[BPF] fix VLAN not supported docs #1742
Conversation
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview succeeded!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
| @@ -74,7 +74,7 @@ To enable IPv6 in eBPF mode, see [Configure dual stack or IPv6 only](../../netwo | |||
| - Floating IPs. | |||
| - SCTP (either for policy or services). This is due to lack of kernel support for the SCTP checksum in BPF. | |||
| - `Log` action in policy rules. This is because the `Log` action maps to the iptables `LOG` action and BPF programs cannot access that log. | |||
| - VLAN-based traffic. | |||
| - VLAN-based traffic - it is OK to use a VLAN device as a device that connects a node to the cluster, modify `bpfDataIfacePattern` accordingly. However any VLAN packets on the "main - non-vlan" device would be dropped if the main interfaces is included in `bpfDataIfacePattern`. Include `bond0.1010` and exclude `bond0`. | |||
There was a problem hiding this comment.
[1] Seems this changes it to a limitation, no? eBPF supports VLAN-based traffic, but only in the following circumstances: etc.
[2] How does this relate to a no-support statement we have elsewhere for "Tagged VLAN devices"? (see here)
[3] I don't understand the details in this addition. Best I can figure, you can't generally use VLAN, but if you configure it right (with bpfDataIfacePattern) you can have a particular node connect to the cluster with a VLAN device. I don't get the bit about main non-vlan or the bond stuff. Are those workarounds?
There was a problem hiding this comment.
[1] - idk if it is just a limitation or whether that is how you always need to set it up
[2] it is the same change for other places, but but I want to hash out a version first
[3] yes you need to configure it, wan't work out of the box. I think that is the limitation, but @sridhartigera is working on it. The bond stuff is not a workaround, that is how it should work.https://docs.google.com/document/d/1RNHRR39TNl0LXYt5tad14lI72ZFl3g5mDzmhQ3Qe6CM/edit?usp=sharing
Product Version(s):
Issue:
fixes projectcalico/calico#9401
Link to docs preview:
SME review:
DOCS review:
Additional information:
Merge checklist: