Terway is an open source Container Network Interface (CNI) plug-in developed by Alibaba Cloud. Terway works with Virtual Private Cloud (VPC) and allows you to use standard Kubernetes network policies to regulate how containers communicate with each other. You can use Terway to set up network connectivity within a Kubernetes cluster. The topic introduces Terway and provides the usage notes and release notes for the component.

Introduction

Terway is a CNI plug-in developed by Container Service for Kubernetes (ACK). The plug-in builds networks based on elastic network interfaces (ENIs) of Alibaba Cloud to make full use of cloud resources. Terway supports the use of extended Berkeley Packet Filter (eBPF) to accelerate network traffic and reduce latency. Terway supports standard Kubernetes network policies that define how containers communicate with each other and provides compatibility with Calico network policies.

In a cluster that has Terway installed, each pod has a separate network stack and is assigned a separate IP address. Pods on the same Elastic Compute Service (ECS) instance communicate with each other by forwarding packets inside the ECS instance. Pods on different ECS instances communicate with each other through ENIs in the VPC in which the ECS instances are deployed. This improves communication efficiency because no tunneling technologies, such as Virtual Extensible Local Area Network (VXLAN), are required to encapsulate packets.

Usage notes

For more information about how to use Terway, see Work with Terway.

Release notes

March 2022

Version Image address Release date Description Impact
v1.2.2 registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.2.2 2022-03-31 The ARP inspection issue in VLAN mode is fixed.

No impact on workloads

v1.2.1 registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.2.1 2022-03-15
  • The issue that calico-felix changes to the legacy iptables mode when calico-felix runs on Alibaba Cloud Linux 3 is fixed. The issue that calico-felix changes to the legacy iptables mode when calico-felix runs on Alibaba Cloud Linux 3 is fixed.
  • The issue that IP addresses cannot be revoked when metadata errors occur is fixed.

No impact on workloads

January 2022

Version Image address Release date Description Impact
v1.2.0 registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.2.0 2022-01-11
  • The efficiency of file locking when CNI is being executed is improved.
  • A Service can be accessed by using its backend pods in IPVLAN mode.
  • In IPVLAN mode, if you access an external IP address or a Server Load Balancer (SLB) instance from within a cluster, the traffic is routed to the backend Service. This feature is automatically enabled for newly created clusters. To enable load balancing within an existing cluster in Terway IPVLAN mode, see How do I enable load balancing within a cluster in Terway IPVLAN mode?.
  • The issue that false positive alerts are generated in Terway VPC mode is fixed.
  • The performance of calico-felix is improved.

No impact on workloads

December 2021

Version Image address Release date Description Impact
v1.1.1 registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.1.1 2021-12-20
  • The reclaiming of ENIs is improved. The issue that IPVLAN cannot be set up due to netns leaks when containerd is used is fixed.
  • An ENI can be associated with multiple security groups. For more information about how to attach the policy to the RAM role, see Associate multiple security groups with an ENI.

No impact on workloads

November 2021

Version Image address Release date Description Impact
v1.1.0 registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.1.0 2021-11-22
  • IPv4/IPv6 dual stack is supported.
  • Felix is updated to V3.20.2
  • CNI is updated from V0.3.0 to V0.3.1.
  • The deployment template of Terway is compatible with Kubernetes 1.22. Terway of this version and later versions are compatible with Kubernetes 1.18 and later versions.
  • The issue that ENI configuration errors occasionally occur in IPVLAN mode is fixed. For more information, see #261.

September 2021

Version Image address Release date Description Impact
v1.0.10.443-gaa1bfcc-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.443-gaa1bfcc-aliyun 2021-09-14

Network latency is reduced.

This update applies only to Terway in exclusive ENI mode. Terway in other modes does not require this update.

No impact on workloads

August 2021

Version Image address Release date Description Impact
v1.0.10.398-g63d2e57-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.398-g63d2e57-aliyun 2021-08-04
  • The issue that network policies occasionally fail to take effect when Terway is used in inclusive ENI mode is fixed.
  • The Cilium plug-in is updated to V1.10.

