Skip to content

Flannel host-gw backend

Flannel host-gw is a backend implementation for the Flannel network plugin that optimizes container networking performance by utilizing the host machine as the gateway.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

Mechanism

When Flannel is configured in host-gw mode, the flanneld process creates specific routing rules on the host.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] It identifies the Flannel subnet (e.g., 10.244.1.0/24) assigned to a node and configures the host's IP address as the "next hop" for that subnet.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

For example, on Node 1, a route is added similar to: 10.244.1.0/24 via 10.168.0.3 dev eth0

When a container on Node 1 sends a packet to a container on Node 2: 1. The packet matches the routing rule and is directed to the host's network interface (e.g., eth0).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] 2. The host uses the MAC address of the destination host (Node 2) for layer-two framing.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] 3. The packet travels across the physical network to Node 2, which routes it to the target container via its bridge (e.g., cni0).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

Performance

The primary advantage of the host-gw backend is performance.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] Because it relies on static routing entries rather than packet encapsulation, it avoids the CPU overhead associated with encapsulating and decapsulating packets in user-space.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

  • Host-gw performance loss: ~10%^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]
  • VXLAN-based solutions: 20%~30%^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md]

Requirements

Flannel host-gw mode requires that all cluster nodes are connected at Layer 2 (L2).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md] The packets are routed directly using the destination host's MAC address, which is only possible if the hosts reside on the same physical network segment.

  • [[Flannel]]
  • [[VXLAN]]
  • [[Kubernetes networking]]

Sources

  • 400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes_yaml文件.md