When using VPC Prefix delegation for already existing EKS cluster, we need to make sure that the VPC subnets are not fragmented so that the VPC CNI is able to efficiently utilize all of the /28 contiguous blocks of IPs from the subnets to assign IP addresses for pods. Having largely fragmented subnets will lead to many of the IP addresses (non contiguous) being under utilized in the subnet leading to IP exhaustion.
As of today, eksdemo get subnets command shows the amount of available IP addresses in the subnet. Having the information about number of contiguous blocks of IP addresses available in the subnets is going to help the EKS users in deciding if prefix-delegation is a viable option or not.
My proposal is to add a flag --show-prefix-count to the eksdemo get subnets command to show the amount of available/assigned /28 prefixes in the subnets.
To do this, we can prepare the list of /28 prefixes based on CIDR range, get the IP addresses and prefixes (if any) already assigned in the subnet and remove them from the initial list, and the remaining would be available prefixes.
Note: This will also help in troubleshooting issues that might arise when the VPC CNI is unable to get a contiguous /28 Prefix for allocation (Client.InsufficientCidrBlocks) even when there are free IP addresses available in the subnets.
veekaly
commented
1 year ago
When using VPC Prefix delegation for already existing EKS cluster, we need to make sure that the VPC subnets are not fragmented so that the VPC CNI is able to efficiently utilize all of the /28 contiguous blocks of IPs from the subnets to assign IP addresses for pods. Having largely fragmented subnets will lead to many of the IP addresses (non contiguous) being under utilized in the subnet leading to IP exhaustion.
As of today,
eksdemo get subnetscommand shows the amount of available IP addresses in the subnet. Having the information about number of contiguous blocks of IP addresses available in the subnets is going to help the EKS users in deciding if prefix-delegation is a viable option or not.My proposal is to add a flag
--show-prefix-countto theeksdemo get subnetscommand to show the amount of available/assigned /28 prefixes in the subnets.Proposed Usage:
To do this, we can prepare the list of /28 prefixes based on CIDR range, get the IP addresses and prefixes (if any) already assigned in the subnet and remove them from the initial list, and the remaining would be available prefixes.
Note: This will also help in troubleshooting issues that might arise when the VPC CNI is unable to get a contiguous
/28Prefix for allocation (Client.InsufficientCidrBlocks) even when there are free IP addresses available in the subnets.