Hey Guys, I’ve a problem where I’m trying to embed...
# generaln
NIKHIL SRIVASTAVA (B16CS020)
06/09/2023, 5:18 PMHey Guys, I’ve a problem where I’m trying to embed some custom tenant -specific information to network packets which are flowing in an overlay network (VXLAN) while using Cilium CNI in the K8s cluster. I’m new to the networking area and might use some expert advice 🙂
Has anyone embedded some custom information in network packets in an overlay network at L2 layer before?
TIA!
NIKHIL SRIVASTAVA (B16CS020)
06/09/2023, 5:19 PMAlso, please excuse me if this isn’t the right forum for this problem! I’m working on a Multi Tenant Network Isolation Problem.
g
Gwen Shapira
06/09/2023, 7:12 PMIt is absolutely the right forum, but it doesn't mean that anyone knows the answer 🙂
It is pretty specific and probably requires a Cilium expert...
❤️ 1
Gwen Shapira
06/09/2023, 7:13 PMLet me try something:
@Bill Tarr AFAIK, AWS has a relationship with Isovalent (the Cilium company).
Any chance there is an expert on multi-tenancy and Cilium in your network? Maybe someone talked about this on your Twitch? 🙂
n
NIKHIL SRIVASTAVA (B16CS020)
06/09/2023, 9:15 PMThankyou @Gwen Shapira!
I’ve actually messed around on cilium slack with this problem but didn’t find anyone who had done this before.
Cilium uses eBPF to encode such information in the VXLAN packets (and for many other things) but no one on cilium slack channel has tried to mess around with that part of the code which creates the VXLAN packets 😂
Hence I took a random stab here out of engineering curiosity :p
g
Gwen Shapira
06/09/2023, 9:37 PM@NIKHIL SRIVASTAVA (B16CS020) Confluent networking team has amazing experts. @Dan LaMotte if he's still around...
If you guys discover the solution internally, I'd really appreciate if you can circle back and share it with the community. It is a challenging and important question.
n
NIKHIL SRIVASTAVA (B16CS020)
06/09/2023, 9:40 PMSounds good. I’m already working with him 🙂
g
Gwen Shapira
06/09/2023, 9:40 PMLOL. Tell him that I said he's amazing then 🙂
n
NIKHIL SRIVASTAVA (B16CS020)
06/09/2023, 9:40 PM✅ ✅ ✅ 🙌🏼
b
Bill Tarr
06/09/2023, 9:44 PMHi @NIKHIL SRIVASTAVA (B16CS020) would be happy to chat and see if I can find an answer for you. I think my team has more calico experience, but always willing to learn a new trick too
n
NIKHIL SRIVASTAVA (B16CS020)
06/10/2023, 10:19 PMHi @Bill Tarr - thanks a lot for your response! Is my use case clear from what I have described on this thread?
b
Bill Tarr
06/12/2023, 8:08 PMIn general, I THINK I understand the what here. Putting some tenant info into packets passed over VXLAN, so Layer 2. Definitely not my area, but I'm asking in a couple places.
Bill Tarr
06/12/2023, 8:10 PMNot sure I understand the why of it yet, but not sure if you can share here. I'd guessing you are trying to create tenant isolation in UDP traffic? Just trying to understand if there is anything else we could delve into by way of ideation on what you are trying to achieve....
n
NIKHIL SRIVASTAVA (B16CS020)
06/15/2023, 3:02 PMYeah, I want to make sure that tunnels are created in a way that we have isolation baked into L2.
If we look at how VXLAN works, it typically has VXLAN Tunnel Endpoints (acting as switches) at the 2 ends of the tunnel.
I wanna make sure that a specific end sends packet to a very specific another end, instead of multicasting you all other end points.
It’s not a typical case that we run into usually 🥲