CFP: Add support for the SCTP protocol

[DolceTriade]

Cilium Feature Proposal

Introduced in k8s 1.12

kubernetes/kubernetes#64973

• M1
• M2
• M3

Work Breakdown

The work can be broken down into 3 subtasks that can be tackled sequentially. Simply achieving M1 great benefit because it enables a significant amount of SCTP use cases and M1 can be achieved right now. M2 will enable most SCTP usecases but will require kernel modifications.

M1 - Limited Support for Pod <-> Service communication

Currently, Cilium simply drops SCTP packets. This GitHub PR fixes things for limited use cases. With a little work, this SCTP PR can be updated to provide support for Pod <-> Service communication and NetworkPolicy support as long as no port translation is required (ie, targetPort == containerPort). Modifying the ports means modifying the SCTP header. Modifying the SCTP header will change the checksum, which will cause packets to fail checksum validation. SCTP uses a crc32c checksum on the SCTP header and data, which is not easily supportable in eBPF. As long as any modifications to the packet do not modify the SCTP header (ie, we only modify the L2 or L3 headers) SCTP will work fine.

M2 - Port Translation Support

In order to add port translation support, we will need to expose kernel hooks to re-checksum the packet if we modify the ports. Note that this does not fully mean SCTP NAT is supported, since there is more to SCTP NAT than just port translation. This means that we will need to upstream this support into the Linux kernel, which will take time.

M3 - Multihoming and Beyond

This work is unscoped for now and will involve deeper parsing of SCTP packets which may not be performant (or feasible) under eBPF.

[github-actions]

This issue has been automatically marked as stale because it has not
had recent activity. It will be closed if no further activity occurs.

[DolceTriade]

M1 is complete. Working with the kernel devs to add a new api for M2

[github-actions]

This issue has been automatically marked as stale because it has not
had recent activity. It will be closed if no further activity occurs.

[Hiiirad]

Dear Technical Team,

I was referred to your team through LinkedIn to request a new feature.

I am writing to request the addition of the "Multihoming" feature to the SCTP protocol in the Cilium product. This feature is essential for the Telco Cloud industry and would greatly benefit our organization, as well as the Telecommunication Industry in 5G and 6G.

Multihoming refers to the ability of a network node to maintain multiple network addresses and interfaces, which allows for increased redundancy and improved fault tolerance. Currently, we are using Multus CNI to utilize the Multihoming feature in the SCTP protocol. However, with the increasing complexity of Telco Cloud networks, we consider this feature to be a necessity.

By adding Multihoming to the SCTP protocol in Cilium, we would be able to better manage our network resources and ensure high availability for our customers. This feature would also improve the overall performance of our Telco Cloud infrastructure, enabling us to deliver a more reliable and efficient service with your distinguished product.

Thank you for considering our request. We look forward to discussing this further with you and your technical team.

Respectfully,
Hirad