Overview
This plugin can change some system controls (sysctls) and several interface attributes (promiscuous mode, all-multicast mode, MTU and MAC address) in the network namespace. It does not create any network interfaces and therefore does not bring connectivity by itself. It is only useful when used in addition to other plugins.
System Controls Operation
The following network configuration file
{
"name": "mytuning",
"type": "tuning",
"sysctl": {
"net.core.somaxconn": "500",
"net.ipv4.conf.IFNAME.arp_filter": "1"
}
}
will set /proc/sys/net/core/somaxconn to 500 and /proc/sys/net/ipv4/conf/IFNAME/arp_filter to 1,
while IFNAME
in the path will be substituted with an interface name passed to this plugin.
That substitution is allowing to set sysctls specific to a particular network interface.
Other sysctls can be modified as long as they belong to the network namespace (/proc/sys/net/*
).
A successful result would simply be:
{ }
Network sysctls documentation
Some network sysctls are documented in the Linux sources:
Interface Attribute Operation
The following configuration example will change all the supported attributes on the interface determined by CNI_IFNAME :
{
"name": "mytuning",
"type": "tuning",
"mac": "c2:b0:57:49:47:f1",
"mtu": 1454,
"promisc": true,
"allmulti": true
}
Interface attribute configuration reference
mac
(string, optional): MAC address (i.e. hardware address) of interfacemtu
(integer, optional): MTU of interfacepromisc
(bool, optional): Change the promiscuous mode of interfaceallmulti
(bool, optional): Change the all-multicast mode of interface. If enabled, all multicast packets on the network will be received by the interface.
Supported arguments
The following CNI_ARGS are supported:
MAC
: request a specific MAC address for the interface(example: CNI_ARGS=“IgnoreUnknown=true;MAC=c2:11:22:33:44:55”)
Note: You may add IgnoreUnknown=true
to allow loose CNI argument verification (see CNI’s issue
#560 ).
The plugin also support following capability argument .
mac
: Pass MAC addresses for CNI interface
The following args conventions are supported:
mac
(string, optional): MAC address (i.e. hardware address) of interfacemtu
(integer, optional): MTU of interfacepromisc
(bool, optional): Change the promiscuous mode of interfaceallmulti
(bool, optional): Change the all-multicast mode of interfacesysctl
(object, optional): Change system controls
Sysctl allowlist
By default all sysctls can be modified by the plugin. This can be changed by providing an allow-list of sysctl on each node. The allow-list should contain a list of regular expressions of allowed values. The allow-list should be placed in the following location on each node:
/etc/cni/tuning/allowlist.conf
The allow list must be specified on each node. The plugins on the nodes will use the list specified on the node it’s running on. If the file is not present, the plugin will allow all sysctls to be used. Below is an example of an allow-list file:
^net\.ipv4\.conf\.all\.[a-z_]*$
^net\.ipv4\.conf\.IFNAME\.[a-z_]*$