Red Hat Summit8.2. Multi network plug-in (Multus) support
OpenShift Data Foundation supports the ability to use multi-network plug-in Multus on bare metal infrastructures to improve security and performance by isolating the different types of network traffic. By using Multus, one or more network interfaces on hosts can be reserved for exclusive use of OpenShift Data Foundation.
To use Multus, first run the Multus prerequisite validation tool. For instructions to use the tool, see OpenShift Data Foundation - Multus prerequisite validation tool. For more information about Multus networks, see Multiple networks
8.2.1. Segregating storage traffic using Multus
By default, Red Hat OpenShift Data Foundation is configured to use the Red Hat OpenShift Software Defined Network (SDN). The default SDN carries the following types of traffic:
- Pod-to-pod traffic
- Pod-to-storage traffic, known as public network traffic when the storage is OpenShift Data Foundation
- OpenShift Data Foundation internal replication and rebalancing traffic, known as cluster network traffic
There are three ways to segregate OpenShift Data Foundation from OpenShift default network:
Reserve a network interface on the host for the public network of OpenShift Data Foundation
- Pod-to-storage and internal storage replication traffic coexist on a network that is isolated from pod-to-pod network traffic.
- Application pods have access to the maximum public network storage bandwidth when the OpenShift Data Foundation cluster is healthy.
- When the OpenShift Data Foundation cluster is recovering from failure, the application pods will have reduced bandwidth due to ongoing replication and rebalancing traffic.
Reserve a network interface on the host for OpenShift Data Foundation’s cluster network
- Pod-to-pod and pod-to-storage traffic both continue to use OpenShift’s default network.
- Pod-to-storage bandwidth is less affected by the health of the OpenShift Data Foundation cluster.
- Pod-to-pod and pod-to-storage OpenShift Data Foundation traffic might contend for network bandwidth in busy OpenShift clusters.
- The storage internal network often has an overabundance of bandwidth that is unused, reserved for use during failures.
Reserve two network interfaces on the host for OpenShift Data Foundation: one for the public network and one for the cluster network
- Pod-to-pod, pod-to-storage, and storage internal traffic are all isolated, and none of the traffic types will contend for resources.
- Service level agreements for all traffic types are more able to be ensured.
- During healthy runtime, more network bandwidth is reserved but unused across all three networks.
Dual network interface segregated configuration schematic example:
Triple network interface full segregated configuration schematic example:
8.2.2. When to use Multus
Use Multus for OpenShift Data Foundation when you need the following:
Improved latency - Multus with ODF always improves latency. Use host interfaces at near-host network speeds and bypass OpenShift’s software-defined Pod network. You can also perform Linux per interface level tuning for each interface.
Improved bandwidth - Dedicated interfaces for OpenShift Data Foundation client data traffic and internal data traffic. These dedicated interfaces reserve full bandwidth.
Improved security - Multus isolates storage network traffic from application network traffic for added security. Bandwidth or performance might not be isolated when networks share an interface, however, you can use QoS or traffic shaping to prioritize bandwidth on shared interfaces.
8.2.3. Multus configuration
To use Multus, you must create network attachment definitions (NADs) before deploying the OpenShift Data Foundation cluster, which is later attached to the cluster. For more information, see Creating network attachment definitions.
To attach additional network interfaces to a pod, you must create configurations that define how the interfaces are attached. You specify each interface by using a NetworkAttachmentDefinition custom resource (CR). A Container Network Interface (CNI) configuration inside each of these CRs defines how that interface is created.
OpenShift Data Foundation supports two types of drivers. The following tables describes the drivers and their features:
|
|
|
| Each connection gets a sub-interface of the parent interface with its own MAC address and is isolated from the host network. | Each connection gets its own IP address and shares the same MAC address. |
|
Uses less CPU and provides better throughput than Linux bridge or |
|
| Almost always require bridge mode. |
|
| Near-host performance when network interface card (NIC) supports virtual ports/virtual local area networks (VLANs) in hardware. |
If NIC does not support VLANs in hardware, performance might be better than |
OpenShift Data Foundation supports the following two types IP address management:
|
| DHCP |
|
Uses OpenShift/Kubernetes |
Does not require |
| Does not require a DHCP server to provide IPs for Pods. | Network DHCP server can give out the same range to Multus Pods as well as any other hosts on the same network. |
If there is a DHCP server, ensure Multus configured IPAM does not give out the same range so that multiple MAC addresses on the network cannot have the same IP.
8.2.4. Requirements for Multus configuration
Prerequisites
- The interface used for the public network must have the same interface name on each OpenShift storage and worker node, and the interfaces must all be connected to the same underlying network.
- The interface used for the cluster network must have the same interface name on each OpenShift storage node, and the interfaces must all be connected to the same underlying network. Cluster network interfaces do not have to be present on the OpenShift worker nodes.
- Each network interface used for the public or cluster network must be capable of at least 10 gigabit network speeds.
- Each network requires a separate virtual local area network (VLAN) or subnet.
See Creating Multus networks for the necessary steps to configure a Multus based configuration on bare metal.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}