Release v1.3.0

NSM v1.3.0 is released via a set of example use cases.

Kubernetes Compatibility

NSM v1.3.0 has been successfully integration tested with Kubernetes versions:

  • v1.23.0
  • v1.22.1
  • v1.21.1
  • v1.20.7
  • v1.19.11
  • v1.18.15

Public Cloud Capability

NSM v1.3.0 has been tested on GKE, AKS, EKS, and on vanilla K8s on bare metal in Equinix Metal, Cross public clusters.

Changes since v1.2.0

vL3

Implementation of a virtual Layer 3 (vL3) Network Service(NS) that can be used to provide a common routing domain (or vrf) to which workloads in different clusters/cloud providers may attach.

Try NSM vL3 Example

NSM+Calico-VPP Integration

Allow NSM to utilize external VPP instances it did not create itself. This would allow NSM and Calico-VPP to share a single VPP instance on a Node, improving performance in that case.

Note: You need only to change the CNI and NSM will work without any additional changes.

Try NSM using the same VPP as Calico-CNI

Enable Mutually Aware NSEs to overlap in IPAM/Routes

NSM by default presumes that all NSEs are ‘mutually ignorant’, meaning they do not know about each other. For this reason, if an NSM currently precludes ‘overlap’ in the assigned IPs and requested routes between the various NSEs to which a NSC is connected. Enabling Mutually Aware NSEs allows this limitation to be loosened in the case that two or more NSEs signal mutual awareness. This enables certain ‘multi-homing’ cases.

Try Mutually Aware NSE with overlap in IPAM/Routes Example

Update spire to v1.2.2

In this version SPIRE fixes a few critical performance issues. See at details https://github.com/spiffe/spire/releases/tag/v1.2.2

Update Policy Based Routing

The Policy Based Routing has been updated to support source port. There is a non-backward compatibility change in the API PolicyRoute message since the proto has been changed to string instead of uint32 and the port field has been removed and dst_port/src_port added.

See at details

Added possibility to update some properties of the IP Context of a connection from the NSC without having to close and re-request. Planned to improve it to support all IP context properties and add more examples.