Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Kubernetes overlay network comparison

Tags:

kubernetes

flannel

weave

openvswitch

calico

I was wondering if someone could give me a brief overview of the differences/ advantages between all of the different Kubernetes network overlays. The getting started guide (http://kubernetes.io/docs/getting-started-guides/scratch/#network) mentions the following:

  • Flannel
  • Calico
  • Weave
  • Romana
  • Open vSwitch (OVS)

But doesn't really explain what the differences between them are or what the advantages and disadvantages each one has. I was wondering if someone could give me an idea of which one of these solutions I should be using for a bare metal CentOS 7 cluster.

Thanks!

like image 612
David Newswanger Avatar asked Oct 31 '16 17:10

David Newswanger

People also ask

Which is the best CNI for Kubernetes?

Thus Flannel is a great entry level choice for Kubernetes cluster networking, however, if you are looking for advance networking features, you may want to consider other CNI options such as Calico.

Does Kubernetes need an overlay network implementation?

Many Kubernetes network implementations use overlay networks. Typically for these deployments, when a pod initiates a connection to an IP address outside of the cluster, the node hosting the pod will use SNAT (Source Network Address Translation) to map the source address of the packet from the pod IP to the node IP.

What is Kubernetes overlay network?

You often hear about overlay networks in the context of Kubernetes networking. While this may sound complicated, an overlay network simply involves another layer of encapsulation for network traffic. For example, the Flannel network plugin takes traffic from a pod and encapsulates it inside the VXLAN protocol.

What is the difference between calico and Flannel?

Flannel is an overlay network mechanism where as Calico is basically a pure L3 play. Flannel works by using a vxlan device in conjunction with a software switch like linux bridge or ovs. Container A when tries to reach container B on different host the traffic is pushed to the bridge on host A via the VETH pair.

1 Answers

This comparison matrix was shared several times on Kubernetes' Slack and may be useful.

However, beware potentially out-of-date information, keep in mind the "devil is in the details" so the reality may not be as simple as it would seem according to this document. All available solutions will have pros and cons, but will also be more suitable for some use-cases than others, so as always, it is a question of trade-offs and YMMV.

like image 194
Marc Carré Avatar answered Dec 15 '22 12:12

Marc Carré
Sign in to Comment

Related questions

eks iam roles for services account not working
Monitor only one namespace metrics - Prometheus with Kubernetes
How can I create a Kubernetes Secret with Ansible?
Limit the number of pods per node
Authenticating standalone gsutil in containers in Cloud ML Engine on Kubernetes with Workload Identity
Handling cronjobs in a Pod with multiple containers
Kubernetes API: cannot list resource "pods" in API group ""
MySQL router in kubernetes as a service
Can We use Multiple AWS ACM Certificates at Nginx-Ingress-Contoller OR Multiple ACM certificate at Ingress object level?
Does a simple monolith application need kubernetes to manage
Selectively apply nameprefix/namesuffix in kustomize
Azure kubernetes - python to read configmap?
K8S pods with two replicas on different nodes
Kubernetes pod stuck in pending state and no events
How can I remove dependency of secrets from application pod in K3s cluster
Deploying a Kubernetes cluster to Digital Ocean?
Kubernetes with Vagrant nodes won't register
GKE: secured access to services from outside the cluster
Is it possible to exclude labels with nodeSelector?
How to disable http traffic and force https with kubernetes ingress on gcloud

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!