Multicast Support in Cilium (Beta)

Note

This is a beta feature. Please provide feedback and file a GitHub issue if you experience any problems.

The multicast capability allows user application to distribute data feeds to multiple consumers in the Kubernetes cluster. The container network multicast transmission technology based on eBPF focuses on solving the problem of efficient multicast transmission in the container network and provides support for multiple multicast protocols.

This document explains how to enable multicast support and configure Cilium and CiliumNode with multicast group IP addresses and subscribers.

Prerequisites

This guide assumes that Cilium has been correctly installed in your Kubernetes cluster. Please see Cilium Quick Installation for more information. If unsure, run cilium status and validate that Cilium is up and running. This guide also assumes Cilium is configured with vxlan mode, which is required when using multicast capability.

Multicast only works on kernels >= 5.10 for AMD64, and on kernels >= 6.0 for AArch64.

Enable Multicast Feature

Multicast support can be enabled by updating cilium-config ConfigMap as following:

$ cilium config set multicast-enabled true
✨ Patching ConfigMap cilium-config with multicast-enabled=true...
♻️  Restarted Cilium pods

Configure Multicast and Subscriber IPs

To use multicast with Cilium, we need to configure multicast group IP addresses and subscriber list based on the application requirements. This is done by running cilium-dbg command in each cilium-agent pod. Then, multicast subscriber pods can send out IGMP join and multicast sender pods can start sending multicast stream.

As an example, the following guide uses 239.255.0.1 multicast group address.

Get all CiliumNode IP addresses to be set as multicast subscribers:

$ kubectl get ciliumnodes.cilium.io
NAME                 CILIUMINTERNALIP   INTERNALIP   AGE
kind-control-plane   10.244.0.72        172.19.0.2   16m
kind-worker          10.244.1.86        172.19.0.3   16m

To set multicast IP address, enable multicast BPF maps in each cilium-agent:

### add multicast IP address
$ cilium-dbg bpf multicast group add 239.255.0.1

### check multicast IP address
$ cilium-dbg bpf multicast group list
Group Address
239.255.0.1

Then, set the subscriber IP addresses in each cilium-agent:

### cilium-agent on kind-control-plane
$ cilium-dbg bpf multicast subscriber add 239.255.0.1 10.244.1.86
$ cilium-dbg bpf multicast subscriber list all
Group           Subscriber      Type
239.255.0.1     10.244.1.86     Remote Node

### cilium-agent on kind-worker
$ cilium-dbg bpf multicast subscriber add 239.255.0.1 10.244.0.72

Note

This multicast subscriber IP addresses are different CiliumNode IP addresses than your own one.

When you want to remove multicast IP addresses and subscriber list, run the following commands in the cilium-agent.

$ cilium-dbg bpf multicast group delete 239.255.0.1
$ cilium-dbg bpf multicast subscriber delete 239.255.0.1 10.244.0.72

Limitations

  • The operation needs to be done on each CiliumNode that uses multicast feature.

  • This feature does not work with ipsec encryption between Cilium managed pod.