Sctp support for version 1.12.1

General Discussions
1

Hi

I have a use space sctp application running in a container (pod) which uses raw socket. Now i want to expose my userspace sctp application to external networks using Nodeport. I am using latest kubernetes 1.12.1 with calico version 3.2 and docker version 18.06. But the packets are not getting forwarded from host to the container. Packets are getting dropped at host only. The below is my config.

apiVersion: v1
kind: Service
metadata:
name: sctpenabledapp
labels:
service: sctpenabledapp
spec:
type: NodePort
ports:

  • port: 31111
    nodePort: 31111
    selector:
    app: sctpenabledapp

apiVersion: apps/v1
kind: Deployment
metadata:
name: sctpenabledapp
spec:
selector:
matchLabels:
app: sctpenabledapp
strategy:
type: Recreate
template:
metadata:
labels:
app: sctpenabledapp
spec:
containers:
- image: myrepo/sctpenabledappv2
imagePullPolicy: Always
name: sctpenabledapp
ports:
- containerPort: 31111
name: sctpenabledapp

I also enabled sctp support in the cluster and specified protocol as sctp in configuration as shown below,still i have the same issue.

apiVersion: v1
kind: Service
metadata:
name: sctpenabledapp
labels:
service: sctpenabledapp
spec:
type: NodePort
ports:

  • protocol: SCTP
    port: 31111
    nodePort: 31111
    selector:
    app: sctpenabledapp

apiVersion: apps/v1
kind: Deployment
metadata:
name: sctpenabledapp
spec:
selector:
matchLabels:
app: sctpenabledapp
strategy:
type: Recreate
template:
metadata:
labels:
app: sctpenabledapp
spec:
containers:
- image: myrepo/sctpenabledappv2
imagePullPolicy: Always
name: sctpenabledapp
ports:
- containerPort: 31111
protocol: SCTP
name: sctpenabledapp

My cluster is working fine for any other TCP based applications,so can you please give us some hints on how to make sctp working and debugging steps

Thanks

2

hi,

Did you get any solution? Even for me sctp traffic is getting dropped at host itself?
How did you enable sctp support in the cluster?

Regards,
Himani

3

Hi

I am going to work on the issue this week, I will let you know you know my findings in a week. Mean while you can enable SCTP while deploying cluster. I am not sure is there any way to enable it after installation

apiVersion: kubeadm.k8s.io/v1alpha3
kubernetesVersion: v1.12.1
kind: ClusterConfiguration
apiServerExtraArgs:
feature-gates: SCTPSupport=true
apiserver-advertise-address: ipaddress
pod-network-cidr: 192.168.0.0/16

You can initialize the cluster using the following command
kubeadm init --config config.yaml

Thanks
venkat

4

I get error while doing init as W0102 08:24:50.183223 29567 strict.go:54] error unmarshaling configuration schema.GroupVersionKind{Group:“kubeadm.k8s.io”, Version:“v1alpha3”, Kind:“ClusterConfiguration”}: error unmarshaling JSON: while decoding JSON: json: unknown field “apiserver-advertise-address”

5

Hi,

Any update on the traffic issue?

Regards,
Himani

6

Did anyone get this working?

7

are there any findings to share, on what fixes the host rejecting the SCTP packets ?

In our case too, the SCTP packets are rejected by Node. But same works with flannel ? any clues if Calico playing an spoiler here!

8

Hi

What is your calico version? it is working for us with calico.

Thanks

9

SCTP is working for us with both calico and flannel… If you are working with IPVS make sure that following modules are available

modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_lc
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
modprobe nf_conntrack_proto_sctp
modprobe nf_nat_proto_sctp

and also my colleague raised a bug and a fix for one of the SCTP traffic forwarding issue.

if still not working,

run ipset list

Name: KUBE-NODE-PORT-SCTP
Type: hash:ip,port
Revision: 5
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 192
References: 1
Members:
127.0.0.1,sctp:36412

if your member is showing loop back ip, restart your kube-proxy to reflect the node IP

of course, if you are running all-in-one cluster above two issues are not relevant.