Page MenuHomeVyOS Platform
Create Task
Maniphest T5384

Integrate proper CNI integrating or at least not conflicting with VyOS
Open, WishlistPublicFEATURE REQUEST
Actions

Description

Open Questions:

  • Calico uses iptables, VyOS nftables.
    • Potential for Conflict?
    • Wanted to use both at the same time?
  • Might Weave Net have clear benefits for this usecase?
  • Canal?
  • New VyOS CNI.
    • A lot of implementation work is required to reimplement CNI's cluster side functionality and API

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenFEATURE REQUESTralph.barizT5380 VyOS Kubelet (k8s)
 OpenFEATURE REQUESTNoneT5384 Integrate proper CNI integrating or at least not conflicting with VyOS

Event Timeline

ralph.bariz created this task.Jul 20 2023, 2:44 PM
pasik added a subscriber: pasik.Jul 21 2023, 1:37 PM
Viacheslav triaged this task as Wishlist priority.Jan 20 2024, 12:59 PM
Viacheslav added a subscriber: Viacheslav.

We have both iptables/nftables. In general, all code should be for nftables, but iptables are dependencies to netavark network stack. Thats why we are having both packages now

vyos@r4:~$ show version all | match "netavar|nft|ipta"
ii  iptables                             1.8.9-2                          amd64        administration tools for packet filtering and NAT
ii  libnftables1:amd64                   1.0.8-1                          amd64        Netfilter nftables high level userspace API library
ii  libnftnl11:amd64                     1.2.6-1                          amd64        Netfilter nftables userspace API library
ii  miniupnpd-nftables                   2.3.1-1                          amd64        UPnP and NAT-PMP daemon for gateway routers - nftables backend
ii  netavark                             1.4.0-4                          amd64        Rust based network stack for containers
ii  nftables                             1.0.8-1                          amd64        Program to control packet filtering rules by Netfilter project
vyos@r4:~$