No impact on workloads

July 2021

Version Image address Release date Description Impact
v1.0.10.390-g5f3c461-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.390-g5f3c461-aliyun 2021-07-02
  • The issue that pod annotations cannot be modified when elastic IP addresses (EIPs) are used in Terway mode is fixed.
  • The issue that Terway cannot be started when a dedicated ENI is assigned to each pod in Terway mode is fixed.
  • The network namespace path is automatically adjusted in containerd containers.
  • Alibaba Cloud Linux 3 is supported.

No impact on workloads

May 2021

Version Image address Release date Description Impact
v1.0.10.368-g2890967-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.368-g2890967-aliyun 2021-05-24
  • The issue that the ResourceInvalid alert occurs when EIPs are used is fixed.
  • Communication between pods and the node is supported in IPVLAN mode. Data can be transmitted within the node and does not need to be transmitted over the VPC in which the node is deployed.
  • Proactive checks and corrections of the ip forwarding setting are supported.

No impact on workloads

April 2021

Version Image address Release date Description Impact
v1.0.10.333-gfd2b7b8-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.333-gfd2b7b8-aliyun 2021-04-26
  • The conflicts that occur when stateful applications use EIPs are fixed.
  • Hubble can be enabled in IPVLAN mode. For more information about Hubble, see What is Hubble.

No impact on workloads

March 2021

Version Image address Release date Description Impact
v1.0.10.323-g778c128-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.323-g778c128-aliyun 2021-03-22
  • The number of API calls per minute is reduced to prevent API abuse.
  • Event alerts are optimized when security group configurations are inspected.

No impact on workloads

February 2021

Version Image address Release date Description Impact
v1.0.10.317-g0652857-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.317-g0652857-aliyun 2021-02-22
  • The issue of identity leakage in Cilium is fixed.
  • The issue that occasionally occurs in the IP management of StatefulSet pods is fixed.

No impact on workloads

v1.0.10.309-g5314eee-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.309-g5314eee-aliyun 2021-02-05
  • Errors in the configurations of security group rules are no longer automatically fixed. The system generates alerts only when errors are detected. You can follow the suggestions to fix the errors.
  • The issue that the IP addresses of pods may be reclaimed and reassigned to the pods when the nodes are overloaded is fixed.

No impact on workloads

January 2021

Version Image address Release date Description Impact
v1.0.10.301-g0115576-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.301-g0115576-aliyun 2021-01-21
New features:
  • Custom maximum transmission units (MTUs) are supported.
  • Routing based on the host network stack in exclusive ENI mode is supported.
Fixed issues:
  • Packet loss due to traffic throttling of Terway.
  • Residual IP policies.
  • Incorrect counting of the number of IP addresses provided by ENIs.

No impact on workloads

December 2020

Version Image address Release date Description Impact
v1.0.10.280-gdc2cb6c-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.280-gdc2cb6c-aliyun 2020-12-25
  • Proactive checks of Terway are supported. The following items are checked:
    • ENIs and secondary IP addresses of ENIs.
    • The consistency of security groups.
    • The pod network configurations.
    • The host network configurations.
  • Routing based on the host network stack in IPVLAN mode is supported.

No impact on workloads

v1.0.10.263-gdbe50a9-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.263-gdbe50a9-aliyun 2020-12-03 The Terway error that occurs in exclusive ENI mode is fixed.

No impact on workloads

November 2020

Version Image address Release date Description Impact
v1.0.10.261-g8342155-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.261-g8342155-aliyun 2020-11-27
  • Synchronous calls to the ECS API are supported.
  • The issue that error messages are returned when the CNI plug-in is used is fixed.

No impact on workloads

v1.0.10.250-gb7bb10a-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.250-gb7bb10a-aliyun 2020-11-23
  • The network issue of pods when the ENI driver fails to be loaded is fixed.
  • The status issue of the IP addresses that are allocated by ENIs when the ENI API is throttled is fixed.

