Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure internet access if VPP uses non-default interface? #263

Open
Bolodya1997 opened this issue Oct 27, 2021 · 3 comments
Open

How to configure internet access if VPP uses non-default interface? #263

Bolodya1997 opened this issue Oct 27, 2021 · 3 comments

Comments

@Bolodya1997
Copy link

Environment

  • Calico/VPP version: v0.17.0-calicov3.20.2.
  • Kubernetes version: 1.21.1 .
  • Deployment type: bare-metal on equinix.metal, host nodes OS is Ubuntu 20.04 LTS.
  • Network configuration:
    • master node:
      1. default interface + ip - bond0 + 139.178.65.125.
      2. VPP interface + ip - eno2 + 10.0.0.1/30.
    • worker node:
      1. default interface + ip - bond0 + 139.178.65.127.
      2. VPP interface + ip - eno2 + 10.0.0.2/30.

Issue description
Pods are unable to ping internet when VPP uses non-default interface.

To Reproduce
Steps to reproduce the behavior:

  1. Start 2 bare-metal nodes with the following interfaces configured:
    1. bond0 - bond interface, has access to the internet.
    2. eno2 - simple interface, has access to the eno2 on the other node.
  2. Setup additional IP addresses:
    1. master node - 10.0.0.1/30 dev eno2.
    2. worker node - 10.0.0.2/30 dev eno2.
  3. Create kubernetes cluster.
  4. Edit Calico calico-vpp-nohuge.yaml deployment:
  vpp_dataplane_interface: eno2
  1. Start Calico with the modified deployment.
  2. Run kubectl apply -f https://k8s.io/examples/admin/dns/dnsutils.yaml.
  3. Run kubectl exec dnsutils -- ping -c 4 8.8.8.8.
  4. ping fails.

Expected behavior
dnsutils pod should be able to access internet.
@Bolodya1997
Copy link
Author

I am not using bond0 to configure Calico VPP because:

  1. I am not sure if it works with bond interfaces.
  2. I don't have local access to the nodes, so breaking this interface will break all access to the nodes.

@Bolodya1997 Bolodya1997 mentioned this issue Oct 27, 2021
Open
6 tasks
@edwarnicke
Copy link

@Bolodya1997 Can't you get management access to the nodes via eno2 ?

@AloysAugustin
Copy link
Collaborator

AloysAugustin commented Oct 27, 2021
edited

@Bolodya1997 although not tested, bond interfaces should be supported with the af_packet driver which should be sufficient for testing.

As @edwarnicke suggests, if possible I think it would be good to setup an independent management interface so that you can keep ssh access if anything goes wrong - maybe by adding another server connected to your existing hosts on the eno2 network that you could use as a jump host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@edwarnicke @AloysAugustin @Bolodya1997