IP pool

    Spec

    note

    Do not use a custom blockSize until all Calico components have been updated to a version that supports it (at least v3.3.0). Older versions of components do not understand the field so they may corrupt the IP pool by creating blocks of incorrect size.

    When automatically assigning IP addresses to workloads, only pools with “Workload” in their allowedUses field are consulted. Similarly, when assigning IPs for tunnel devices, only “Tunnel” pools are eligible.

    If the allowedUses field is not specified, it defaults to ["Workload", "Tunnel"] for compatibility with older versions of Calico. It is not possible to specify a pool with no allowed uses.

    The allowedUses field is only consulted for new allocations, changing the field has no effect on previously allocated addresses.

    Calico supports Kubernetes . These annotations take precedence over the allowedUses field.

    IPIP

    Routing of packets using IP-in-IP will be used when the destination IP address is in an IP Pool that has IPIP enabled. In addition, if the ipipMode is set to CrossSubnet, Calico will only route using IP-in-IP if the IP address of the destination node is in a different subnet. The subnet of each node is configured on the node resource (which may be automatically determined when running the service).

    For details on configuring IP-in-IP on your deployment, please refer to .

    Setting natOutgoing is recommended on any IP Pool with ipip enabled. When ipip is enabled without natOutgoing routing between Workloads and Hosts running Calico is asymmetric and may cause traffic to be filtered due to RPF checks failing.

    Routing of packets using VXLAN will be used when the destination IP address is in an IP Pool that has VXLAN enabled.. In addition, if the vxlanMode is set to CrossSubnet, Calico will only route using VXLAN if the IP address of the destination node is in a different subnet. The subnet of each node is configured on the node resource (which may be automatically determined when running the calico/node service).

    IP pool - 图3note

    Setting natOutgoing is recommended on any IP Pool with vxlan enabled. When vxlan is enabled without natOutgoing routing between Workloads and Hosts running Calico is asymmetric and may cause traffic to be filtered due to RPF checks failing.

    Block sizes

    The default block sizes of 26 for IPv4 and 122 for IPv6 provide blocks of 64 addresses. This allows addresses to be allocated in groups to workloads running on the same host. By grouping addresses, fewer routes need to be exchanged between hosts and to other BGP peers. If a host allocates all of the addresses in a block then it will be allocated an additional block. If there are no more blocks available then the host can take addresses from blocks allocated to other hosts. Specific routes are added for the borrowed addresses which has an impact on route table size.

    Increasing the block size from the default (e.g., using 24 for IPv4 to give 256 addresses per block) means fewer blocks per host, and potentially fewer routes. But try to ensure that there are at least as many blocks in the pool as there are hosts.

    Reducing the block size from the default (e.g., using 28 for IPv4 to give 16 addresses per block) means more blocks per host and therefore potentially more routes. This can be beneficial if it allows the blocks to be more fairly distributed amongst the hosts.

    For details on configuring IP pool node selectors, please read the .

    To prevent an IP pool from being used automatically by Calico IPAM, while still allowing it to be used manually for static assignments, set the IPPool‘s nodeSelector to !all(). Since the selector matches no nodes, the IPPool will not be used automatically and, unlike setting disabled: true, it can still be used for manual assignments.

    Selector reference

    A label selector is an expression which either matches or does not match a resource based on its labels.

    Calico label selectors support a number of operators, which can be combined into larger expressions using the boolean operators and parentheses.

    Operators have the following precedence:

    • Highest: all the match operators
    • Negation with !
    • Conjunction with &&
    • Lowest: Disjunction with

    For example, the expression

    Would be “bracketed” like this:

    It would match:

    • Any resource that did not have label “my-label”.
    • Any resource that both:
      • Has a value for my-label that starts with “prod”, and,

    The allows for small parts of an IP pool to be reserved so that they will not be used for automatic IPAM assignments.