tomastigera
commented
2 weeks ago The documentation means that we cannot have calico attached to a device that sees VLAN traffic. The code does not support it. Such traffic would be dropped as corrupted packets.
It is ok, to have your nodes connected to the network via a vlan device and configure calico using bpfDataIfacePattern to exclude the main device and include the vlan device from its control. Say you exclude bond0 but you include bond0.1010 from that pattern.
We are working on automating that process.
According to Calico eBPF documentation "VLAN-based traffic not supported". I need clarification: does this mean that if a Calico node is connected to a physical network via a sub-interface, the eBPF mode will not be activated? Is this true for both overlay and non-overlay modes? What is the limitation of the lack of vlan support? Which specific Calico component does not support vlan? I quickly looked through the source code, but didn't find any restrictions.