#Creating Subnets (Kube-OVN Underlay Network)

Creating subnets in the Kube-OVN Underlay network not only enables finer-grained network isolation for resources but also provides a better performance experience.

Note: The container network in Kube-OVN Underlay requires support from the physical network. Please refer to the best practices Preparing the Kube-OVN Underlay Physical Network to ensure network connectivity.

#IP Allocation Rules

Note: If a project or namespace is assigned multiple subnets, one of the IP addresses from the corresponding subnet will be randomly used.

• Project Allocation:

  • If the project is not bound to a subnet, Pods in all namespaces under that project can only use IP addresses from the default subnet. If there are insufficient IP addresses in the default subnet, Pods will fail to start.
  • If the project is bound to a subnet, Pods in all namespaces under that project can only use IP addresses from that subnet.

• Namespace Allocation:

  • If the namespace is not bound to a subnet, Pods in that namespace can only use IP addresses from the default subnet. If there are insufficient IP addresses in the default subnet, Pods will fail to start.
  • If the namespace is bound to a subnet, Pods in that namespace can only use IP addresses from that subnet.

#Usage Instructions

The general process for creating subnets in the Kube-OVN Underlay network is: Add Bridge Network > Add VLAN > Create Subnet.

#(Optional) Add Bridge Network

A bridge network refers to a bridge, and after binding the network card to the bridge, it can forward container network traffic, achieving intercommunication with the physical network.

#Steps

1. Navigate to Platform Management.

2. In the left navigation bar, click Network Management > Bridge Network.

3. Click Add Bridge Network.

4. Configure the relevant parameters based on the following instructions.

   Note:

   • Target Container Group refers to all container groups scheduled on the current node or container groups in namespaces bound to specific subnets scheduled to the current node. This depends on the scope of the subnet under the bridge network.

   • The nodes in the Underlay subnet must have multiple network cards, and the network card used by the bridge network must be exclusively assigned to the Underlay and cannot carry other traffic, such as SSH. For example, if the bridge network has three nodes planning for eth0, eth0, eth1 for exclusive use by the Underlay, then the default network card can be set as eth0, and the network card for node three can be eth1.

   Parameter	Description
   Default Network Card Name	By default, the target container group will use this as the bridge network card for intercommunication with the physical network.
   Configure Network Card by Node	The target container groups on the configured nodes will bridge to the specified network card instead of the default network card.
   Exclude Nodes	When nodes are excluded, all container groups scheduled to these nodes will not bridge to any network card on these nodes. Note: Container groups on excluded nodes will not be able to communicate with the physical network or cross-node container networks, and care should be taken to avoid scheduling related container groups to these nodes.

5. Click Add.

#(Optional) Add VLAN

The platform has a pre-configured ovn-vlan virtual LAN, which will connect to the provider bridge network. You can also configure a new VLAN to connect to other bridge networks, thereby achieving network isolation between VLANs.

#Steps

1. Navigate to Platform Management.

2. In the left navigation bar, click Network Management > VLAN.

3. Click Add VLAN.

4. Configure the relevant parameters based on the following instructions.

   Parameter	Description
   VLAN ID	The unique identifier for this VLAN, which will be used to differentiate different virtual LANs.
   Bridge Network	The VLAN will connect to this bridge network for intercommunication with the physical network.

5. Click Add.

#Create Subnet and Assign Project or Namespace

Note: The platform also pre-configures a join subnet for communication between nodes and container groups in Overlay transport mode. This subnet will not be used in Underlay transport mode, so it is crucial to avoid IP segment conflicts between join and other subnets.

#Steps

1. Navigate to Platform Management.

2. In the left navigation bar, click Network Management > Subnet.

3. Click Create Subnet.

4. Configure the relevant parameters based on the following instructions.

   Parameter	Description
   VLAN	The VLAN to which the subnet belongs.
   Subnet	After assigning the subnet to a project or namespace, IPs within the physical subnet will be randomly allocated for use by container groups.
   Gateway	The physical gateway within the above subnet.
   Reserved IP	The specified reserved IP will not be automatically assigned. For example, it can be used as the IP for the compute component fixed IP.

5. Click Confirm.

6. On the subnet details page, select Action > Assign Project / Namespace.

7. Complete the configuration and click Assign.

#Related Operations

When both Underlay and Overlay subnets exist in a cluster, you can configure the Automatic Intercommunication Between Underlay and Overlay Subnets as needed.