Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix MTU in overlay networks #1693

Merged
merged 1 commit into from
Jul 18, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dist/images/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2782,7 +2782,7 @@ spec:
- --service-cluster-ip-range=$SVC_CIDR
- --iface=${IFACE}
- --dpdk-tunnel-iface=${DPDK_TUNNEL_IFACE}
- --network-type=$NETWORK_TYPE
- --network-type=$TUNNEL_TYPE
- --default-interface-name=$VLAN_INTERFACE_NAME
- --cni-conf-name=${CNI_CONFIG_PRIORITY}-kube-ovn.conflist
- --logtostderr=false
Expand Down
4 changes: 2 additions & 2 deletions docs/dual-stack.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ spec:
protocol: Dual
```

The fields of subnet can be found at [Subnets](https://github.com/kubeovn/kube-ovn/blob/master/docs/subnet.md).
The fields of subnet can be found at [Subnets](./subnet.md).

## Test for dual-stack

Expand Down Expand Up @@ -54,7 +54,7 @@ podIP: 10.16.0.9
```

## Others
The crd resources of IP and Subnet had been adapted for dual-stack.The result is displayed by protocol.
The CRD resources of IP and Subnet had been adapted for dual-stack. The result is displayed by protocol.

```shell
mac@localhost ~ % kubectl get ips
Expand Down
13 changes: 6 additions & 7 deletions docs/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Kube-OVN includes two parts:
## Prerequisite
- Kubernetes >= 1.16
- Docker >= 1.12.6
- OS: CentOS 7/8, Ubuntu 16.04/18.04
- OS: CentOS 7/8, Ubuntu 16.04/18.04
- Other Linux distributions with geneve, openvswitch and ip_tables module installed. You can use commands `modinfo geneve`, `modinfo openvswitch` and `modinfo ip_tables` to verify
- Kernel boot with `ipv6.disable=0`
- Kube-proxy *MUST* be ready so that Kube-OVN can connect to apiserver by service address
Expand All @@ -20,7 +20,7 @@ Kube-OVN includes two parts:
*Ports that Kube-OVN uses:*

| Component | Port | Usage |
|---------------------|-----------------------------------------------|------------------------|
| ------------------- | --------------------------------------------- | ---------------------- |
| ovn-central | 6641/tcp, 6642/tcp, 6643/tcp, 6644/tcp | ovn-db and raft server |
| ovs-ovn | Geneve 6081/udp, STT 7471/tcp, Vxlan 4789/udp | Tunnel port |
| kube-ovn-controller | 10660/tcp | Metrics |
Expand All @@ -35,7 +35,6 @@ Kube-OVN provides a one script install to easily install a high-available, produ

1. Download the stable release installer scripts.

For Kubernetes version>=1.16:
`wget https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.10/dist/images/install.sh`

If you want to try the latest developing Kube-OVN, try the script below:
Expand All @@ -52,8 +51,8 @@ If you want to try the latest developing Kube-OVN, try the script below:
VERSION="v1.10.0"
```

> Note:
> 1. `SVC_CIDR` here is just to tell Kube-OVN the Service CIDR in this cluster to configure related rules, Kube-OVN will *NOT* set the cluster Service CIDR
> Note:
> 1. `SVC_CIDR` here is just to tell Kube-OVN the Service CIDR in this cluster to configure related rules, Kube-OVN will *NOT* set the cluster Service CIDR
> 2. If the desired nic names are different across nodes and can not be easily expressed by regex, you can add node annotation `ovn.kubernetes.io/tunnel_interface=xxx` to exact math the interface name

This basic setup works for default overlay network. If you are using default underlay/vlan network, please refer [Vlan/Underlay Support](vlan.md).
Expand Down Expand Up @@ -169,7 +168,7 @@ You can use `--default-cidr` flags below to config default Pod CIDR or create a
--logtostderr log to standard error instead of files (default true)
--mirror-iface string The mirror nic name that will be created by kube-ovn (default "mirror0")
--mtu int The MTU used by pod iface in overlay networks (default iface MTU - 100)
--network-type string The ovn network type (default "geneve")
--network-type string Tunnel encapsulation protocol in overlay networks (default "geneve")
--node-local-dns-ip string If use nodelocaldns the local dns server ip should be set here.
--ovs-socket string The socket to local ovs-server
--pprof-port int The port to get profiling data (default 10665)
Expand All @@ -183,7 +182,7 @@ You can use `--default-cidr` flags below to config default Pod CIDR or create a

### Install with customized kubeconfig

By default, Kube-OVN uses in-cluster config to init kube client. In this way, Kube-OVN relies on kube-proxy to provide service discovery to connect to Kubernetes apiserver.
By default, Kube-OVN uses in-cluster config to init kube client. In this way, Kube-OVN relies on kube-proxy to provide service discovery to connect to Kubernetes apiserver.
To use an external or high available Kubernetes apiserver, users can use self customized kubeconfig to connect to apiserver.

