Alibaba Cloud Service Mesh (ASM) allows you to manage multiple clusters on the data plane. When you add a cluster to an ASM instance, the ASM instance checks the pod CIDR blocks, service CIDR blocks, and vSwitch CIDR blocks of the cluster. The cluster can be added to the ASM instance only if no CIDR block conflict occurs. This ensures normal communications among clusters on the data plane. This topic describes how to plan the virtual private cloud (VPC) CIDR blocks, vSwitch CIDR blocks, pod CIDR blocks, and service CIDR blocks for multiple clusters when the clusters use the Flannel or Terway network plug-in.
Clusters on the data plane use Flannel
Precautions
- The service CIDR blocks of a cluster cannot conflict with each other or conflict with the pod CIDR blocks and vSwitch CIDR blocks of another cluster.
- The pod CIDR blocks of a cluster cannot conflict with each other or conflict with the service CIDR blocks and vSwitch CIDR blocks of another cluster.
- The vSwitch CIDR blocks of a cluster cannot conflict with each other or conflict with the service CIDR blocks and pod CIDR blocks of another cluster.
- You cannot specify a CIDR block that starts with 7, which is reserved for Container Service for Kubernetes (ACK) managed clusters.
- If a cluster does not reside in the same VPC as the ASM instance, the VPC CIDR blocks of the cluster cannot conflict with those of the ASM instance.
Planning rule for CIDR blocks
We recommend that you use the following rule to plan the VPC CIDR blocks, vSwitch CIDR blocks, pod CIDR blocks, and service CIDR blocks:
| Type of CIDR blocks | Description |
|---|
| VPC | We recommend that you use the CIDR blocks that range from 20.0.0.0/8 to 255.0.0.0/8. A maximum of 236 VPCs can be planned. |
| vSwitch | We recommend that you use the CIDR blocks that range from 20.0.0.0/16 to 20.255.0.0/16. A maximum of 256 vSwitches can be planned in a single VPC. |
| Pod CIDR blocks and service CIDR blocks of ACK clusters | - Pod CIDR blocks: We recommend that you use the CIDR blocks that range from 10.0.0.0/16 to 10.255.0.0/16. A maximum of 65,532 pods can be planned in a single cluster.
- Service CIDR blocks: We recommend that you use the CIDR blocks that range from 172.16.0.0/16 to 172.31.0.0/16. A maximum of 65,532 services can be planned in a single cluster.
|
Examples
Example 1: The ASM instance and the clusters reside in the same VPC.| Object | VPC | vSwitch | Pod | Service |
|---|
| ASM instance | 192.168.0.0/16 | 192.168.0.0/24 | / | / |
| Cluster 1 | 192.168.0.0/16 | 192.168.0.0/24 | 10.0.0.0/16 | 172.16.0.0/16 |
| Cluster 2 | 192.168.0.0/16 | 192.168.0.0/24 | 10.1.0.0/16 | 172.17.0.0/16 |
| Cluster 3 | 192.168.0.0/16 | 192.168.0.0/24 | 10.2.0.0/16 | 172.18.0.0/16 |
Example 2: Clusters reside in the same VPC, but the ASM instance resides in another VPC.| Object | VPC | vSwitch | Pod | Service |
|---|
| ASM instance | 192.168.0.0/16 | 192.168.0.0/24 | / | / |
| Cluster 1 | 20.0.0.0/8 | 20.0.0.0/16 | 10.0.0.0/16 | 172.16.0.0/16 |
| Cluster 2 | 20.0.0.0/8 | 20.0.0.0/16 | 10.1.0.0/16 | 172.17.0.0/16 |
| Cluster 3 | 20.0.0.0/8 | 20.0.0.0/16 | 10.2.0.0/16 | 172.18.0.0/16 |
Example 3: Clusters reside in different VPCs, but one of the clusters resides in the same VPC as the ASM instance.
Note Before you add the clusters to the ASM instance, you must connect the VPCs among the clusters and the VPCs between the clusters and the ASM instance by using CEN. For more information, see the "Step 2: Use CEN to implement cross-region VPC communication" section of the
Use ASM to implement cross-region disaster recovery and load balancing topic.
| Object | VPC | vSwitch | Pod | Service |
|---|
| ASM instance | 192.168.0.0/16 | 192.168.0.0/24 | / | / |
| Cluster 1 | 192.168.0.0/16 | 192.168.0.0/24 | 10.0.0.0/16 | 172.16.0.0/16 |
| Cluster 2 | 21.0.0.0/8 | 21.0.0.0/16 | 10.1.0.0/16 | 172.17.0.0/16 |
| Cluster 3 | 22.0.0.0/8 | 22.0.0.0/16 | 10.2.0.0/16 | 172.18.0.0/16 |
Example 4: The ASM instance and the clusters reside in different VPCs.
