Multus CNI
Multus CNI Meta Plugin Kubernetes Multi-homed Pod Network Interface SR-IOV MACVLAN IPVLAN NetworkAttachmentDefinition Telco 5G NFV Storage Management Production
| CNI Plugin | Type | Performance | Isolation | IPAM | Use Case |
|---|---|---|---|---|---|
| Macvlan | L2 | ดีมาก | MAC-based | Static/DHCP | Direct LAN access |
| IPvlan | L2/L3 | ดีมาก | IP-based | Static | Same MAC needed |
| Bridge | L2 | ดี | Bridge-based | Static/DHCP | VM-like networking |
| SR-IOV | Hardware | Near bare-metal | VF-based | Static | Telco high perf |
| Host-device | Passthrough | ดีมาก | Device-based | Static | Dedicated NIC |
Installation
# === Multus CNI Installation ===
# Install Multus (thick plugin)
# kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset-thick.yml
# Verify installation
# kubectl get pods -n kube-system | grep multus
# kubectl get crd | grep network-attachment
# Helm Installation
# helm repo add rke2-charts https://rke2-charts.rancher.io
# helm install multus rke2-charts/rke2-multus -n kube-system
# NetworkAttachmentDefinition — Macvlan
# apiVersion: k8s.cni.cncf.io/v1
# kind: NetworkAttachmentDefinition
# metadata:
# name: storage-net
# namespace: default
# spec:
# config: '{
# "cniVersion": "0.3.1",
# "type": "macvlan",
# "master": "eth1",
# "mode": "bridge",
# "ipam": {
# "type": "host-local",
# "subnet": "192.168.100.0/24",
# "rangeStart": "192.168.100.100",
# "rangeEnd": "192.168.100.200",
# "gateway": "192.168.100.1"
# }
# }'
# NetworkAttachmentDefinition — SR-IOV
# apiVersion: k8s.cni.cncf.io/v1
# kind: NetworkAttachmentDefinition
# metadata:
# name: sriov-net
# spec:
# config: '{
# "cniVersion": "0.3.1",
# "type": "sriov",
# "vlan": 100,
# "ipam": {
# "type": "host-local",
# "subnet": "10.10.100.0/24"
# }
# }'
# Pod with multiple networks
# apiVersion: v1
# kind: Pod
# metadata:
# name: multi-net-pod
# annotations:
# k8s.v1.cni.cncf.io/networks: storage-net, sriov-net
# spec:
# containers:
# - name: app
# image: nginx
# # eth0 = default CNI
# # net1 = storage-net (macvlan)
# # net2 = sriov-net (sriov)
from dataclasses import dataclass
@dataclass
class NetworkConfig:
name: str
cni_type: str
subnet: str
interface: str
vlan: str
purpose: str
networks = [
NetworkConfig("cluster-net", "Calico (default)", "10.244.0.0/16", "eth0", "N/A", "Pod-to-Pod default"),
NetworkConfig("storage-net", "Macvlan", "192.168.100.0/24", "net1", "100", "Ceph storage traffic"),
NetworkConfig("mgmt-net", "Macvlan", "192.168.200.0/24", "net2", "200", "SSH monitoring"),
NetworkConfig("data-net", "SR-IOV", "10.10.100.0/24", "net3", "300", "High-speed data plane"),
]
print("=== Network Configurations ===")
for n in networks:
print(f" [{n.name}] Type: {n.cni_type}")
print(f" Subnet: {n.subnet} | IF: {n.interface} | VLAN: {n.vlan}")
print(f" Purpose: {n.purpose}")Multi-homed Pod Design
# === Multi-homed Pod Examples ===
# Verify Pod networks
# kubectl exec multi-net-pod -- ip addr show
# kubectl exec multi-net-pod -- ip route
# kubectl get pods multi-net-pod -o jsonpath='{.metadata.annotations.k8s\.v1\.cni\.cncf\.io/network-status}'
# Deployment with Multus
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: storage-app
# spec:
# replicas: 3
# template:
# metadata:
# annotations:
# k8s.v1.cni.cncf.io/networks: |
# [
# {"name": "storage-net", "interface": "net1"},
# {"name": "mgmt-net", "interface": "net2", "ips": ["192.168.200.50"]}
# ]
# spec:
# containers:
# - name: app
# image: my-storage-app:latest
@dataclass
class PodNetwork:
pod: str
default_ip: str
additional: str
total_interfaces: int
use_case: str
pods = [
PodNetwork("web-server", "10.244.1.10", "N/A (default only)", 1, "Standard web service"),
PodNetwork("ceph-osd", "10.244.1.20", "storage-net: 192.168.100.20", 2, "Storage + cluster"),
PodNetwork("db-replica", "10.244.1.30", "storage-net: 192.168.100.30, mgmt-net: 192.168.200.30", 3, "DB replication + mgmt"),
PodNetwork("5g-upf", "10.244.1.40", "data-net: 10.10.100.40, mgmt-net: 192.168.200.40", 3, "Telco user plane"),
]
print("\n=== Multi-homed Pods ===")
for p in pods:
print(f" [{p.pod}] Default: {p.default_ip} | Interfaces: {p.total_interfaces}")
print(f" Additional: {p.additional}")
