I enjoyed this video and got a lot out of it, thanks! I really liked the way you leveraged tmux in the terminal as part of your CLI demonstration too. Looking forward to implementing Calico direct routing in my home test cluster.
Great video explaining the internal of calico overlay modes.While output of calicoctl node status, show state as start and info as passive. What does that mean? What would be the possible route cause?
Incredible lesson. One thing I missed was the reasoning for using VXLAN instead of IPIP or mixed IPIP? What do you gain/lose by doing L2 encap rather than L3?
I'm still learning as well so take this with a grain of salt but some CNI implementations use the Linux l2 bridge and others (Like Calico) turns the node into an L3 router so you'd need to support both layers.
very nice detailed explanation also on the post, Thank you ! I am having one issue in the lab. after changing to - ipipMode: Never, when I ping from pod-1 in host 1 to pod-2 in host 2 (both hosts in same subnet), the source IP address is seen as IP address of host 1 interface instead of pod-1 IP address. Any advice on this ?
resolved checked the NAT table on the node using - "sudo iptables -t nat -L" and found "MASQUERADE all -- 172.17.0.0/16 anywhere" The command "firewall-cmd --add-masquerade --permanent" was issued during the k8s node setup I now issued the command to disable masquerade - sudo firewall-cmd --remove-masquerade pop to pod traffic between different hosts now uses pod IP.
Ty, very usefull video, now I have k8s 1.24 and how and where I can set Direct mode, because seems to me I have only two option ipip and vxlan, If somebody now give link)) ty
Felix basically is an agent between BGP daemon and Linux kernel. BGP learn routes =route info base(RIB) Linux kernel forwarding table=FIB packets move cross nic card using FIB. RIB is a reference for how to build routing table. But without inserting to kernel Fib is not there. So net not working. Even you got BGP table information. Other implementation like quagga. Frrouting basic same logic. BGPd+zebra(logically = Felix) Gobgp+goplane For hardware perspective like Cisco Rib=show ip route. Show BGP ipv4 unicast...etc Fib=show ip cef Cef is Cisco version fib for they hardware. So final Networking guy think RIB is controlplane. Hardware box. Sup engine FIB is dataplane hardware box line card Yeah....
And....a little bit...word from network guy perspective. Outer is underlay Inner is overlay... Encap thing like GRE tunnel IPSec tunnel MPLS VPN Vxlan tunnel Whatever...it’s all the same theory... Yeahhhhhh.
Best vedio about calico i have ever seen, solved many confusions of my understanding about calico.
This is one of the best videos I have ever watched!
the best video about calico routing
Learned alot, thank you Josh. What an underrated video
i listen to your video and fall asleep quickly, after wake up finish this video... what a good video indeed!
Best Calico vid I've seen
Superb video. Speed of the video, demo in detail and dump of wireshark output made it very clear. Thank you.
Stumbled upon your video after reading the write-up on your blog on this topic. Super useful. Thank you.
Awesome video with great explanation between IP-in-IP and VXLAN for Calico Routing Modes - thanks!
This is the perfect explanation on Calico networking. Thanks, octetz!
best calico routing video yet 👌 ..it will be better if some info on overlay is added
Great teacher and great explanation(s) of calico CNI and routing modes! Thanks mate.
Very Nice . It is absolutely crisp and clear.
Very good video. You explain the concepts very well and the illustration and captures serve well. Thank you. More videos on k8s networking please
I enjoyed this video and got a lot out of it, thanks! I really liked the way you leveraged tmux in the terminal as part of your CLI demonstration too. Looking forward to implementing Calico direct routing in my home test cluster.
Great explanations! Thank you very much!!❤
You´re great! Thx for your help with k8s topics! Regards from Guatemala!
Excellent lecture! Thank you
you sir, have got some GREAT teaching skills!
Awesome video. Please, please keep working out more videos like this.
In Direct mode, the natOutgoing is set to true, but the capture showed pod ip's as source. Shouldn't this be source node ip?
Hi Octetz, Just one question, Without bgp in vxlan mode, how can the nodes learn the routes of the pods?
Great explanation. thank you sir
great video very informative, can you do another one on how to put firewall appliance to filler inter node communication, thanks
Thanks! Great video! I will share that with my colleagues!
What is the terminal you use?
Great video explaining the internal of calico overlay modes.While output of calicoctl node status, show state as start and info as passive. What does that mean? What would be the possible route cause?
This was so useful, please make more networking tutorials for developers.
BGP Reflector video is gone, can you please re upload it? thanks
thanks for sharing. learned a lot
really really good explanation!!
I don't recognize your diagraming software. What is it?
U explain amazing!
Superb, thank you so much!
Great video. Learned a lot!
Hi, thank you for the explanation. Do you have to open any firewall for pods 1 and 2 to communicate with pod3 which is in a different subnet?
There are a few k8s ports and 2 other for calico that should be open. This what I think but this gentleman could give us better info.
Incredible lesson. One thing I missed was the reasoning for using VXLAN instead of IPIP or mixed IPIP? What do you gain/lose by doing L2 encap rather than L3?
I'm still learning as well so take this with a grain of salt but some CNI implementations use the Linux l2 bridge and others (Like Calico) turns the node into an L3 router so you'd need to support both layers.
Thanks a lot for sharing it. Very helpful
very nice detailed explanation also on the post, Thank you !
I am having one issue in the lab.
after changing to - ipipMode: Never, when I ping from pod-1 in host 1 to pod-2 in host 2 (both hosts in same subnet), the source IP address is seen as IP address of host 1 interface instead of pod-1 IP address. Any advice on this ?
resolved
checked the NAT table on the node using - "sudo iptables -t nat -L" and found "MASQUERADE all -- 172.17.0.0/16 anywhere"
The command "firewall-cmd --add-masquerade --permanent" was issued during the k8s node setup
I now issued the command to disable masquerade - sudo firewall-cmd --remove-masquerade
pop to pod traffic between different hosts now uses pod IP.
Good stuff!!
Hi, you are great! My friend, what software did you use to make screenshots?
What about a video about installing calicoctl? :)
Good info on WHAT Calico does in various modes but its missing details on HOW.
What about bgp
enjoy it. Good material
great job !!!
its very important video
Awesome
good job, thank you !
Ty, very usefull video, now I have k8s 1.24 and how and where I can set Direct mode, because seems to me I have only two option ipip and vxlan, If somebody now give link)) ty
Felix basically is an agent between BGP daemon and Linux kernel.
BGP learn routes =route info base(RIB)
Linux kernel forwarding table=FIB
packets move cross nic card using FIB.
RIB is a reference for how to build routing table.
But without inserting to kernel
Fib is not there.
So net not working. Even you got BGP table information.
Other implementation like quagga. Frrouting basic same logic.
BGPd+zebra(logically = Felix)
Gobgp+goplane
For hardware perspective like Cisco
Rib=show ip route. Show BGP ipv4 unicast...etc
Fib=show ip cef
Cef is Cisco version fib for they hardware.
So final
Networking guy think
RIB is controlplane. Hardware box. Sup engine
FIB is dataplane hardware box line card
Yeah....
And....a little bit...word from network guy perspective.
Outer is underlay
Inner is overlay...
Encap thing like
GRE tunnel
IPSec tunnel
MPLS VPN
Vxlan tunnel
Whatever...it’s all the same theory...
Yeahhhhhh.
Real Network guy love BGP.
But most networking guy doesn’t.
Cuz there can’t handle BGP. They only can play staticroute...
Most of them.
Thanks!...really clear the information!.....