Configure IPAM for Pod Networking
SUMMARY Cloud-Native Contrail® Networking™ supports
IP address
management
(IPAM) for pods and services. Configure a Subnet
resource to
facilitate IP address
allocation.
IPAM in Cloud-Native Contrail Networking
Cloud-Native Contrail Networking introduces the Subnet
and
SubnetPool
resources for the purpose of IPAM for pods and services. Each
Subnet
has an associated SubnetPool
. These resources
enable you to configure IPv4 and IPv6 address allocation in your cluster. A
VirtualNetwork
references a Subnet
resource to determine
available subnets for new pods and services. Multiple VirtualNetworks
can
reference the same Subnet
. The Subnet
resource is
translated into IPAM and consumed by the control node and vRouter agent.
SubnetPool Overview
The SubnetPool
manages a pool of addresses from which
Subnets
are allocated. When a request for an IP address occurs, that IP
address is allocated from a virtual network's associated SubnetPool
. CIDR
parameters (prefix length, capacity, range) for IP address allocation are determined when a
SubnetPool
is created. You
can
allocate additional prefixes if you exhaust a
SubnetPool
.
Consider the following SubnetPool
example:
kparmar-mbp:cn2 kparmar$ kubectl get pool subnet-id-pool-Subnet-contrail-k8s-kubemanager-ocp-rdang-q8roaw-contrail-default-podnetwork-pod-v4-subnet -oyaml apiVersion: idallocator.contrail.juniper.net/v1alpha1 capacity: 262144 count: 157 kind: Pool max: 262143 metadata: creationTimestamp: null name: subnet-id-pool-Subnet-contrail-k8s-kubemanager-ocp-rdang-q8roaw-contrail-default-podnetwork-pod-v4-subnet reserved: - 0 - 262143 - 1
The capacity
parameter denotes the total number of possible IDs in the
pool. The count
parameter denotes the number of used IDs in the pool. The
max
parameter denotes the maximum number of IDs available to be allocated
from the pool. A given ID maps to an IP address in the Subnet
pool.
Subnet Overview
The Subnet
is a block of IP addresses and the configurations associated
with those addresses. A Subnet
is based on a single address family (IPv4,
IPv6) at a time. You must create separate IPv4 and IPv6 Subnets
. If you do
not specify a SubnetPool
, the Subnet
functions as Contrail
Classic IPAM. This means that the Subnet
is isolated to a single
namespace.
Consider the following Subnet
spec example:
apiVersion: core.contrail.juniper.net/v1alpha1 kind: Subnet metadata: name: default-servicenetwork-pod-v4-subnet namespace: contrail-k8s-kubemanager-ocp-kparmar-4yu0qk-contrail spec: cidr: 10.128.0.0/16 defaultGateway: 10.128.0.1 ranges: - ipRanges: - from: 10.128.0.0 to: 10.128.0.255 key: contrail-k8s-kubemanager-ocp-kparmar-4yu0qk-ocp-kparmar-4yu0qk-ctrl-1
The cidr
and defaultGateway
parameters are the main
parameters that define a Subnet
resource. The cidr
parameter determines the range of IPs available for allocation in that
Subnet
. The defaultGateway
parameter defines the IP
address of the defaultGateway
for the Subnet
. Specifying a
defaultGateway
address is optional. If you do not specify a
defaultGateway
address, it is automatically set as the first IP address
in the Subnet
.
A Kubernetes node configuration can have a podCIDR
configuration
parameter. The podCIDR
is a subset of the
default-podnetwork-subnet
. When the podCIDR
is present,
the IP address of any pod created on that node will have an IP address allocated from the
podCIDR
. If no podCIDR
is present, all of the IP
addresses in the CIDR of the Subnet
can
be allocated for the node. The podCIDR
can also reference a wildcard key.
In the example, IP address allocation requests choose from IPs 10.128.0.0
to 10.128.0.255
as long as the requesting pod is created on the node with
the key contrail-k8s-kubemanager-ocp-kparmar-4yu0qk-ocp-kparmar-4yu0qk-ctrl-1
.
Alternatively, you can define a ranges
parameter . The
ranges
parameter defines a list of IPs available for allocation. The
ranges
parameter overrides the CIDR parameter when it is present in a
spec. The ranges
parameter does not override the podCIDR
parameter.
VirtualNetwork Overview
Cloud-Native Contrail Networking updates the VirtualNetwork
resource to be
compatible with IPAM implementation. Consider the following example:
apiVersion: core.contrail.juniper.net/v1alpha1 kind: VirtualNetwork metadata: namespace: contrail name: virtualnetwork-sample spec: v4SubnetReference: apiVersion: core.contrail.juniper.net/v1alpha1 kind: Subnet namespace: contrail name: v4subnet v6SubnetReference: apiVersion: core.contrail.juniper.net/v1alpha1 kind: Subnet namespace: contrail name: v6subnet
Note the separate Subnet
references for the IPv4 address family and the
IPv6 address family. You cannot update the Subnet
reference of a
VirtualNetwork
through the entire lifecycle of that
VirtualNetwork
.
BGP as a Service Session IP Addresses Overview
BGP
as
a Service (BGPaaS) enables the establishment of a BGP session between a control node to a
workload or pod's IP address. You are able to create a Subnet
with the
DisableBGPaaSIPAutoAllocation
flag set to false or true. When you set the
DisableBGPaaSIPAutoAllocation
to false, the following
occurs:
-
No IP address is allocated for
BGPaaSPrimaryIP
orBGPaaSSecondaryIP
immediately. These IPs are only allocated (withinSubnet
CIDR range) when the firstBGPAsAService
is configured within the network of thisSubnet
. -
When you delete all of the
BGPAsAService
resources associated with aSubnet
, the IP addresses assigned toBGPaaSPrimaryIP
andBGPaaSSecondaryIP
are released from the pool and set to empty values. These addresses are re-allocated from the pool when aBGPAsAService
is configured again.
When you set the DisableBGPaaSIPAutoAllocation
flag to true, the following
occurs:
-
You are able to use user-defined values for the
BGPaaSPrimaryIP
andBGPaaSSecondaryIP
fields. These IP fields are mandatory and cannot be left empty. User-defined values for these fields are also reserved in theSubnet
pool. -
The IP addresses used for
BGPaaSPrimaryIP
andBGPaaSSecondaryIP
still remain reserved in theSubnet
pool even if noBGPAsAService
is configured or if allBGPAsAService
resources are deleted.
When you change the DisableBGPaaSIPAutoAllocation
field from false to
true, BGPaaSPrimaryIP
and BGPaaSSecondaryIP
become
mandatory fields. If the IPs were auto allocated before changing this flag from false to
true, then those IPs are released from the pool and new user-provided IPs are reserved in
the
pool.
When you change DisableBGPaaSIPAutoAllocation
from true to false the
following
occurs:
If no
.BGPAsAService
is configured within theSubnet
,BGPaaSPrimaryIP
andBGPaaSSecondaryIP
values are released from the pool and these fields become empty.-
If at least one
BGPAsAService
is configured, no change happens to the existing values ofBGPaaSPrimaryIP
andBGPaaSSecondaryIP
.
For more information about BGP as a Service (BGPaaS), see the Enable BGP as a Service section.