{"id":33598370,"url":"https://github.com/hujun-open/k8slan","last_synced_at":"2026-03-09T20:01:25.848Z","repository":{"id":326796841,"uuid":"1105709137","full_name":"hujun-open/k8slan","owner":"hujun-open","description":"k8slan create virtual LANs across k8s cluster","archived":false,"fork":false,"pushed_at":"2026-02-15T05:15:07.000Z","size":42346,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-15T12:26:34.497Z","etag":null,"topics":["cnf","k8s","lan","vnf"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hujun-open.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-28T03:29:06.000Z","updated_at":"2026-02-15T05:15:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"e4fc6d0c-d36a-4128-ae11-2c7c8b630b60","html_url":"https://github.com/hujun-open/k8slan","commit_stats":null,"previous_names":["hujun-open/k8slan"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/hujun-open/k8slan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hujun-open%2Fk8slan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hujun-open%2Fk8slan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hujun-open%2Fk8slan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hujun-open%2Fk8slan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hujun-open","download_url":"https://codeload.github.com/hujun-open/k8slan/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hujun-open%2Fk8slan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30309998,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T17:35:44.120Z","status":"ssl_error","status_checked_at":"2026-03-09T17:35:43.707Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cnf","k8s","lan","vnf"],"created_at":"2025-11-30T04:01:49.757Z","updated_at":"2026-03-09T20:01:24.785Z","avatar_url":"https://github.com/hujun-open.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# k8slan\nk8slan creates virtual LANs across the k8s cluster, main use case is to have one or multiple virutal layer2 networks that connects CNFs/VNFs;\n\n*note: It is optimized for easy of use and compatiable with CNF/VNF, not for performance*\n\n### Topology\n```mermaid\narchitecture-beta\n service lan(internet)[LAN]\n group worker1[worker1]\n service vxlan1_dev[VxLAN1_dev] in worker1\n group ns[LAN1_NS] in worker1\n service br1(logos:aws-eventbridge)[BR1] in ns\n service vxlan1(logos:nanonets)[VxLAN1] in ns\n service veth_B1(logos:nanonets)[Veth1 Br] in ns\n vxlan1_dev:B --\u003e T:vxlan1\n\n group pod1[pod1] in worker1\n service veth1(logos:nanonets)[Veth1] in pod1\n br1:L -- R:vxlan1\n br1:B -- T:veth_B1\n veth1:L -- R:veth_B1\n \n \n group worker2[worker2]\n service vxlan2_dev[VxLAN2_dev] in worker2\n group ns2[LAN1_NS] in worker2\n service vxlan2(logos:nanonets)[VxLAN2] in ns2\n service br2(logos:aws-eventbridge)[BR2] in ns2\n service veth2_B(logos:nanonets)[Veth2 Br] in ns2\n service veth3_B(logos:nanonets)[Veth3 Br] in ns2 \n vxlan2_dev:B --\u003e T:vxlan2\n \n group pod2[pod2] in worker2\n service veth2(logos:nanonets)[Veth2] in pod2\n br2:R -- L:vxlan2\n br2:B -- T:veth2_B\n veth2:R -- L:veth2_B\n\n group pod3[Kubevirt VM pod3] in worker2\n service macvtap3(logos:nanonets)[macvtap3] in pod3\n service veth3(logos:nanonets)[Veth3] in worker2\n br2:T -- B:veth3_B\n veth3:R -- L:veth3_B\n veth3:T -- B:macvtap3 \n vxlan1:L -- R:lan\n lan:L -- R:vxlan2\n\n```\n\nFor a given virtual LAN, following are created on each participating worker:\n- a dedicate network namespace for the LAN, which contains:\n - a bridge interface\n - a vxlan interface use multicast address that connects all nodes together and also attach to the bridge interface\n - the vxlan underlying device lives in the host namespace, so it is shared across LANs\n - a list of spoke veth interfaces attache to the bridge, one for each local pod attaching to the LAN\n- for a Kubevirt VM pod attached to the LAN\n - a veth interfaces in host NS, which is the corresponding peers of veth interfaces in the LAN NS\n - a macvtap interfaces inside kubevirt VM pod, which is on top of the veth interface in host NS\n- for a other type of pod attached to the LAN\n - a veth interfaces in pod NS, which is the corresponding peers of veth interfaces in the LAN NS\n\n## Installation \n### Prerequisites\nBefore installation, following are required:\n\n- IPv6 is enabled on each worker \n- an interface used as vxlan underlying, this interface must be able to forward IPv6 multicast traffic to other workers; one simple option is a L2 network shared by all workers.