Compare to p2p CNI plugin? #5
Comments
|
Here are few differences:
|
|
Thanks!
Is the ENI assignment because that is how things like Security Groups are
managed (via ENIs) ? Or is there some other reason to have multiple ENIs?
I'm surprised there's an ARP involved with sufficient static routes. Will
have to check that.
Why is L-IPAM not a normal CNI IPAM driver?
…On Wed, Nov 29, 2017 at 11:47 AM, liwenwu-amazon ***@***.***> wrote:
Here are few differences:
- on host side, it uses policy routing to route pod's outgoing
traffic. For example, if pod-1 gets an IP address from Elastic Network
Interface 2, pod-1 outgoing traffic will get routed out through Elastic
Network Interface 2.
- on NS side, the plugin plumbs an static ARP entry to avoid
unnecessary ARPing
- the repo also includes L-IPAM, which is a long running node-Local IP
Address Management (IPAM) daemon. L-IPAM manages a warm-pool of VPC IP
addresses and Pod IP address assignment. The details can be found in
https://github.com/aws/amazon-vpc-cni-k8s/blob/master/
proposals/cni-proposal.md
<https://github.com/aws/amazon-vpc-cni-k8s/blob/master/proposals/cni-proposal.md>
- lastly, this cni plugin communicates with L-IPAM through gRPC for
Pod IP address assignment
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFVgVLhf6FwDAPw9lxC8ZKPmv118awpbks5s7bTpgaJpZM4QvW2n>
.
|
|
Yes, user can associate security groups and subnet to an ENI and use them to enforce security polices and routing polices. The main purpose of current release is to increase number of VPC IP addresses which can be assigned to Pods running on the instance. Please see IP Address Per Network Interface Per Instance Type. L-IPAM, which is a long-running daemon, is responsible for allocating ENIs and ENI's secondary IPv4 addresses and maintaining a warm-pool of these IPv4 addresses. |
|
Closing it for now. If you think this is still an issue, please re-open it. |
cgchinmay
pushed a commit
to cgchinmay/amazon-vpc-cni-k8s
that referenced
this issue
Dec 9, 2021
# This is the 1st commit message: Add VlanId in the cmdAdd Result struct This VlanId will appear in the prevResult during cmdDel request Test prevResult contents CleanUp Pod Network using vlanId from prevResult in CNI itself No need to call ipamd Log formatting changes Added hostNetworking Setup test for pods using security groups revoke unnecessary test agent image changes Revoke unnecessary changes remove focussed test set replica count to total number of branch interface Fix replica count # This is the commit message aws#2: Updated cleanUpPodENI method # This is the commit message aws#3: Skip processing Delete request if prevResult is nil Add Logging vlanId to ipamd # This is the commit message aws#4: Add support to test with containerd nodegroup in pod-eni test # This is the commit message aws#5: Add check for empty Netns() in cni # This is the commit message aws#6: Manifests and Readme updates (aws#1732) * Manifests and Readme updates * update manifest.jsonnet # This is the commit message aws#7: Readme updates (aws#1735) # This is the commit message aws#8: Updates to troubleshooting doc (aws#1737) * Updates to troubleshooting doc * updates to troubleshooting doc # This is the commit message aws#9: imdsv2 changes (aws#1743) # This is the commit message aws#10: fix flaky canary test (aws#1742) # This is the commit message aws#11: add CODEOWNERS (aws#1747)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This seems pretty much identical to the point-to-point CNI driver. https://github.com/containernetworking/plugins/tree/master/plugins/main/ptp
Can someone explain how it is different?
The text was updated successfully, but these errors were encountered: