From 77988f21f3f5a7155908ed8f2d3a384baad7e808 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Mon, 18 Jul 2022 22:13:31 +0800 Subject: [PATCH] fix overlay MTU in vxlan/stt tunnels (#1693) --- dist/images/install.sh | 2 +- docs/dual-stack.md | 4 ++-- docs/install.md | 13 ++++++------- docs/ipv6.md | 4 ++-- pkg/daemon/config.go | 32 +++++++++++++++++++++++--------- pkg/util/const.go | 4 ++++ 6 files changed, 38 insertions(+), 21 deletions(-) diff --git a/dist/images/install.sh b/dist/images/install.sh index 9c507d8142d..ee1a6a864e7 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -2688,7 +2688,7 @@ spec: - --service-cluster-ip-range=$SVC_CIDR - --iface=${IFACE} - --dpdk-tunnel-iface=${DPDK_TUNNEL_IFACE} - - --network-type=$NETWORK_TYPE + - --network-type=$TUNNEL_TYPE - --default-interface-name=$VLAN_INTERFACE_NAME - --cni-conf-name=${CNI_CONFIG_PRIORITY}-kube-ovn.conflist - --logtostderr=false diff --git a/docs/dual-stack.md b/docs/dual-stack.md index eb26c2a40ba..13a34d27c08 100644 --- a/docs/dual-stack.md +++ b/docs/dual-stack.md @@ -24,7 +24,7 @@ spec: protocol: Dual ``` -The fields of subnet can be found at [Subnets](https://github.com/kubeovn/kube-ovn/blob/master/docs/subnet.md). +The fields of subnet can be found at [Subnets](./subnet.md). ## Test for dual-stack @@ -54,7 +54,7 @@ podIP: 10.16.0.9 ``` ## Others -The crd resources of IP and Subnet had been adapted for dual-stack.The result is displayed by protocol. +The CRD resources of IP and Subnet had been adapted for dual-stack. The result is displayed by protocol. ```shell mac@localhost ~ % kubectl get ips diff --git a/docs/install.md b/docs/install.md index 9f85d505db4..e49a942d937 100644 --- a/docs/install.md +++ b/docs/install.md @@ -7,7 +7,7 @@ Kube-OVN includes two parts: ## Prerequisite - Kubernetes >= 1.16 - Docker >= 1.12.6 -- OS: CentOS 7/8, Ubuntu 16.04/18.04 +- OS: CentOS 7/8, Ubuntu 16.04/18.04 - Other Linux distributions with geneve, openvswitch and ip_tables module installed. You can use commands `modinfo geneve`, `modinfo openvswitch` and `modinfo ip_tables` to verify - Kernel boot with `ipv6.disable=0` - Kube-proxy *MUST* be ready so that Kube-OVN can connect to apiserver by service address @@ -20,7 +20,7 @@ Kube-OVN includes two parts: *Ports that Kube-OVN uses:* | Component | Port | Usage | -|---------------------|-----------------------------------------------|------------------------| +| ------------------- | --------------------------------------------- | ---------------------- | | ovn-central | 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp | ovn-db and raft server | | ovs-ovn | Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp | Tunnel port | | kube-ovn-controller | 10660/tcp | Metrics | @@ -35,7 +35,6 @@ Kube-OVN provides a one script install to easily install a high-available, produ 1. Download the stable release installer scripts. -For Kubernetes version>=1.16: `wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.10/dist/images/install.sh` If you want to try the latest developing Kube-OVN, try the script below: @@ -52,8 +51,8 @@ If you want to try the latest developing Kube-OVN, try the script below: VERSION="v1.10.0" ``` -> Note: -> 1. `SVC_CIDR` here is just to tell Kube-OVN the Service CIDR in this cluster to configure related rules, Kube-OVN will *NOT* set the cluster Service CIDR +> Note: +> 1. `SVC_CIDR` here is just to tell Kube-OVN the Service CIDR in this cluster to configure related rules, Kube-OVN will *NOT* set the cluster Service CIDR > 2. If the desired nic names are different across nodes and can not be easily expressed by regex, you can add node annotation `ovn.kubernetes.io/tunnel_interface=xxx` to exact math the interface name This basic setup works for default overlay network. If you are using default underlay/vlan network, please refer [Vlan/Underlay Support](vlan.md). @@ -169,7 +168,7 @@ You can use `--default-cidr` flags below to config default Pod CIDR or create a --logtostderr log to standard error instead of files (default true) --mirror-iface string The mirror nic name that will be created by kube-ovn (default "mirror0") --mtu int The MTU used by pod iface in overlay networks (default iface MTU - 100) - --network-type string The ovn network type (default "geneve") + --network-type string Tunnel encapsulation protocol in overlay networks (default "geneve") --node-local-dns-ip string If use nodelocaldns the local