Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 1. Understanding multiple networks
OpenShift Container Platform administrators and users can use user-defined networks (UDNs) or NetworkAttachmentDefinition (NADs) to define the networks that handle all of the ordinary network traffic of the cluster.
1.1. Multiple networks with the OVN-K CNI
By default, OVN-Kubernetes serves as the Container Network Interface (CNI) of an OpenShift Container Platform cluster. This network interface is what administrators use to create default networks.
Both user-defined networks and Network Attachment Definitions can serve as the following network types:
- Primary networks: Act as the primary network for the pod. By default, all traffic passes through the primary network unless you have configured a pod route to send traffic through other networks.
- Secondary networks: Act as secondary, non-default networks for a pod. Secondary networks offer separate interfaces dedicated to specific traffic types or purposes. Only pod traffic that you explicitly configure to use a secondary network routes through its interface.
The following diagram shows a cluster that has an existing default network infrastructure that uses a physical network interface, eth0, to connect to two namespaces. Pods or virtual machines (VMs) in one namespace run in isolation from pods or VMs in the other namespace. You can create only one primary network. However, you can create multiple secondary networks for each namespace.
Figure 1.1. Diagram showing namespaces with multiple secondary UDNs
During cluster installation, OpenShift Container Platform administrators can configure alternative default secondary pod networks by leveraging the Multus CNI plugin. With Multus, you can use multiple CNI plugins such as ipvlan, macvlan, or Network Attachment Definitions together to serve as secondary networks for pods.
User-defined networks are only supported when OVN-Kubernetes is used as the CNI. UDNs are not supported for use with other CNIs.
You can define an secondary network based on the available CNI plugins and attach one or more of these networks to your pods. You can define more than one secondary network for your cluster depending on your needs. This gives you flexibility when you configure pods that deliver network functionality, such as switching or routing. For more information, see the the links in the Additional resources:
- For a complete list of supported CNI plugins, see "Secondary networks in OpenShift Container Platform".
- For information about user-defined networks, see "About user-defined networks (UDNs)".
- For information about Network Attachment Definitions, "Creating primary networks by using a NetworkAttachmentDefinition".
1.2. UserDefinedNetwork and NetworkAttachmentDefinition support matrix
You can use user defined networks and network attachment definitions to define and configure customized networks for your needs.
By creating UserDefinedNetwork and NetworkAttachmentDefinition custom resources (CRs), cluster administrators can complete the following tasks:
- Create customizable network configurations
- Define their own network topologies
- Ensure network isolation
- Manage IP addressing for workloads
- Configure advanced network features
By creating a ClusterUserDefinedNetwork CR, administrators can create and define secondary networks that span multiple namespaces at the cluster level.
User-defined networks and network attachment definitions can serve as both the primary and secondary network interface, and each support layer2 and layer3 topologies.
As of OpenShift Container Platform 4.19, the use of the Localnet topology by ClusterUserDefinedNetwork CRs is generally available. This configuration is the preferred method for connecting physical networks to virtual networks. Or, you can use the NetworkAttachmentDefinition CR to create secondary networks with Localnet topologies.
The following section highlights the supported features of the UserDefinedNetwork and NetworkAttachmentDefinition CRs when used as either the primary or secondary network. A separate table for the ClusterUserDefinedNetwork CR is also included.
| Network feature | Layer2 topology | Layer3 topology |
|---|---|---|
| east-west traffic | ✓ | ✓ |
| north-south traffic | ✓ | ✓ |
| Persistent IPs | ✓ | X |
| Services | ✓ | ✓ |
| Routes | X | X |
|
| ✓ | ✓ |
| Multicast | X | ✓ |
|
| ✓ | ✓ |
|
| X | X |
where:
- Multicast
- Must be enabled in the namespace, and it is only available between OVN-Kubernetes network pods. For more information, see "About multicast".
NetworkPolicyresource-
When creating a
ClusterUserDefinedNetworkCR with a primary network type, network policies must be created after theUserDefinedNetworkCR.
| Network feature | Layer2 topology | Layer3 topology | Localnet topology |
|---|---|---|---|
| east-west traffic | ✓ | ✓ |
✓ ( |
| north-south traffic | X | X |
✓ ( |
| Persistent IPs | ✓ | X |
✓ ( |
| Services | X | X | X |
| Routes | X | X | X |
|
| X | X | X |
| Multicast | X | X | X |
|
| X | X | X |
|
| ✓ | ✓ |
✓ ( |
The Localnet topology is unavailable for use with the UserDefinedNetwork CR. It is only supported on secondary networks for NetworkAttachmentDefinition CRs.
| Network feature | Layer2 topology | Layer3 topology | Localnet topology |
|---|---|---|---|
| east-west traffic | ✓ | ✓ | ✓ |
| north-south traffic | ✓ | ✓ | ✓ |
| Persistent IPs | ✓ | X | ✓ |
| Services | ✓ | ✓ | |
| Routes | X | X | |
|
| ✓ | ✓ | |
| Multicast | X | ✓ | |
|
| X | X | ✓ |
|
| ✓ | ✓ |
where:
- Multicast
- must be enabled in the namespace, and it is only available between OVN-Kubernetes network pods. For more information, see "About multicast".
NetworkPolicyresource-
When creating a
ClusterUserDefinedNetworkCR with a primary network type, network policies must be created after theUserDefinedNetworkCR.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}