Calico: Is there any way to use another tunnel interface instead of "tunl0"

Created on 26 Jul 2018  路  2Comments  路  Source: projectcalico/calico

Hi, I'm newbie using calico. If i've got it right, calico use 'tunl0' interface for ipip encapsulation. Recently I've add external load balancer for worker node of k8s using ipvs with tunneling method. As ipvsadm use default tunnel interface as tunl0, it needs to modify the interface for the load balancer.

The problem is, i guess, calico use default tunnel interface as 'tunl0' too.

Possible Solution

I found that bird_ipam.cfg file in calico/node has an information for tunnel interface.

change the file like this.

bash-4.4# cat bird_ipam.cfg
# Generated by confd
filter calico_pools {
  calico_aggr();
  if ( net ~ 192.168.0.0/16 ) then {
    accept;
  }
  reject;
}


filter calico_ipip {
  if ( net ~ 192.168.0.0/16 ) then {
    krt_tunnel = "tunl1";
    accept;
  }
  accept;
}

then, ifconfig tunl0 down.

I expect nothing's gonna happened because BIRD configure can't find tunl0. But after few seconds, I found new tunl0 interface...

tunl0: flags=193<UP,RUNNING,NOARP>  mtu 1440
        inet 192.168.232.64  netmask 255.255.255.255
        tunnel   txqueuelen 1  (IPIP Tunnel)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

How can I notify calico which tunnel interface to use?

Your Environment

  • Calico version 3.1
  • Orchestrator version (e.g. kubernetes, mesos, rkt): k8s 1.11
  • Operating System and version: centos 7
kinsupport

All 2 comments

We have tested with kube-proxy in ipvs mode so I believe this should work, I think without needing to make any modifications.

@song-jiang I think you understand ipvs and the interaction with Calico the best. Could you take a look at this issue and provide guidance?

@heojh93 Is there any reason why you want to use IPVS in tunnel mode? The recommended IPVS mode for kubernetes is NAT. Please refer to https://kubernetes.io/blog/2018/07/09/ipvs-based-in-cluster-load-balancing-deep-dive/

There are three proxy modes in IPVS: NAT (masq), IPIP and DR. 
Only NAT mode supports port mapping. Kube-proxy leverages NAT mode for port mapping. 
The following example shows IPVS mapping Service port 3080 to Pod port 8080.

According to the doc, IPIP and DR mode won't work with service ip port mapping.

Was this page helpful?
0 / 5 - 0 ratings