CF networking is officially part of cf-deployment! You do not need a separate ops-file to include cf-networking in your deployment. This release also adds new capabilities for bandwidth limiting and logging enhancements for ASGs and container networking.
Try it out and give us your feedback in the #container-networking channel on cloudfoundry.slack.com.
Take a look at known issues for current limitations and known issues.
Verified with the following:
Manifest Changes
New Properties
- Optional parameters have been added to the
silk-cni
job to limit the
bandwidth in and out of containers.cf_networking.rate
is the rate in Kbps at which traffic can leave and
enter a container.cf_networking.burst
is the burst in Kb at which traffic can leave and
enter a container.- Both of these parameters must be set in order to limit bandwidth. If
neither one is set, then bandwidth is not limited. - The burst must high enough to support the given rate. If burst is not
high enough, then creating containers will fail.
- An optional parameter has been added to configure the rate of logs by
iptables for denied packets. Before, this rate was hardcoded to 2 packets
per minute. Now, the rate defaults to 1 packet per second.cf_networking.iptables_denied_logs_per_sec
is the maximum number of
denied packets logged by iptables per second, it should be configured on
thesilk-cni
job.
Significant Changes
Port Ranges
Logging
- c2c logs for accepted packets use conntrack
- An operator can change the sampling time of deny logging
- ASG logging works for accepted traffic that match UDP and ICMP whitelist rules