Calico Practicing-2 -- About Calico Networking Option

Calico k8s SDN
Kubernetes
发布日期:   2020-01-19
更新日期:   2020-01-19
阅读次数:  

Calico Networking Option

Circumstance

Our on-premise environment consists of several VLAN(layer 2 network), each VLAN is created by VCenter. Physically, every VLAN is based on several baremetal machines on the same floor, the baremetal machines are connected by ethernet switches. And we have several floors of baremetal machines, they’re connected by ToR(Top of Rack) routers(layer 3 network).

Standardized Glossary

  • layer 3
    In many on-premise data centers, each server connects to a top-of-rack (ToR) router operating at the IP layer (layer 3). In that situation, we would need to peer each node with its corresponding ToR router, so that the ToR learns routes to the containers.
    In this circumstance, you need to Configure BGP peering.
    On top of the advantages of non-peered unencapsulated traffic:

    • Your cluster can span multiple L2 subnets without needing encapsulation
    • Resources outside your cluster can talk directly to your pods without NAT
    • You can even expose pods directly to the internet if you want!
      The AS Per Rack model

  • layer 2
    Since we are running in an VLAN within a single subnet(on the same floor), the hosts have ethernet (layer 2) connectivity with one another, meaning there are no routers between them. Thus, they can peer directly with each other.
    If we spread k8s nodes(calico workloads) into several VLAN(subnet), we need either to configure peer over BGP with your routers or cross-subnet encapsulation.

    Ethernet topology

  • overlay/encapsulation
    Although the official project recommends running Calico without network overlay/encapsulation, becase that provides the highest performance adn simplest network.
    However, if you are not familiar with physical network devices and infrustructure or you are going to use Calico in a public cloud like AWS, you can also use the overlay networking.
    Calico can perform encapsulation on: all traffic, no traffic, or only on traffic that crosses a subnet boundary.

  • AS(Autonomous system)

    An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.[^1]

Footnote

[^1]: multihomed: An AS that maintains connections to more than one other AS. This allows the AS to remain connected to the internet in the event of a complete failure of one of their connections. However, unlike a transit AS, this type of AS would not allow traffic from one AS to pass through on its way to another AS.

文章作者: 少年G
文章链接: https://shouneng.website/2020/01/19/calico-practicing-2-about-calico-networking-option/
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 少年G !
Calico k8s SDN
评论
 上一篇
Calico Practicing-3 -- How To Configure Accessing Calico Endpoint From Outside of The Cluster Calico Practicing-3 -- How To Configure Accessing Calico Endpoint From Outside of The Cluster
Our software technology stack is mainly Java with micro-service frameworks(e.g. Spring Boot, Consul). And we're moving from VM to Kubernetes. Considering cases of putting consumer or/and registry conponents outside of the Kubernetes cluster, we have to make our network plane allows workload accessing Pod IP, Service IP from outside the Kubernetes cluster.
2020-01-19 Kubernetes
Calico k8s SDN
下一篇 
Calico Practicing-1 -- About Calico Calico Practicing-1 -- About Calico
I'm going to talk about my comprehension about Calico.
2020-01-19 Kubernetes
Calico k8s SDN
  目录