Shulou(Shulou.com)05/31 Report--

This article shows you an example analysis of the principles of flannal, calico and cannal in kubernetes. The content is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

1. Flannel

Principle: flannel has host-gw (non-overlay network). Host-gw mode refers to the direct use of a route to the physical ip of the target machine and the transmission of packets without any encapsulation.

(high performance, but if there are too many nodes, the routing table of each machine will expand to a certain extent, all machines must be interconnected, all nodes must be in the same subnet, cannot cross network segments, and layer 2 must be able to interconnect)

Overlay network, which supports data forwarding methods such as UDP, VxLAN, AWS VPC and GCE routing. (kubernetes uses vxlan by default. Take vxlan as an example)

The first is the allocation of ip addresses, which is achieved by subnetting the ip pool to a specified physical machine. (when assigning ip, flannel selects available subnets to their respective physical machines, and pod's ip is allocated from that subnet.)

On host 192.168.0.4

Ip link add dev flannel_vxlan_c type veth peer name flannel_vxlan_h

Brctl addif cni flannel_vxlan_h

Ip link set flannel_vxlan_h up

Ip addr add 10.244.0.1/24 dev cni

Ip netns add flannel_vxlan

Ip netns exec flannel_vxlan ip link set lo up

Ip link set flannel_vxlan_c netns flannel_vxlan

Ip netns exec flannel_vxlan ip link set flannel_vxlan_c up

Ip netns exec flannel_vxlan ip addr add 10.244.0.3/24 dev flannel_vxlan_c

Ip netns exec flannel_vxlan ip route add default via 10.244.0.1

Ip nei add 10.244.2.0 dev flannel.1 lladdr 22:3d:4d:c5:65:ff (this mac address is the mac address of flannel.1 on the opposite 192.168.0.16)

Bridge fdb add 22:3d:4d:c5:65:ff dst 192.168.0.16 dev flannel.1

Ip route add 10.244.2.0/24 via 10.244.2.0 dev flannel.1 onlink

In this way, by making the same settings on the other side, we can realize the east-west interconnection on the basis of vxlan.

It is important to note that the flanneld in the picture here, I am not sure what it is for.

Advantages: overlay network, adapting to public cloud environment

Disadvantages: udp performance loss is very high, vxlan is relatively good, can not carry out network isolation and other network policy operations

2. Calico network

Calico provides two modes of network: BGP and ip-in-ip (overlay network)

How it works:

Calico creates a vrouter in the kernel of each node, and this vrouter forwards routes efficiently. Vrouter notifies other nodes of local pod-related routing information through bgp. In small-scale deployments, all nodes can be interconnected through bgp, and routing notifications can be completed through bgp reflector on a large scale.

Ip address assignment: the allocation strategy is similar to flannel, which divides the entire pool into different subnets, dispatches subnets to different nodes, and then creates a pod on each node using the corresponding ip address in the subnet.

Calico can use iptables to implement access control and implement many network policies.

As shown in the figure:

The pod is connected to the physical machine through veth.

Felix is used to set up routing and iptables (can implement network policy and control the communication of pod)

Bgp client (bird) broadcasts to the entire network by reading routing information. In this way, the opposite side will get routing information about marrying a particular network.

It should be noted that the difference between ip-in-ip and full bgp is that packets from pod are sent to a local ipip device via ip route. (the job of this device is to use the ip of the local physical machine and the destination physical machine ip to encapsulate the ip message of pod and send it to the corresponding machine according to the route.)

The specific implementation is probably like this

Host 192.168.0.4

Ip netns add calico

Ip link add dev calico-c type veth peer name calico-h

Ip link set calico-c netns calico

Ip netns exec calico ip link set lo up

Ip netns exec calico ip link set calico-c up

Ip netns exec calico ip addr add 10.244.0.3/24 dev calico-c

Ip netns exec calico ip route add default via 169.254.1.1

Ip netns exec calico ip route add 169.254.1.1 dev calico-c

Ip route add 10.244.0.3 dev calico-h

Ip link set calico-h up

Sysctl-w net.ipv4.conf.calico-h.proxy_arp=1

BGP mode

Ip route add 10.244.2.0/24 via 192.168.0.16

IP-IN-IP mode

Ip tunnel add tunl0 mode ipip

Ip route add 10.244.2.0/24 via 192.168.0.16 dev tunl0

It's the opposite on the other side. Of course, all these operations are done by felix and confd and bird.

Performance of calico: much better than flannel, even overlay network ip-in-ip is much better than flannel's overlay network

Advantages: strong performance, fast, network strategy, overlay, based on layer 3 routing

Disadvantages: it is said that you can't VRF, of course, I don't know what VRF is at present.

III. Canal

Canal is a combination of flannel and calico, where the confd bird part of calico is removed, which means that there is no bgp, no ipip tunnel, and only the felix part is reserved, which provides routing and iptables settings, that is, general network policies. What flannel keeps here is the tunnel part of vxlan.

This is the network structure of pod created by canal.

Its essence is:

Host 192.168.0.4

Ip link add dev canal-c type veth peer name canal-h

Ip link set canal-c netns canal

Ip netns exec canal ip link set lo up

Ip netns exec canal ip link set canal-c up

Ip netns exec canal ip addr add 10.244.0.3/24 dev canal-c

Ip netns exec calico ip route add default via 169.254.1.1

Ip netns exec canal ip route add 169.254.1.1 dev canal-c

Ip route add 10.244.0.3 dev canal-h

Ip link set canal-h up

Sysctl-w net.ipv4.conf.canal-h.proxy_arp=1

Ip nei add 10.5.47.0 dev flannel.1 lladdr 22:3d:4d:c5:65:ff (mac of flannel.1 on 192.168.0.16)

Bridge fdb add 22:3d:4d:c5:65:ff dst 192.168.0.16 dev flannel.1

Ip route add 10.244.1.0/24 via 10.244.1.0 dev flannel.1 onlink

Host 192.168.0.16

Ip link add dev canal-c type veth peer name canal-h

Ip link set canal-c netns canal

Ip netns exec canal ip link set lo up

Ip netns exec canal ip link set canal-c up

Ip netns exec canal ip addr add 10.244.1.3/24 dev canal-c

Ip netns exec calico ip route add default via 169.254.1.1

Ip netns exec canal ip route add 169.254.1.1 dev canal-c

Ip route add 10.244.1.3 dev canal-h

Ip link set canal-h up

Sysctl-w net.ipv4.conf.canal-h.proxy_arp=1

Ip nei add 10.244.0.0 dev flannel.1 lladdr 56:ad:b6:5f:16:d7 (mac of flannel.1 on 192.168.0.4)

Bridge fdb add 56:ad:b6:5f:16:d7 dst 192.168.0.4 dev flannel.1

Ip route add 10.244.0.0/24 via 10.244.1.0 dev flannel.1 onlink

Advantages: network strategy, overlay network

Cons: performance degrades quickly, but there seems to be no disadvantage of calico's inability to vrf

The above is an example analysis of flannal, calico and cannal network principles in kubernetes. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.