Bug 1346466 - Make the SDN able to handle multiple networks
Summary: Make the SDN able to handle multiple networks
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.2.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.1.0
Assignee: Ben Bennett
QA Contact: Johnny Liu
URL:
Whiteboard:
: 1353193 (view as bug list)
Depends On:
Blocks: 1553555
TreeView+ depends on / blocked
 
Reported: 2016-06-14 21:52 UTC by Steven Walter
Modified: 2023-09-07 18:45 UTC (History)
27 users (show)

Fixed In Version: 4.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-20 00:25:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3356721 0 None None None 2018-03-31 07:38:45 UTC

Description Steven Walter 2016-06-14 21:52:53 UTC 
1. Proposed title of this feature request  
           Multiple networks in the SDN

    3. What is the nature and description of the request?  
      The customer wants to have multiples NICs in OSE nodes, to choose which is the default NIC for each pod. This allows, for instance, Dev and Pre pods running in the same node, and chose the external network/NIC for each pod. Thus isolated environment versions on same nodes.

    4. Why does the customer need this? (List the business requirements here)  
      Allowing isolation of services, but being able to combine on the same node, which allows flexibility within the same cluster.

    5. How would the customer like to achieve this? (List the functional requirements here)
      Ability to choose a network interface or separate network for a given pod.

    6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
      Should be able to run multiple pods on one node selecting different network interfaces (to allow dev and pre pods to run isolated but on the same node)
      
    7. Is there already an existing RFE upstream or in Red Hat Bugzilla?  
      No, Trello card exists https://trello.com/c/naz15EgJ/
   
    11. Would the customer be able to assist in testing this functionality if implemented?  
   Possibly
Comment 2 Dan McPherson 2016-07-07 13:54:46 UTC 
*** Bug 1353193 has been marked as a duplicate of this bug. ***
Comment 3 Ben Bennett 2016-07-19 17:57:47 UTC 
Primary Trello card: https://trello.com/c/3QQuXExk
Comment 4 Miheer Salunke 2016-08-03 10:14:21 UTC 
1. Proposed title of this feature request  
Support for Multiple interfaces for Docker Container/Pod in Openshift Enterprise

3. What is the nature and description of the request?  

To create more than one network interface for a docker container or pod on Openshift Enterprise?
We have two ethernet interfaces (eth0, eth1) on one host server which are connected to two different networks. The idea is to connect both networks to the docker containers.
Does docker daemon or pod currently support connecting multiple network interfaces on a single host? The networking stack can be on flanneld or OpenvSwitch or docker libnetwork. AFAIK, docker libnetwork is not supported for kubernetes. So if there is a solution in flanneld or Openvswitch then it is fine with me.

Couple of issues in Docker Libnetwork and Flanneld Github repositories. Both are still open.
Added here for your reference:
https://github.com/docker/libnetwork/issues/758
https://github.com/coreos/flannel/issues/392

By default every pod has one network interface which can be connected to a network. Our need is to connect more than one interface to the same pod/container. The networking driver can be flanneld or openvswitch. This is for Openshift Enterprise 3.2.


Couldn't find any documentation about multiple ethernet interfaces for a pod or container. 
Not sure if that functionality is already supported or not.
This is for Openshift Enterprise 3.2.


We have a need to connect more than one network to a single pod or container. Couldn't find any documentation on how to do it for Openshift Enterprise.


We are using overlay networks in our setup. For the current Openshift setup we used Openvswitch plugins. We are open to use other networking plugins (ex. flannel) on top of overlay network if it supports our requirement. As already stated, we need to connect two different ethernet interfaces on a server to the same docker container so that the container is connected two different networks.

Attached two example configurations using Flannel and Docker libnetwork.
Comment 7 Ben Bennett 2016-11-16 12:48:39 UTC 
Trello card https://trello.com/c/6kqkxw2X
Comment 15 Jason Shepherd 2018-03-14 05:29:18 UTC 
Implementing this feature is probably the best way to fix https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1069
Comment 16 Fabian Deutsch 2018-03-14 22:32:40 UTC 
What about NetworkPolicies - couldn't they also help to mitigate this problem?
Comment 17 Jason Shepherd 2018-03-20 22:44:35 UTC 
While I agree NetworkPolicies could help prevent traffic to a Openshift services, it does not help in identifying network traffic per pod that's reaching an external service, such as a network storage device, so that that traffic can be blocked.
Comment 18 Ben Bennett 2018-04-26 19:54:32 UTC 
What about the namespace-wide egress IP?
  https://trello.com/c/hwivBoNF

A fully-automatic version will be available when https://trello.com/c/hwivBoNF lands.  Then you could give a range of IPs to be allocated to projects and then you can identify what project traffic comes from, or use a firewall rule to limit the subnet given to projects.
Comment 21 Edu Alcaniz 2018-11-15 06:03:21 UTC 
Hi, can we have any update on how we are going to proceed further with this RFE/BZ?
Comment 25 Marc Curry 2019-04-16 20:12:26 UTC 
With OpenShift 4.1 we add a new capability for multiple pod network interfaces using Multus as the enabling technology.
Note You need to log in before you can comment on or make changes to this bug.