Source-Based Routing PluginΒΆ

The SBR plugin enables source based routing on an interface. It must be used as a chained plugin in conjunction with another interface-creating plugin.

The following options are used to configure the plugin:

name (string, optional)

The name of the network.

type (string, required)

sbr

Example

The following example creates a pod with an additional bridge interface which has SBR enabled. There is also a demonstration pod without SBR enabled and an iperf server pod. Note the chained nature of the plugins.

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: sbrnet1
spec:
  config: '{
      "cniVersion": "0.3.1",
      "name": "sbrnet",
      "plugins": [
          {
              "type": "bridge",
              "bridge": "mybr0",
              "ipam": {
                  "type": "static",
                  "addresses" : [
                      {
                          "address": "10.10.10.98/24",
                          "gateway": "10.10.10.254"
                      }
                  ]
              }
          },
          {
              "name": "brsbr",
              "type": "sbr"
          }
      ]

    }'
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: nosbrnet1
spec:
  config: '{
      "cniVersion": "0.3.1",
      "type": "bridge",
      "bridge": "mybr0",
      "ipam": {
          "type": "static",
          "addresses" : [
              {
                  "address": "10.10.10.99/24",
                  "gateway": "10.10.10.254"
              }
          ]
      }
    }'
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: iperfservernet0
spec:
  config: '{
      "cniVersion": "0.3.1",
      "type": "bridge",
      "bridge": "mybr0",
      "ipam": {
          "type": "static",
          "addresses" : [
              {
                  "address": "10.10.10.254/24"
              }
          ]
      }
    }'
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: iperfservernet1
spec:
  config: '{
      "cniVersion": "0.3.1",
      "type": "bridge",
      "bridge": "mybr1",
      "ipam": {
          "type": "static",
          "addresses" : [
              {
                  "address": "20.20.20.254/24"
              }
          ]
      }
    }'
---
apiVersion: v1
kind: Pod
metadata:
  name: sbrpod1
  annotations:
    k8s.v1.cni.cncf.io/networks: '[
            { "name": "sbrnet1" }
    ]'
spec:
  containers:
  - name: sbr1
    image: praqma/network-multitool:extra
    imagePullPolicy: IfNotPresent
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "while true; do sleep 300000; done;" ]
---
apiVersion: v1
kind: Pod
metadata:
  name: nosbrpod1
  annotations:
    k8s.v1.cni.cncf.io/networks: '[
            { "name": "nosbrnet1" }
    ]'
spec:
  containers:
  - name: sbr2
    image: praqma/network-multitool:extra
    imagePullPolicy: IfNotPresent
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "while true; do sleep 300000; done;" ]
---
apiVersion: v1
kind: Pod
metadata:
  name: iperfserverpod1
  annotations:
    k8s.v1.cni.cncf.io/networks: '[
            { "name": "iperfservernet0" },
            { "name": "iperfservernet1" }
    ]'
spec:
  containers:
  - name: iperfserver1
    image: praqma/network-multitool:extra
    imagePullPolicy: IfNotPresent
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "while true; do sleep 300000; done;" ]

Note

The default table number will be 100. One can see the result of the SBR plugin below. For an application to use source-based routing, it would bind its socket to the source address, causing the routes in the corresponding table to be used (rather than the default routes).

Related commands

  • Show the default routing table.

    kubectl exec -it sbrpod1 -- ip route show
       default via 169.254.1.1 dev eth0
       169.254.1.1 dev eth0 scope link
    
  • Show the table created by SBR.

    kubectl exec -it sbrpod1 -- ip rule list
    
       0:      from all lookup local
       32765:  from 10.10.10.98 lookup 100  <----------
       32766:  from all lookup main
       32767:  from all lookup default
    
  • Show the contents of table 100.

    kubectl exec -it sbrpod1 -- ip route show table 100
    
       default via 10.10.10.254 dev net1
       10.10.10.0/24 dev net1 proto kernel scope link src 10.10.10.98
    
  • Start the iperf server.

    kubectl exec -it iperfserverpod1 -- iperf3 -s -B 20.20.20.254
    
  • Example of failure to connect from a pod without source based routing.

    kubectl exec -it nosbrpod1 -- iperf3 -c 20.20.20.254 -B 10.10.10.99 -k 1
    
  • Example of failure to connect without binding to the source address.

    kubectl exec -it sbrpod1 -- iperf3 -c 20.20.20.254 -k 1
    
  • Example of connection success for application binding to the source address.

    kubectl exec -it sbrpod1 -- iperf3 -c 20.20.20.254 -B 10.10.10.98 -k 1