1. Generate configmap from an existing kubeconfig:
Expand Down
4 changes: 2 additions & 2 deletions docs/ipv6.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# IPv6

Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and service discovery if you use a protocol other than the kubernetes control plan. We recommend you use only one same ip protocol that same with kubernetes control plan.
Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and service discovery if you use a protocol other than the kubernetes control plane. We recommend you use only one same ip protocol that same with kubernetes control plane.

To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start.
To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](../yamls/kube-ovn-ipv6.yaml) at [installation step 3](./install.md#to-install) for a quick start.
32 changes: 23 additions & 9 deletions pkg/daemon/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func ParseFlags() *Configuration {
argEnablePprof = pflag.Bool("enable-pprof", false, "Enable pprof")
argPprofPort = pflag.Int("pprof-port", 10665, "The port to get profiling data")

argsNetworkType = pflag.String("network-type", "geneve", "The ovn network type")
argsNetworkType = pflag.String("network-type", util.NetworkTypeGeneve, "Tunnel encapsulation protocol in overlay networks")
argCniConfDir = pflag.String("cni-conf-dir", "/etc/cni/net.d", "Path of the CNI config directory.")
argCniConfFile = pflag.String("cni-conf-file", "/kube-ovn/01-kube-ovn.conflist", "Path of the CNI config file.")
argsCniConfName = pflag.String("cni-conf-name", "01-kube-ovn.conflist", "Specify the name of kube ovn conflist name in dir /etc/cni/net.d/, default: 01-kube-ovn.conflist")
Expand Down Expand Up @@ -208,8 +208,29 @@ func (config *Configuration) initNicConfig(nicBridgeMappings map[string]string)
mtu = iface.MTU
}

encapIsIPv6 := util.CheckProtocol(encapIP) == kubeovnv1.ProtocolIPv6
if encapIsIPv6 && runtime.GOOS == "windows" {
// OVS windows datapath does not IPv6 tunnel in version v2.17
err = errors.New("IPv6 tunnel is not supported on Windows currently")
klog.Error(err)
return err
}

if config.MTU == 0 {
config.MTU = mtu - util.GeneveHeaderLength
switch config.NetworkType {
case util.NetworkTypeGeneve, util.NetworkTypeVlan:
config.MTU = mtu - util.GeneveHeaderLength
case util.NetworkTypeVxlan:
config.MTU = mtu - util.VxlanHeaderLength
case util.NetworkTypeStt:
config.MTU = mtu - util.SttHeaderLength
default:
return fmt.Errorf("invalid network type: %s", config.NetworkType)
}
if encapIsIPv6 {
// IPv6 header size is 40
config.MTU -= 20
}
}

config.MSS = config.MTU - util.TcpIpHeaderLength
Expand All @@ -224,13 +245,6 @@ func (config *Configuration) initNicConfig(nicBridgeMappings map[string]string)
return err
}

// OVS windows datapath does not IPv6 tunnel in version v2.17 and earlier
if runtime.GOOS == "windows" && util.CheckProtocol(encapIP) == kubeovnv1.ProtocolIPv6 {
err = errors.New("IPv6 tunnel is not supported on Windows currently")
klog.Error(err)
return err
}

return setEncapIP(encapIP)
}

Expand Down
4 changes: 4 additions & 0 deletions pkg/util/const.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,8 @@ const (

NetworkTypeVlan = "vlan"
NetworkTypeGeneve = "geneve"
NetworkTypeVxlan = "vxlan"
NetworkTypeStt = "stt"

NodeNic = "ovn0"
NodeAllowPriority = "3000"
Expand All @@ -113,6 +115,8 @@ const (
DefaultDropPriority = "1000"

GeneveHeaderLength = 100
VxlanHeaderLength = 50
SttHeaderLength = 72
TcpIpHeaderLength = 40

OvnProvider = "ovn"
Expand Down