search

confidential-containers / cloud-api-adaptor

Ability to create Kata pods using cloud provider APIs aka the peer-pods approach
Apache License 2.0
44 stars 73 forks source link

Add IPIP tunnel mode #74

Open yoheiueda opened 2 years ago

yoheiueda commented 2 years ago

Currently, the following two tunneling options are available.

Protocol Max MTU
VXLAN 1450
Routing 1500

The VxLAN option is easy to configure, and doesn't require a secondary dedicated subnet. A limitation of the VXLAN option is MTU size.

Calico, a widely used CNI plugin, has following three options for inter-node communication.

Protocol Max MTU
VXLAN 1450
IPIP 1480
None 1500

The None option has no limitation regarding MTU size, but requires access to infrastructure routers for cross-subnet communication. Due to this reason, the IPIP option is widely used, and its max MTU size 1480.

When we combine Calico IPIP with the cloud-api-adaptor VXLAN tunnel, the MTU size becomes 1450, which is 30 bytes smaller than that without peer pods. (https://github.com/confidential-containers/cloud-api-adaptor/issues/67)

To improve the performance and compatibility, we also need to implement the IPIP tunnel option in cloud-api-adaptor.

ariel-adam commented 1 year ago

@yoheiueda is this issue still relevant or can be closed? If it's still relevant to what release do you think we should map it to (mid-November, end-December, mid-February etc...)?