In ipipMode: Always, All traffics to pod CIDR (10.169.0.0/16) goes though tunl0 interface
$ calicoctl get ipPool default-ipv4-ippool -o json| jq -r .spec
{
"cidr": "10.169.0.0/16",
"vxlanMode": "Never",
"ipipMode": "Always",
"natOutgoing": true,
"blockSize": 26,
"nodeSelector": "all()",
"allowedUses": [
"Workload",
"Tunnel"
]
}
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
10.169.119.128 192.168.0.171 255.255.255.192 UG 0 0 0 tunl0
10.169.152.192 0.0.0.0 255.255.255.192 U 0 0 0 *
10.169.198.128 192.168.0.200 255.255.255.192 UG 0 0 0 tunl0
10.169.198.192 192.168.0.200 255.255.255.192 UG 0 0 0 tunl0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
$compare to ipipMode: Never , traffics to destination pod directly goes though eth0 interface
$ calicoctl apply -f ipPool-Never.yaml
Successfully applied 1 'IPPool' resource(s)
$
$ calicoctl get ipPool default-ipv4-ippool -o json| jq -r .spec
{
"cidr": "10.169.0.0/16",
"vxlanMode": "Never",
"ipipMode": "Never",
"natOutgoing": true,
"blockSize": 26,
"nodeSelector": "all()",
"allowedUses": [
"Workload",
"Tunnel"
]
}
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
10.169.119.128 192.168.0.171 255.255.255.192 UG 0 0 0 eth0
10.169.152.192 0.0.0.0 255.255.255.192 U 0 0 0 *
10.169.198.128 192.168.0.200 255.255.255.192 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
$ ipipMode: Never or CrossSubnet no need tunl0 and may have batter performance than ipipMode: Always
$ cat ipPool-Never.yaml
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
name: default-ipv4-ippool
spec:
allowedUses:
- Workload
- Tunnel
blockSize: 26
cidr: 10.169.0.0/16
ipipMode: Never
natOutgoing: true
nodeSelector: all()
vxlanMode: Neverrefer: https://projectcalico.docs.tigera.io/reference/resources/ippool