dns server ip should be set here. --ovs-socket string The socket to local ovs-server --pprof-port int The port to get profiling data (default 10665) @@ -183,7 +182,7 @@ You can use `--default-cidr` flags below to config default Pod CIDR or create a ### Install with customized kubeconfig -By default, Kube-OVN uses in-cluster config to init kube client. In this way, Kube-OVN relies on kube-proxy to provide service discovery to connect to Kubernetes apiserver. +By default, Kube-OVN uses in-cluster config to init kube client. In this way, Kube-OVN relies on kube-proxy to provide service discovery to connect to Kubernetes apiserver. To use an external or high available Kubernetes apiserver, users can use self customized kubeconfig to connect to apiserver. 1. Generate configmap from an existing kubeconfig: diff --git a/docs/ipv6.md b/docs/ipv6.md index 862d3122021..a13b0fc2a1d 100644 --- a/docs/ipv6.md +++ b/docs/ipv6.md @@ -1,5 +1,5 @@ # IPv6 -Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and service discovery if you use a protocol other than the kubernetes control plan. We recommend you use only one same ip protocol that same with kubernetes control plan. +Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and service discovery if you use a protocol other than the kubernetes control plane. We recommend you use only one same ip protocol that same with kubernetes control plane. -To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start. +To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](../yamls/kube-ovn-ipv6.yaml) at [installation step 3](./install.md#to-install) for a quick start. diff --git a/pkg/daemon/config.go b/pkg/daemon/config.go index 4167d8b014f..ab6fd2902b3 100644 --- a/pkg/daemon/config.go +++ b/pkg/daemon/config.go @@ -73,7 +73,7 @@ func ParseFlags() *Configuration { argEnablePprof = pflag.Bool("enable-pprof", false, "Enable pprof") argPprofPort = pflag.Int("pprof-port", 10665, "The port to get profiling data") - argsNetworkType = pflag.String("network-type", "geneve", "The ovn network type") + argsNetworkType = pflag.String("network-type", util.NetworkTypeGeneve, "Tunnel encapsulation protocol in overlay networks") argCniConfDir = pflag.String("cni-conf-dir", "/etc/cni/net.d", "Path of the CNI config directory.") argCniConfFile = pflag.String("cni-conf-file", "/kube-ovn/01-kube-ovn.conflist", "Path of the CNI config file.") argsCniConfName = pflag.String("cni-conf-name", "01-kube-ovn.conflist", "Specify the name of kube ovn conflist name in dir /etc/cni/net.d/, default: 01-kube-ovn.conflist") @@ -208,8 +208,29 @@ func (config *Configuration) initNicConfig(nicBridgeMappings map[string]string) mtu = iface.MTU } + encapIsIPv6 := util.CheckProtocol(encapIP) == kubeovnv1.ProtocolIPv6 + if encapIsIPv6 && runtime.GOOS == "windows" { + // OVS windows datapath does not IPv6 tunnel in version v2.17 + err = errors.New("IPv6 tunnel is not supported on Windows currently") + klog.Error(err) + return err + } + if config.MTU == 0 { - config.MTU = mtu - util.GeneveHeaderLength + switch config.NetworkType { + case util.NetworkTypeGeneve, util.NetworkTypeVlan: + config.MTU = mtu - util.GeneveHeaderLength + case util.NetworkTypeVxlan: + config.MTU = mtu - util.VxlanHeaderLength + case util.NetworkTypeStt: + config.MTU = mtu - util.SttHeaderLength + default: + return fmt.Errorf("invalid network type: %s", config.NetworkType) + } + if encapIsIPv6 { + // IPv6 header size is 40 + config.MTU -= 20 + } } config.MSS = config.MTU - util.TcpIpHeaderLength @@ -224,13 +245,6 @@ func (config *Configuration) initNicConfig(nicBridgeMappings map[string]string) return err } - // OVS windows datapath does not IPv6 tunnel in version v2.17 and earlier - if runtime.GOOS == "windows" && util.CheckProtocol(encapIP) == kubeovnv1.ProtocolIPv6 { - err = errors.New("IPv6 tunnel is not supported on Windows currently") - klog.Error(err) - return err - } - return setEncapIP(encapIP) } diff --git a/pkg/util/const.go b/pkg/util/const.go index cdf9d02fbb3..4be70bfda55 100644 --- a/pkg/util/const.go +++ b/pkg/util/const.go @@ -91,6 +91,8 @@ const ( NetworkTypeVlan = "vlan" NetworkTypeGeneve = "geneve" + NetworkTypeVxlan = "vxlan" + NetworkTypeStt = "stt" NodeNic = "ovn0" NodeAllowPriority = "3000" @@ -109,6 +111,8 @@ const ( DefaultDropPriority = "1000" GeneveHeaderLength = 100 + VxlanHeaderLength = 50 + SttHeaderLength = 72 TcpIpHeaderLength = 40 OvnProvider = "ovn"