Alibaba Cloud Service Mesh (ASM) allows you to manage multiple clusters on the data plane. When you add a cluster to the ASM instance, ASM checks the pod CIDR blocks, service CIDR blocks, and vSwitch CIDR blocks of the cluster and existing clusters for conflicts to ensure normal communication among the clusters. The cluster can be added to the ASM instance only if no CIDR block conflict occurs. This topic describes how to plan the virtual private cloud (VPC) CIDR blocks, vSwitch CIDR blocks, pod CIDR blocks, and service CIDR blocks for multiple clusters when you use ASM to manage the clusters.

Precautions

  • The service CIDR blocks of a cluster must not conflict with each other or conflict with the pod CIDR blocks and vSwitch CIDR blocks of another cluster.
  • The pod CIDR blocks of a cluster must not conflict with each other or conflict with the service CIDR blocks and vSwitch CIDR blocks of another cluster.
  • The vSwitch CIDR blocks of a cluster must not conflict with each other or conflict with the service CIDR blocks and pod CIDR blocks of another cluster.
  • You cannot specify a CIDR block that starts with 7, which is reserved for managed Kubernetes clusters in Container Service for Kubernetes (ACK).
  • If a cluster does not reside in the same VPC as the ASM instance, the VPC CIDR block of the cluster must not conflict with that of the ASM instance.

Planning rule for CIDR blocks

We recommend that you use the following rule to plan the VPC CIDR blocks, vSwitch CIDR blocks, pod CIDR blocks, and service CIDR blocks:
  • VPC CIDR block

    We recommend that you use the CIDR blocks that range from 20.0.0.0/8 to 255.0.0.0/8. A maximum of 236 VPCs can be planned.

  • vSwitch CIDR block

    We recommend that you use the CIDR blocks that range from 20.0.0.0/16 to 20.255.0.0/16. A maximum of 256 vSwitches can be planned in a single VPC.

  • ACK cluster
    • Pod CIDR block

      We recommend that you use the CIDR blocks that range from 10.0.0.0/16 to 10.255.0.0/16. A maximum of 65,532 pods can be planned in a single cluster.

    • Service CIDR block

      We recommend that you use the CIDR blocks that range from 172.16.0.0/16 to 172.31.0.0/16. A maximum of 65,532 services can be planned in a single cluster.

Examples

Example 1: The ASM instance and the clusters reside in the same VPC.

Object VPC CIDR block vSwitch CIDR block Pod CIDR block Service CIDR block
ASM instance 192.168.0.0/16 192.168.0.0/24 / /
Cluster 1 192.168.0.0/16 192.168.0.0/24 10.0.0.0/16 172.16.0.0/16
Cluster 2 192.168.0.0/16 192.168.0.0/24 10.1.0.0/16 172.17.0.0/16
Cluster 3 192.168.0.0/16 192.168.0.0/24 10.2.0.0/16 172.18.0.0/16

Example 2: Clusters all reside in the same VPC, but the ASM instance resides in another VPC.

Notice Before you add clusters to the ASM instance, you must connect the VPCs between the clusters and the ASM instance by using Cloud Enterprise Network (CEN). For more information, see the "Step 2: Use CEN to implement cross-region VPC communication" section of the Use ASM to implement cross-region disaster recovery and load balancing topic.
Object VPC CIDR block vSwitch CIDR block Pod CIDR block Service CIDR block
ASM instance 192.168.0.0/16 192.168.0.0/24 / /
Cluster 1 20.0.0.0/8 20.0.0.0/16 10.0.0.0/16 172.16.0.0/16
Cluster 2 20.0.0.0/8 20.0.0.0/16 10.1.0.0/16 172.17.0.0/16
Cluster 3 20.0.0.0/8 20.0.0.0/16 10.2.0.0/16 172.18.0.0/16

Example 3: Clusters reside in different VPCs, but one cluster resides in the same VPC as the ASM instance.

Notice Before you add clusters to the ASM instance, you must connect the VPCs among the clusters and the VPCs between the clusters and the ASM instance by using CEN. For more information, see the "Step 2: Use CEN to implement cross-region VPC communication" section of the Use ASM to implement cross-region disaster recovery and load balancing topic.
Object VPC CIDR block vSwitch CIDR block Pod CIDR block Service CIDR block
ASM instance 192.168.0.0/16 192.168.0.0/24 / /
Cluster 1 192.168.0.0/16 192.168.0.0/24 10.0.0.0/16 172.16.0.0/16
Cluster 2 21.0.0.0/8 21.0.0.0/16 10.1.0.0/16 172.17.0.0/16
Cluster 3 22.0.0.0/8 22.0.0.0/16 10.2.0.0/16 172.18.0.0/16

Example 4: The ASM instance and the clusters reside in different VPCs.

Notice Before you add clusters to the ASM instance, you must connect the VPCs among the clusters and the VPCs between the clusters and the ASM instance by using CEN. For more information, see the "Step 2: Use CEN to implement cross-region VPC communication" section of the Use ASM to implement cross-region disaster recovery and load balancing topic.
Object VPC CIDR block vSwitch CIDR block Pod CIDR block Service CIDR block
ASM instance 192.168.0.0/16 192.168.0.0/24 / /
Cluster 1 20.0.0.0/8 20.0.0.0/16 10.0.0.0/16 172.16.0.0/16
Cluster 2 21.0.0.0/8 21.0.0.0/16 10.1.0.0/16 172.17.0.0/16
Cluster 3 22.0.0.0/8 22.0.0.0/16 10.2.0.0/16 172.18.0.0/16