.NetworkTypeGeneve, "Tunnel encapsulation protocol in overlay networks")
 		argCniConfDir              = pflag.String("cni-conf-dir", "/etc/cni/net.d", "Path of the CNI config directory.")
 		argCniConfFile             = pflag.String("cni-conf-file", "/kube-ovn/01-kube-ovn.conflist", "Path of the CNI config file.")
 		argsCniConfName            = pflag.String("cni-conf-name", "01-kube-ovn.conflist", "Specify the name of kube ovn conflist name in dir /etc/cni/net.d/, default: 01-kube-ovn.conflist")
@@ -208,8 +208,29 @@ func (config *Configuration) initNicConfig(nicBridgeMappings map[string]string)
 		mtu = iface.MTU
 	}
 
+	encapIsIPv6 := util.CheckProtocol(encapIP) == kubeovnv1.ProtocolIPv6
+	if encapIsIPv6 && runtime.GOOS == "windows" {
+		// OVS windows datapath does not IPv6 tunnel in version v2.17
+		err = errors.New("IPv6 tunnel is not supported on Windows currently")
+		klog.Error(err)
+		return err
+	}
+
 	if config.MTU == 0 {
-		config.MTU = mtu - util.GeneveHeaderLength
+		switch config.NetworkType {
+		case util.NetworkTypeGeneve, util.NetworkTypeVlan:
+			config.MTU = mtu - util.GeneveHeaderLength
+		case util.NetworkTypeVxlan:
+			config.MTU = mtu - util.VxlanHeaderLength
+		case util.NetworkTypeStt:
+			config.MTU = mtu - util.SttHeaderLength
+		default:
+			return fmt.Errorf("invalid network type: %s", config.NetworkType)
+		}
+		if encapIsIPv6 {
+			// IPv6 header size is 40
+			config.MTU -= 20
+		}
 	}
 
 	config.MSS = config.MTU - util.TcpIpHeaderLength
@@ -224,13 +245,6 @@ func (config *Configuration) initNicConfig(nicBridgeMappings map[string]string)
 		return err
 	}
 
-	// OVS windows datapath does not IPv6 tunnel in version v2.17 and earlier
-	if runtime.GOOS == "windows" && util.CheckProtocol(encapIP) == kubeovnv1.ProtocolIPv6 {
-		err = errors.New("IPv6 tunnel is not supported on Windows currently")
-		klog.Error(err)
-		return err
-	}
-
 	return setEncapIP(encapIP)
 }
 

diff --git a/pkg/util/const.go b/pkg/util/const.go
@@ -95,6 +95,8 @@ const (
 
 	NetworkTypeVlan   = "vlan"
 	NetworkTypeGeneve = "geneve"
+	NetworkTypeVxlan  = "vxlan"
+	NetworkTypeStt    = "stt"
 
 	NodeNic           = "ovn0"
 	NodeAllowPriority = "3000"
@@ -113,6 +115,8 @@ const (
 	DefaultDropPriority = "1000"
 
 	GeneveHeaderLength = 100
+	VxlanHeaderLength  = 50
+	SttHeaderLength    = 72
 	TcpIpHeaderLength  = 40
 
 	OvnProvider                 = "ovn"