print(f" Use Case: {p.use_case}")Troubleshooting
# === Multus Troubleshooting ===
# Check Multus DaemonSet
# kubectl get ds -n kube-system | grep multus
# kubectl logs -n kube-system ds/kube-multus-ds
# Check NAD
# kubectl get net-attach-def
# kubectl describe net-attach-def storage-net
# Common Issues
# 1. Pod stuck in ContainerCreating
# → Check Multus logs: kubectl logs -n kube-system -l app=multus
# → Verify NAD config JSON is valid
#
# 2. No IP assigned on additional interface
# → Check IPAM config: subnet range exhausted?
# → Verify master interface exists on node
#
# 3. Cannot reach other pods on additional network
# → Check VLAN tagging on physical switch
# → Verify ARP/routing on macvlan bridge mode
@dataclass
class TroubleshootItem:
issue: str
symptom: str
check_command: str
fix: str
issues = [
TroubleshootItem("Pod ContainerCreating", "Pod ค้าง ไม่ Running",
"kubectl describe pod; kubectl logs -n kube-system multus",
"ตรวจ NAD JSON valid, master interface exists"),
TroubleshootItem("No IP on net1", "ip addr show net1 ไม่มี IP",
"kubectl exec pod -- ip addr; check IPAM range",
"เพิ่ม IP Range หรือตรวจ Subnet Config"),
TroubleshootItem("Cannot ping across net", "Pod คุยกันไม่ได้บน net เพิ่ม",
"kubectl exec pod -- ping 192.168.100.x",
"ตรวจ VLAN Switch, macvlan mode, routing"),
TroubleshootItem("NAD not found", "net-attach-def not found",
"kubectl get net-attach-def -n NAMESPACE",
"สร้าง NAD ใน Namespace เดียวกับ Pod"),
TroubleshootItem("Performance low", "Throughput ต่ำกว่าที่คาด",
"iperf3 between pods on additional net",
"ใช้ SR-IOV แทน macvlan, ตรวจ NIC offload"),
]
print("Troubleshooting Guide:")
for t in issues:
print(f" [{t.issue}] {t.symptom}")
print(f" Check: {t.check_command}")
print(f" Fix: {t.fix}")เคล็ดลับ
- Default CNI: ติดตั้ง Default CNI ก่อน Multus เสมอ
- Macvlan: เริ่มจาก Macvlan ง่ายที่สุดสำหรับมือใหม่
- SR-IOV: ใช้ SR-IOV สำหรับ High Performance ต้องมี NIC รองรับ
- VLAN: ตั้ง VLAN บน Physical Switch ให้ตรงกับ NAD Config
- Test: ใช้ iperf3 ทดสอบ Bandwidth ระหว่าง Pod บน Additional Network
Multus CNI คืออะไร
Meta CNI Plugin Kubernetes หลาย Network Interface Pod SR-IOV MACVLAN IPVLAN Bridge NFV Telco 5G Storage Management Data Control Plane
ติดตั้ง Multus อย่างไร
kubectl apply DaemonSet Helm Chart Default CNI ก่อน NetworkAttachmentDefinition Annotation k8s.v1.cni.cncf.io/networks Pod Spec
NetworkAttachmentDefinition คืออะไร
Custom Resource Multus Network Config CNI Plugin macvlan ipvlan bridge sriov IP Range Subnet Gateway VLAN Namespace Annotation หลาย NAD
Use Case ของ Multus มีอะไรบ้าง
Telco 5G SR-IOV Data Plane Storage Ceph NFS Management SSH Monitoring Database Replication Multi-tenant Isolation NFV หลาย Interface
สรุป
Multus CNI Meta Plugin Kubernetes Multi-homed Pod NetworkAttachmentDefinition Macvlan SR-IOV IPVLAN Bridge Telco 5G Storage Management Production Network Design