No impact on workloads

October 2020

Version Image address Release date Description Impact
v1.0.10.247-g4cb77d0-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.247-g4cb77d0-aliyun 2020-10-26 ECS instances that are deployed on dedicated hosts are supported.

No impact on workloads

September 2020

Version Image address Release date Description Impact
v1.0.10.237-g6a0f948-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.237-g6a0f948-aliyun 2020-09-16 The time required to bind ENIs to pods is reduced.

No impact on workloads

August 2020

Version Image address Release date Description Impact
v1.0.10.221-g8d6386a-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.221-g8d6386a-aliyun 2020-08-11 IPVLAN and the eBPF are supported for network virtualization. To use this feature, Submit a ticket to apply to be added to the whitelist.

No impact on workloads

v1.0.10.213-g27145cc-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.213-g27145cc-aliyun 2020-08-04 The network issue of pods due to occasional ENI failures is fixed.

No impact on workloads

July 2020

Version Image address Release date Description Impact
v1.0.10.208-gf3144bf-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.208-gf3144bf-aliyun 2020-07-20
  • The issue that policy-based routes for nodes in inclusive ENI mode are exposed is fixed.
  • API calls over internal networks are supported.
  • The issue that pod IP addresses cannot be released when the number of IP addresses provided by the vSwitch reaches the upper limit is fixed.
  • The error report page that returns CNI errors is optimized.

No impact on workloads

v1.0.10.211-gef088a4-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.211-gef088a4-aliyun 2020-07-24 Cluster ID tags can be added to ENIs.

No impact on workloads

April 2020

Version Image address Release date Description Impact
v1.0.10.156-g8660a0f-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.156-g8660a0f-aliyun 2020-04-22
  • The cache efficiency is improved when ENIs are used.
  • The pre-installed Felix is updated to V3.5.8.
  • Reclaiming network resources from pods that are in the Completed or Failed state is supported.

No impact on workloads

February 2020

Version Image address Release date Description Impact
v1.0.10.139-g14a4f84-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.139-g14a4f84-aliyun 2020-02-12 The issue that pod creation requests occasionally time out is fixed. No impact on workloads

January 2020

Version Image address Release date Description Impact
v1.0.10.133-g001396b-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.133-g001396b-aliyun 2020-01-10
  • The NetworkPolicy feature can be disabled.
  • IPVLAN is supported for network virtualization in inclusive ENI mode.
No impact on workloads

December 2019

Version Image address Release date Description Impact
v1.0.10.122-gd0be015-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.122-gd0be015-aliyun 2019-12-24 The efficiency of IP address allocation is optimized in inclusive ENI mode. No impact on workloads

October 2019

Version Image address Release date Description Impact
v1.0.10.100-g92a3fa5-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.10.100-g92a3fa5-aliyun 2019-10-11 The issue that the host node is not ready when a large number of jobs concurrently request resources is fixed. No impact on workloads

August 2019

Version Image address Release date Description Impact
v1.0.9.20-g35ae000-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.9.20-g35ae000-aliyun 2019-08-23 Kubernetes 1.14.6 is supported. No impact on workloads

April 2019

Version Image address Release date Description Impact
v1.0.9.15-g3957085-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.9.15-g3957085-aliyun 2019-04-11 The issue that the Terway update occasionally fails is fixed. No impact on workloads

March 2019

Version Image address Release date Description Impact
v1.0.9.14-ga0346bb-aliyun registry.cn-hangzhou.aliyuncs.com/acs/terway:v1.0.9.14-ga0346bb-aliyun 2019-03-28
  • The issue that Terway fails to obtain the ENI information when throttling is applied to the meta server is fixed.
  • The issue that the failed to move veth to host netns: file exists error is returned when you create a container is fixed.
  • Periodic scanning is supported to check the status of ENIs. ENIs that are abnormally released are periodically reclaimed.
  • Health checks are supported. TCP port check is performed instead of HTTP path check.
No impact on workloads