Note Before you add the clusters to the ASM instance, you must connect the VPCs among the clusters and the VPCs between the clusters and the ASM instance by using CEN. For more information, see the "Step 2: Use CEN to implement cross-region VPC communication" section of the
Use ASM to implement cross-region disaster recovery and load balancing topic.
| Object | VPC | vSwitch | Pod | Service |
|---|
| ASM instance | 192.168.0.0/16 | 192.168.0.0/24 | / | / |
| Cluster 1 | 20.0.0.0/8 | 20.0.0.0/16 | 10.0.0.0/16 | 172.16.0.0/16 |
| Cluster 2 | 21.0.0.0/8 | 21.0.0.0/16 | 10.1.0.0/16 | 172.17.0.0/16 |
| Cluster 3 | 22.0.0.0/8 | 22.0.0.0/16 | 10.2.0.0/16 | 172.18.0.0/16 |
Clusters on the data plane use Terway
Precautions
- The service CIDR blocks of one cluster cannot conflict with those of another cluster.
- The service CIDR blocks of clusters cannot conflict with the VPC CIDR blocks of the ASM instance.
- The VPC CIDR blocks of clusters cannot conflict with those of the ASM instance.
Planning rule for CIDR blocks
We recommend that you use the following rule to plan the VPC CIDR blocks, vSwitch CIDR blocks, pod CIDR blocks, and service CIDR blocks:
| Type of CIDR blocks | Description |
|---|
| VPC | We recommend that you use the CIDR blocks that range from 20.0.0.0/8 to 255.0.0.0/8. A maximum of 236 VPCs can be planned. |
| vSwitch | We recommend that you use the CIDR blocks that range from 20.0.0.0/16 to 20.255.0.0/16. A maximum of 256 vSwitches can be planned in a single VPC. |
| Pod CIDR blocks and service CIDR blocks of ACK clusters | - Pod CIDR blocks: We recommend that you use the CIDR blocks that range from 10.0.0.0/16 to 10.255.0.0/16. A maximum of 65,532 pods can be planned in a single cluster.
- Service CIDR blocks: We recommend that you use the CIDR blocks that range from 172.16.0.0/16 to 172.31.0.0/16. A maximum of 65,532 services can be planned in a single cluster.
|
Examples
Example 1: The ASM instance and the clusters reside in the same VPC.| Object | VPC | vSwitch | Service |
|---|
| ASM instance | 192.168.0.0/16 | 192.168.0.0/24 | / |
| Cluster 1 | 192.168.0.0/16 | 192.168.1.0/24 | 172.16.0.0/16 |
| Cluster 2 | 192.168.0.0/16 | 192.168.2.0/24 | 172.17.0.0/16 |
| Cluster 3 | 192.168.0.0/16 | 192.168.3.0/24 | 172.18.0.0/16 |
Example 2: Clusters reside in the same VPC, but the ASM instance resides in another VPC.| Object | VPC | vSwitch | Service |
|---|
| ASM instance | 192.168.0.0/16 | 192.168.0.0/24 | / |
| Cluster 1 | 20.0.0.0/8 | 20.0.0.0/16 | 172.16.0.0/16 |
| Cluster 2 | 20.0.0.0/8 | 20.1.0.0/16 | 172.17.0.0/16 |
| Cluster 3 | 20.0.0.0/8 | 20.2.0.0/16 | 172.18.0.0/16 |
Example 3: Clusters reside in different VPCs, but one of the clusters resides in the same VPC as the ASM instance.
Note Before you add the clusters to the ASM instance, you must connect the VPCs among the clusters and the VPCs between the clusters and the ASM instance by using CEN. For more information, see the "Step 2: Use CEN to implement cross-region VPC communication" section of the
Use ASM to implement cross-region disaster recovery and load balancing topic.
| Object | VPC | vSwitch | Service |
|---|
| ASM instance | 20.0.0.0/8 | 20.0.0.0/16 | / |
| Cluster 1 | 20.0.0.0/8 | 20.1.0.0/16 | 172.16.0.0/16 |
| Cluster 2 | 21.0.0.0/8 | 21.0.0.0/16 | 172.17.0.0/16 |
| Cluster 3 | 22.0.0.0/8 | 22.0.0.0/16 | 172.18.0.0/16 |
Example 4: The ASM instance and the clusters reside in different VPCs.
Note Before you add the clusters to the ASM instance, you must connect the VPCs among the clusters and the VPCs between the clusters and the ASM instance by using CEN. For more information, see the "Step 2: Use CEN to implement cross-region VPC communication" section of the
Use ASM to implement cross-region disaster recovery and load balancing topic.
| Object | VPC | vSwitch | Service |
|---|
| ASM instance | 192.168.0.0/16 | 192.168.0.0/24 | / |
| Cluster 1 | 20.0.0.0/8 | 20.0.0.0/16 | 172.16.0.0/16 |
| Cluster 2 | 21.0.0.0/8 | 21.0.0.0/16 | 172.17.0.0/16 |
| Cluster 3 | 22.0.0.0/8 | 22.0.0.0/16 | 172.18.0.0/16 |