This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of theService Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions.

This page explains how to deploy workloads that use the Stream Control TransmissionProtocol (SCTP) on Google Kubernetes Engine (GKE) Standard clusters.

SCTP is supported on Cilium technology. BecauseGKE Dataplane V2 is implementedusing Cilium, you can use SCTP only on clusters that have been enabled withGKE Dataplane V2. With SCTP support, you can enable direct SCTP communicationfor Pod-to-Pod and Pod-to-Service traffic. To learn more, seeSCTP support on Cilium.

This page is for Operators and Developers whoprovision and configure cloud resources and deploy apps and services. To learnmore about common roles and example tasks referenced in Google Cloudcontent, seeCommon GKE user roles and tasks.

Before you begin

Before you start, make sure that you have performed the following tasks:

• Enable the Google Kubernetes Engine API.
Enable Google Kubernetes Engine API
• If you want to use the Google Cloud CLI for this task,install and theninitialize the gcloud CLI. If you previously installed the gcloud CLI, get the latest version by running thegcloud components update command. Earlier gcloud CLI versions might not support running the commands in this document.Note: For existing gcloud CLI installations, make sure to set thecompute/regionproperty. If you use primarily zonal clusters, set thecompute/zone instead. By setting a default location, you can avoid errors in the gcloud CLI like the following:One of [--zone, --region] must be supplied: Please specify location. You might need to specify the location in certain commands if the location of your cluster differs from the default that you set.

Requirements and limitations

SCTP support on GKE Standard clusters has the followingrequirements and limitations:

• Your cluster must run GKE version 1.32.2-gke.1297000 or later.
• Cluster nodes must useUbuntu node images.SCTP is not supported for Container-Optimized OS images.
• To enable SCTP support, ensure that your Ubuntu-based container images and theunderlying GKE node OS is loaded with thesctp kernel module.
• You can't use SCTP on clusters that are enabled withmulti-network support for Pods.
• The setup time for an SCTP association can take longer than the setup time fora TCP connection. Design your applications to handle potential delays whileassociations are established.
• To learn more about what Cilium supports and doesn't support with SCTP, see theCilium documentation.

Deploy workloads with SCTP

From GKE version 1.32.2-gke.1297000, SCTP is enabled by default in clusters that use GKE Dataplane V2and Ubuntu node images. To deploy workloads with SCTP, complete the following steps:

1. To create a cluster with GKE Dataplane V2 and Ubuntu images, run the following command:

   gcloudcontainerclusterscreateCLUSTER_NAME\--location=CONTROL_PLANE_LOCATION\--cluster-version=CLUSTER_VERSION\--enable-dataplane-v2\--image-type=ubuntu_containerd

   Replace the following values:

   • CLUSTER_NAME: the name of your cluster.
   • CONTROL_PLANE_LOCATION: the Compute Enginelocation of the control plane of yourcluster. Provide a region for regional clusters, or a zone for zonal clusters.
   • CLUSTER_VERSION: the GKE version, which must be1.32.2-gke.1297000 or later.

2. To containerize the application, ensure that your container image includes anapplication that is configured to use SCTP. You can use any application thatsupports SCTP, such as a custom application.

   The following is an example of aDockerfile to containerize the application,assuming you use Docker:

   FROM ubuntu:latestRUN apt-get update && apt-get install -y socat# Run a simple SCTP echo server.  This command uses socat to listen for# incoming SCTP connections on a specified port and echo back any received data.# The 'fork' option ensures that a new process is created for each connection.# Replace "PORT" below with the desired port number.CMD ["socat", "PIPE", "SCTP-LISTEN:PORT,fork"]

   Build and push the imageto a container registry like Artifact Registry. For more information about how thisfile works, seeDockerfile reference in the Dockerdocumentation.

3. To create a Deployment and a Service, save the following manifest assctp-deployment.yaml:

   apiVersion:apps/v1kind:Deploymentmetadata:name:sctp-appspec:replicas:1selector:matchLabels:app:sctp-apptemplate:metadata:labels:app:sctp-appspec:containers:-name:sctp-containerimage:CONTAINER_IMAGEports:-containerPort:PORTprotocol:SCTP---apiVersion:v1kind:Servicemetadata:name:sctp-servicespec:selector:app:sctp-appports:-protocol:SCTPport:PORTtargetPort:PORTtype:ClusterIP

   Replace the following:

   • CONTAINER_IMAGE: the container image you built inthe preceding step.
   • PORT: the SCTP port and target port numbers of the application. The value forport andtargetPort must be the same.
   Important: Theport andtargetPort values must be the same because Cilium doesn't support rewriting ports for SCTP packets.

4. To apply the Deployment and Service, run the following command:

   kubectlapply-fsctp-deployment.yaml

5. To verify SCTP connectivity for the Service, create a Pod within the same cluster and run the following command:

   kubectlrunsctp-client\--image=ubuntu:latest\--namespace=default\-it--rm\--command--bash-c'apt-get update && apt-get install -y socat && (echo "Hello, SCTP!"; sleep 1) | socat - SCTP:sctp-service:PORT'

   The output is similar to the following:

   Preparing to unpack .../socat_1.8.0.0-4build3_amd64.deb ...Setting up socat (1.8.0.0-4build3) ...Hello, SCTP!

Troubleshooting

If you experience issues with SCTP connectivity, follow this guidance to helpdetermine the source of the issue:

• Check Pod logs. To check the logs of your application for any errors, run thefollowing command:

  kubectllogsPOD_NAME

  These logs can help you identify what caused the Pod to crash.

• Check the status of the SCTP Service object:

  kubectldescribeserviceSCTP_SERVICE_NAME

• Check your network policies. Network policies can restrict SCTP traffic.Ensure that your network policies allow the necessary SCTP traffic for yourapplications.

• Check the status of GKE Dataplane V2. To verify that GKE Dataplane V2 isenabled on your cluster, run the following command:

  kubectl-nkube-systemgetpods-lk8s-app=cilium-owide

  Verify that the output includes Pods with the prefixanetd-. anetd is the networking controller for GKE Dataplane V2.

• To improve throughput, increase thesysctl parametersnet.core.wmem_default andnet.core.rmem_default to a larger value, forexample, 4194304 (4 MB). For more information, seeSysctl configuration options.

• You might face issues if you use Network Address Translation (NAT) with SCTP in GKE. For more information about what Cilium supports with SCTP, see theCilium documentation.

• SCTP packets are subject to the Maximum Transmission Unit (MTU) of thenetwork. Ensure that your network's MTU is sufficient for your SCTP traffic.

• The performance of SCTP can be affected by factors such as network latency,packet loss, and kernel tuning. Monitor the performance of your application'sSCTP and adjust the settings as needed.

What's next

• Learn about SCTP support in theCilium documentation.
• Learn how toenable GKE Dataplane V2 on yourcluster.