\n - note: Global unicast IPv6 address is not required on the interface, link-local address is enough\n- cert-manager\n- multus installed\n\n\n### installation\ninstall the latest release:\n`kubectl apply -f https://github.com/hujun-open/k8slan/releases/latest/download/all.yaml`\n\nThis installs k8slan in the namespace `k8slan-system`. change the namespace in the `all.yaml` if a different namespace is needed.\n\n### installed components\n- macvtap and k8slanveth CNI plugin on each host\n- a k8s namespace: k8slan-system, in the namespace:\n - a deployment: k8slan-controller-manager \n - a daemonset: k8slan-ds (require privilage)\n\n## API\nsee [docs](./docs/api.md)\n\n## Usage\n1. For each virtual LAN, create a LAN CR\n```\napiVersion: lan.k8slan.io/v1beta1\nkind: LAN\nmetadata:\n name: lan-example\nspec:\n ns: knlvrf\n bridge: br2\n vxlan: vx2\n vni: 222\n defaultVxlanDev: eth0\n vxlanDevMap:\n worker1: eth1\n worker2: eth2\n spokes:\n - srl\n - vm\n```\n- `ns` specifies the net namespace dedicate for the virtual LAN, it mounts under `/run/k8slan/netns/` of each k8s worker\n- `bridge` specifies the local bridge interface name, lives in the LAN namespace \n- `vni` specifies the VNI used for the VXLAN tunnel\n- `vxlanDevMap` list which interface to use as vxlan interface underlying device on the specified host, key is the hostname, value is the interface name; if a host is not listed here, then `defaultVxlanDev` is used\n- `spokes` is a list of veth interface names, one for each connecting pod; in case of kubevirt VM, a macvtap interface is created on top of the veth interface.\n- following values must be unique across all LAN CRs\n - ns\n - spoke\n - vni\n\n **Note: having duplicate value for above field could cause networking issue and/or connecting pod failed to create**\n\n2. k8slan will create two NetworkAttachmentDefinition for each spoke in the CR:\n - `k8slan-mac-\u003cspoke\u003e`: use by kubevirt VM to attach\n - `k8slan-veth-\u003cspoke\u003e`: use for pod to attach\n\n note: For a given spoke, only one of these two should be used, not both.\n\n\n3. create the pod/vm attach to the LAN:\n\n3a. for pod \n- reference the NetworkAttachmentDefinition with prefix `k8slan-veth-\u003cspoke\u003e`\n- reference spoke name in resource section: `macvtap.k8slan.io/k8slan-veth-\u003cspoke\u003e: 1`\n\nfollowing is an example for Nokia SRL pod:\n```\napiVersion: v1\nkind: Pod\nmetadata:\n name: srl-test\n annotations:\n k8s.v1.cni.cncf.io/networks: k8slan-veth-srl@e1-1\nspec:\n containers:\n - name: main\n image: ghcr.io/nokia/srlinux:25.7\n command:\n - /tini\n - --\n - /usr/local/bin/fixuid\n - -q\n - /entrypoint.sh\n - sudo\n - -E\n - bash\n - -c\n - \"touch /.dockerenv \u0026\u0026 /opt/srlinux/bin/sr_linux\"\n securityContext:\n privileged: true\n resources:\n limits:\n macvtap.k8slan.io/k8slan-veth-srl: 1\n```\n\n3b. create a kubevirt VM connect to the LAN\n- refer to [kubevirt macvtap guide](https://kubevirt.io/user-guide/network/net_binding_plugins/macvtap/).\n- reference to the NetworkAttachmentDefinition with prefix `k8slan-mac-\u003cspoke\u003e` in the `networks` section\n```\napiVersion: kubevirt.io/v1\nkind: VirtualMachine\nmetadata:\n name: testvm\nspec:\n runStrategy: Always\n template:\n metadata:\n labels:\n kubevirt.io/size: small\n kubevirt.io/domain: testvm\n spec:\n domain:\n devices:\n disks:\n - name: containerdisk\n disk:\n bus: virtio\n - name: cloudinitdisk\n disk:\n bus: virtio\n interfaces:\n - name: default\n masquerade: {}\n - name: link1\n binding:\n name: macvtap\n resources:\n requests:\n memory: 64M\n networks:\n - name: default\n pod: {}\n - name: link1\n multus:\n networkName: k8slan-mac-vm\n volumes:\n - name: containerdisk\n containerDisk:\n image: quay.io/kubevirt/cirros-container-disk-demo\n - name: cloudinitdisk\n cloudInitNoCloud:\n userDataBase64: SGkuXG4=\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhujun-open%2Fk8slan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhujun-open%2Fk8slan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhujun-open%2Fk8slan/lists"}