Enabling SCTP in Openshift Container Platform 4

Solution Verified - Updated 14 Jun 2024

Environment

OpenShift Container Platform >=4.4

Issue

Making use of SCTP protocol such as in the following deployment requires additional steps for it to fully work.

apiVersion: v1
kind: Pod
metadata:
  namespace: sctpdemo
  name: sctpserver
  labels:
    app: sctpserver
spec:
  containers:
    - name: sctpserver
      image: fedora:31
      command: ["/bin/sh", "-c"]
      args:
       ["dnf install -y lksctp-tools && sctp_test -H localhost -P 30100 -l"]
      ports:
        - containerPort: 30100
          name: sctpserver
          protocol: SCTP
---
apiVersion: v1
kind: Service
metadata:
  namespace: sctpdemo
  name: sctpserver
  labels:
    app: sctpserver
spec:
  selector:
    app: sctpserver
  ports:
    - name: sctpserver
      protocol: SCTP
      port: 30100
      targetPort: 30100
  type: ClusterIP

In order to expose SCTP port(s), the protocol field of the relevant port must be set to SCTP.

ports:
   - containerPort: 30100
      name: sctpserver
      protocol: SCTP

Resolution

Create the following machineconfig so that sctp module is not blacklisted and enabled at boot time, adapting the label to match the target nodes and wait for it to be applied:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker
  name: load-sctp-module
spec:
  config:
    ignition:
      version: 2.2.0
    storage:
      files:
        - contents:
            source: data:,
            verification: {}
          filesystem: root
          mode: 420
          overwrite: true
          path: /etc/modprobe.d/sctp-blacklist.conf
        - contents:
            source: data:text/plain;charset=utf-8,sctp
          filesystem: root
          mode: 420
          overwrite: true
          path: /etc/modules-load.d/sctp-load.conf

After that, launching the pod sample above will result in having the sctp server listening:

Starting tests... 	
socket(SOCK_SEQPACKET, IPPROTO_SCTP) -> sk=3 	
bind(sk=3, [a:::1,p:30100]) -- attempt 1/10 
listen(sk=3,backlog=100) 
Server: Receiving packets.

Root Cause

OpenShift Container Platform includes the capability of using SCTP connections. The Stream Control Transmission Protocol (SCTP) is a computer networking communications protocol which operates at the transport layer and serves a role similar to the popular protocols TCP and UDP.

Within the OpenShift Container Platform you can:

establish pod to pod SCTP connections.
expose SCTP ClusterIP Services.
expose SCTP NodePort Services.

This is achieved by specifying the protocol field to SCTP the same way is done with TCP.

The SCTP protocol is enabled by default in OpenShift. However, in order to be able to use it, some tweaking is necessary. This is because the SCTP kernel module is blacklisted by default.

In order for applications to be able to load the module, two different actions need to be performed:

unblacklisting the kernel module.
having it loaded at boot time.
This can be achieved applying the indicated machine configuration file.
The effect of applying it is:
unblacklisting the sctp module from /etc/modprobe.d/sctp-blacklist.conf
loading it at boot time by writing it to /etc/modules-load.d/sctp-load.conf

Diagnostic Steps

Launch the sample deployment
Run the following command sctp_test -H localhost -P 30100 -l The following error appears

local:addr=::, port=rwp, family=10
seed = 1578660506
Starting tests...
	socket(SOCK_SEQPACKET, IPPROTO_SCTP)
		*** socket: failed to create socket:  Socket type not supported ***

Product(s)

Red Hat OpenShift Container Platform

Category

Performance tune

Tags

sctp

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.