Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure IPAM for Pod Networking

SUMMARY Cloud-Native Contrail® Networking supports IPAM (IP address management) for pods and services. Configure a Subnet resource to facilitate IP address allocation.

IPAM in Cloud-Native Contrail Networking

Cloud-Native Contrail Networking introduces the Subnet and SubnetPool resources for the purpose of IPAM for pods and services. Each Subnet has an associated SubnetPool. These resources enable you to configure IPv4 and IPv6 address allocation in your cluster. A VirtualNetwork references a Subnet resource to determine available subnets for new pods and services. Multiple VirtualNetworks can reference the same Subnet. The Subnet resource is translated into IPAM and consumed by the control node and vRouter agent.

SubnetPool Overview

The SubnetPool manages a pool of addresses from which Subnets are allocated. When a request for an IP address occurs, that IP address is allocated from a virtual network's associated SubnetPool. CIDR parameters (prefix length, capacity, range) for IP address allocation are determined when a SubnetPool is created. You are able to allocate additional prefixes if you exhaust a SubnetPool.

Consider the following SubnetPool example:

The capacity parameter denotes the total number of possible IDs in the pool. The count parameter denotes the number of used IDs in the pool. The max parameter denotes the maximum number of IDs available to be allocated from the pool. A given ID maps to an IP address in the Subnet pool.

Subnet Overview

The Subnet is a block of IP addresses and the configurations associated with those addresses. A Subnet is based on a single address family (IPv4, IPv6) at a time. You must create separate IPv4 and IPv6 Subnets. If you do not specify a SubnetPool, the Subnet functions as Contrail Classic IPAM. This means that the Subnet is isolated to a single namespace.

Consider the following Subnet spec example:

The cidr and defaultGateway parameters are the main parameters that define a Subnet resource. The cidr parameter determines the range of IPs available for allocation in that Subnet. The defaultGateway parameter defines the IP address of the defaultGateway for the Subnet. Specifying a defaultGateway address is optional. If you do not specify a defaultGateway address, it is automatically set as the first IP address in the Subnet.

A Kubernetes node configuration can have a podCIDR configuration parameter. The podCIDR is a subset of the default-podnetwork-subnet. When the podCIDR is present, the IP address of any pod created on that node will have an IP address allocated from the podCIDR. If no podCIDR is present, all of the IP addresses in the CIDR of the Subnet are able to be allocated for the node. The podCIDR can also reference a wildcard key. In the example, IP address allocation requests choose from IPs 10.128.0.0 to 10.128.0.255 as long as the requesting pod is created on the node with the key contrail-k8s-kubemanager-ocp-kparmar-4yu0qk-ocp-kparmar-4yu0qk-ctrl-1 .

Alternatively, you can define a ranges parameter . The ranges parameter defines a list of IPs available for allocation. The ranges parameter overrides the CIDR parameter when it is present in a spec. The ranges parameter does not override the podCIDR parameter.

VirtualNetwork Overview

Cloud-Native Contrail Networking updates the VirtualNetwork resource to be compatible with IPAM implementation. Consider the following example:

Note the separate Subnet references for the IPv4 address family and the IPv6 address family. You cannot update the Subnet reference of a VirtualNetwork through the entire lifecycle of that VirtualNetwork.

BGP as a Service Session IP Addresses Overview

BGP (Border Gateway Protocol) as a Service (BGPaaS) enables the establishment of a BGP session between a control node to a workload or pod's IP address. You are able to create a Subnet with the DisableBGPaaSIPAutoAllocation flag set to false or true. When you set the DisableBGPaaSIPAutoAllocation to false, the following occurs:

  • No IP address is allocated for BGPaaSPrimaryIP and BGPaaSSecondaryIP immediately. These IPs are only allocated (within Subnet CIDR range) when the first BGPAsAService is configured within the network of this Subnet.

  • When you delete all of the BGPAsAService resources associated with a Subnet, the IP addresses assigned to BGPaaSPrimaryIP and BGPaaSSecondaryIP are released from the pool and set to empty values. These addresses are re-allocated from the pool when a BGPAsAService is configured again.

When you set the DisableBGPaaSIPAutoAllocation flag to true, the following occurs:

  • You are able to use user-defined values for the BGPaaSPrimaryIP and BGPaaSSecondaryIP fields. These IP fields are mandatory and cannot be left empty. User-defined values for these fields are also reserved in the Subnet pool.

  • The IP addresses used for BGPaaSPrimaryIP and BGPaaSSecondaryIP still remain reserved in the Subnet pool even if no BGPAsAService is configured or if all BGPAsAService resources are deleted.

When you change the DisableBGPaaSIPAutoAllocation field from false to true, BGPaaSPrimaryIP and BGPaaSSecondaryIP become mandatory fields. If the IPs were auto allocated before changing this flag from false to true, then those IPs are released from the pool and new user-provided IPs are reserved in the pool.

When you change DisableBGPaaSIPAutoAllocation from true to false the following occurs:

  • If there is no BGPAsAService configured within the Subnet, BGPaaSPrimaryIP and BGPaaSSecondaryIP values are released from the pool and these fields become empty

    .

  • If there is at least one BGPAsAService configured, no change happens to the existing values of BGPaaSPrimaryIP and BGPaaSSecondaryIP.

For more information about BGP (Border Gateway Protocol) as a Service (BGPaaS), see the Enable BGP as a Service section.