This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 24%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHH%3C/text%3E%3C/svg%3E)
I am trying to implement diameter using SCTP on Azure AKS. Wonder if this is something currently supported by Azure? The kubernetes version is latest, 1.21.2.
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
I am looking into internal resources to confirm on this. Thanks.
Thank you and how do I enable this if this is supported with latest Kubernetes version? Any compatibility with network or network policy selection?
@Haitao Huang , when using service.spec.ports[].protocol=SCTP, Services of service.spec.type set to ClusterIP or NodePort, are supported by kube-proxy. FEATURE STATE: Kubernetes v1.20 [stable]
According to the Kubernetes documentation,
For type=LoadBalancer Services, SCTP support depends on the cloud provider offering this facility. (Most do not).
Services of service.spec.type=LoadBalancer with service.spec.ports[].protocol=SCTP are not supported in AKS, at the time of writing, as Azure Load Balancer currently supports only TCP/UDP-based protocols such as HTTP, HTTPS and SMTP, and protocols used for real-time voice and video messaging applications. [Reference]
If you try to create a Service of type LoadBalancer on AKS with service.spec.ports[].protocol=SCTP you would see messages like the following in the Events section of kubectl describe service:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal EnsuringLoadBalancer 4s (x2 over 11s) service-controller Ensuring load balancer
Warning SyncLoadBalancerFailed 3s (x2 over 9s) service-controller Error syncing load balancer: failed to ensure load balancer: only TCP and UDP are supported for Azure LoadBalancers
Calico and Azure Network Policies both accept networkpolicy.spec.egress[].ports[].protocol=SCTP and networkpolicy.spec.ingress[].ports[].protocol=SCTP
As a stable feature in upstream Kubernetes, the SCTPSupport feature gate is enabled by default. When the feature gate is enabled, you can set the protocol field of a NetworkPolicy to SCTP. FEATURE STATE: Kubernetes v1.20 [stable]
To disable SCTP at a cluster level, the SCTPSupport feature gate must be disabled for the API server with --feature-gates=SCTPSupport=false,…. Reference which is not possible in AKS since AKS is a managed Kubernetes Service and the control plane is abstracted from the user. Reference
However, currently although kube-proxy accept SCTP as a valid protocol, for ClusterIP and NodePort Services, the latest shipped AKS node image AKSUbuntu-1804gen2containerd-2021.09.19 based on the 5.4.0-1056-azure kernel does not support SCTP.
Here was bunch of tests that I executed:
root@aks-nodepool1-29819654-vmss000000:/# chroot /host
Hope this helps.
Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.
@SRIJIT-BOSE-MSFT Thank you and this is very useful.
I only tried two pods to test this (diameter/SCTP). My environment is Azure CNI + Calico policy.
Wonder if i missed anything, did you have chance to test diameter/SCTP working inside AKS - just two pod as client and server to talk to each other? My service definition is fairly simple:
apiVersion: v1
kind: Service
metadata:
name: diameter-service
namespace: app-01
labels:
app: diameter
spec:
type: ClusterIP
selector:
app: diameter
ports:
- name: diameter
protocol: SCTP
port: 3868
targetPort: 3868
09/29/21,16:44:20.539510 ERROR ERROR: in '(sock = socket(family, 1, 132))' : Protocol not supported
09/29/21,16:44:20.539522 ERROR ERROR: in '(fd_sctp_create_bind_server( &cnx->cc_socket, cnx->cc_family, ep_list, port ))' : Protocol not supported
09/29/21,16:44:20.539528 ERROR ERROR: in '(s->conn = fd_cnx_serv_sctp(fd_g_config->cnf_port, empty_conf_ep ? ((void)0) : &fd_g_config->cnf_endpoints))' : Invalid argument
@Haitao Huang , thank you for pointing that out. At the time of writing although kube-proxy accepts SCTP as a valid protocol, for ClusterIP and NodePort Services, the latest shipped AKS node image AKSUbuntu-1804gen2containerd-2021.09.19 based on the 5.4.0-1056-azure kernel does not support SCTP.
Here was bunch of tests that I executed:
root@aks-nodepool1-29819654-vmss000000:/# chroot /host
@SRIJIT-BOSE-MSFT , This is great information and thank you!
Any plan to support SCTP node level?
Thank you!
@SRIJIT-BOSE-MSFT , thank you for all the detailed information and this is really helpful.
We tried to update the default script, SCTP can be enabled on the nodes and pods can talk to each other using SCTP.
It will be great to have options to enable this when build the cluster.
Thanks again! Haitao
@Haitao Huang , I have checked internally. This is not currently on the roadmap as I write. However, we have forwarded a request to our internal teams for review. To stay up-to-date on the AKS Road Map please keep an eye here.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 48%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZK%3C/text%3E%3C/svg%3E)
@Haitao Huang I want to connect with you on the SCTP implementation in the network, as I am struggling for SCTP in 5G implementation of Azure/AWS, pls share ur LinkedIn id.