Deploying the Bond-CNI Plugin
The Bond-CNI plugin needs to be integrated with other multi-NIC and passthrough plugins to bond virtual NICs in Pods. Unlike the SR-IOV-CNI network plugin, PF is used in the configMap of the SR-IOV device to distinguish network devices. Below is the configuration for bond4 mode.
- Configure VF passthrough for the two NICs on the physical machine.
Configure VF passthrough for a NIC in the sriov-crd-01.yaml file.
apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: sriov-net1 annotations: k8s.v1.cni.cncf.io/resourceName: huawei.com/huawei_1822_netdevice_01 spec: config: '{ "type": "sriov", "cniVersion": "0.3.1", "name": "sriov-network", "spoofchk":"off" }'Configure VF passthrough for the other NIC in the sriov-crd-02.yaml file.
apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: sriov-net2 annotations: k8s.v1.cni.cncf.io/resourceName: huawei.com/huawei_1822_netdevice_02 spec: config: '{ "type": "sriov", "cniVersion": "0.3.1", "name": "sriov-network", "spoofchk":"off" }'Deploy the two files in the cluster.
kubectl apply -f sriov-crd-01.yaml kubectl apply -f sriov-crd-02.yaml
- Configure the bond network interface and create the sriov-crd-bond.yaml file for configuration.
mode specifies the bonding mode in the configuration file. The common modes are as follows:
- balance-rr (mode=0)
- active-backup (mode=1)
- balance-xor (mode=2)
- broadcast (mode=3)
- 802.3ad (mode=4)
- balance-tlb (mode=5)
- balance-alb (mode=6)
Only modes 0, 1, and 2 are recommended. Mode 4 is not recommended because its protocol constraints hinder concurrent usage by multiple containers on a single cluster node. Below is a deployment example:
apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: bond-net1 spec: config: '{ "type": "bond", "cniVersion": "0.3.1", "name": "bond-net1", "mode": "balance-xor", "failOverMac": 1, "linksInContainer": true, "miimon": "100", "mtu": 1500, "links": [ {"name": "net1"}, {"name": "net2"} ], "ipam": { "type": "host-local", "subnet": "10.56.217.0/24", "routes": [{ "dst": "0.0.0.0/0" }], "gateway": "10.56.217.1" } }'Deploy the file in the cluster.
kubectl apply -f sriov-crd-bond.yaml
Note:
- The failOverMac attribute of the active-backup mode is mandatory and must be set to 1.
- linksInContainer=true instructs Bond-CNI to find the required interface in a container. By default, the value true is used in a container.
- links defines the interfaces that will be used for bonding. By default, Multus names the additional interface "net" with a consecutive number.
- For the balance-rr or balance-xor mode, you must set trust to on for SR-IOV VFs.Method 1: Add "trust": on to the sriov-crd-01.yaml and sriov-crd-02.yaml configuration files.
apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: sriov-net2 annotations: k8s.v1.cni.cncf.io/resourceName: huawei.com/huawei_1822_netdevice_02 spec: config: '{ "type": "sriov", "cniVersion": "0.3.1", "name": "sriov-network", "spoofchk":"off", "trust": "on" }'Method 2: Use ip link to directly enable trust.
ip link set dev <PF interface name> vf <VF ID> 0 trust on
After the setting, you can check whether trust on is displayed using ip link show <PF interface name>, as shown below:
7: enp65s0f1np1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 20:fa:db:e2:84:ed brd ff:ff:ff:ff:ff:ff vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state auto, trust on, query_rss off vf 1 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state auto, trust off, query_rss off vf 2 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state auto, trust off, query_rss off vf 3 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state auto, trust off, query_rss off vf 4 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking off, link-state auto, trust off, query_rss off