Home Explore Blog CI



kubernetes
3rd chunk of `content/en/blog/_posts/2017-09-00-Windows-Networking-At-Parity-With-Linux.md`
44d29e7a35066f3709b4680e46b705167fbdc054de3e712d00000001000009ca
 Now that Windows Server has [joined](https://blogs.technet.microsoft.com/hybridcloud/2017/07/13/new-windows-server-preview-release-available-to-windows-insiders/) the [Windows Insider Program](https://insider.windows.com/), customers and partners can take advantage of these new platform features today which accrue value to eagerly anticipated, new feature release later this year and new build after six months. The latest Windows Server insider [build](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver) now includes support for all of these platform improvements.  

 In addition to the platform improvements for Windows, the team submitted code (PRs) for CNI, kubelet, and kube-proxy with the goal of mainlining Windows support into the Kubernetes v1.8 release. These PRs remove previous work-arounds required on Windows for items such as user-mode proxy for internal load balancing, appending additional DNS suffixes to each Kube-DNS request, and a separate container endpoint for external (internet) connectivity.  



- [https://github.com/kubernetes/kubernetes/pull/51063](https://github.com/kubernetes/kubernetes/pull/51063)
- [https://github.com/kubernetes/kubernetes/pull/51064](https://github.com/kubernetes/kubernetes/pull/51064)

 These new platform features and work on kubelet and kube-proxy align with the CNI network model used by Kubernetes on Linux and simplify the deployment of a K8s cluster without additional configuration or custom (Azure) resource templates. To this end, we completed work on CNI network and IPAM plugins to create/remove endpoints and manage IP addresses. The CNI plugin works through kubelet to target the Windows Host Networking Service (HNS) APIs to create an 'l2bridge' network (analogous to macvlan on Linux) which is enforced by the VFP switch extension.  

 The 'l2bridge' network driver re-writes the MAC address of container network traffic on ingress and egress to use the container host's MAC address. This obviates the need for multiple MAC addresses (one per container running on the host) to be "learned" by the upstream network switch port to which the container host is connected. This preserves memory space in physical switch TCAM tables and relies on the Hyper-V virtual switch to do MAC address translation in the host to forward traffic to the correct container. IP addresses are managed by a default, Windows IPAM plug-in which requires that POD CIDR IPs be taken from the container host's network IP space.
Title: Windows Server Insider Program and Kubernetes v1.8 Support
Summary
Windows Server has joined the Windows Insider Program, allowing customers to use new platform features. Code has been submitted to CNI, kubelet, and kube-proxy to streamline Windows support in Kubernetes v1.8, eliminating workarounds. A CNI network and IPAM plugins create/remove endpoints and manage IP addresses using the Windows Host Networking Service (HNS) APIs to create an 'l2bridge' network, enforced by the VFP switch extension. The 'l2bridge' network driver re-writes the MAC address of container network traffic which obviates the need for multiple MAC addresses.