Networking
The Calico network plugins provide a range of networking options to fit your implementation and maximize performance.
Getting started
Determine best networking option
Compare networking options in Calico Open Source — overlay versus non-overlay, BGP routing, CNI choices, and IPAM modes — to pick the right combination for your environment.
About networking
Learn about networking!
About Kubernetes Networking
Learn about Kubernetes networking!
Configuring networking
Configure BGP peering
Configure BGP peering for Calico Open Source — full mesh, node-specific peers, top-of-rack switches, and Calico route reflectors — using BGPPeer and BGPConfiguration resources.
Overlay networking
Pick between VXLAN and IP-in-IP overlay modes in Calico Open Source so pod traffic crosses underlay networks that don't route pod CIDRs natively.
Advertise Kubernetes service IP addresses
Advertise Kubernetes service cluster IPs and external IPs out of the cluster over BGP with Calico Open Source so external clients can route to them directly.
Configure MTU to maximize network performance
Tune the Calico Open Source MTU on the FelixConfiguration resource so pod traffic matches the underlying network, including VXLAN, IP-in-IP, and WireGuard overheads.
Configure outgoing NAT
Set NAT outgoing on Calico Open Source IP pools so pod traffic to destinations outside the cluster is source-NATed to the node's IP.
Use IPVS kube-proxy
Run kube-proxy in IPVS mode with Calico Open Source for constant-time service load balancing on clusters with thousands of services.
Accelerate Istio network performance
Accelerate Istio Envoy sidecar traffic on Calico Open Source by using eBPF SOCKMAP to bypass kernel networking layers between the sidecar and the application.
Use a specific MAC address for a pod
Set a chosen MAC address on a Kubernetes pod interface with the Calico Open Source CNI plugin, useful for software licensing tied to MAC.
Use NodeLocal DNSCache in your cluster
Install NodeLocal DNSCache alongside Calico Open Source and configure network policy that lets pod DNS traffic reach the local cache.
Configure QoS Controls
Cap pod ingress and egress bandwidth, packet rate, and connection counts with Calico Open Source QoS controls, plus DiffServ marking on egress traffic.
Add Maglev load balancing to a service
Switch a Kubernetes service to Maglev consistent-hash load balancing on the Calico Open Source eBPF data plane for resilient backend selection.
IP address management
Get started with IP address management
Decide between Calico Open Source IPAM and host-local IPAM, then configure IP pool allocation, NAT outgoing, and per-namespace assignment.
Create multiple IP pools
Create additional Calico Open Source IPPool resources at install time or on a running cluster to serve disjoint ranges, IPv6, or per-topology pod address assignment.
Configure IP autodetection
Choose how Calico Open Source detects each node's primary IP address, with options for first-found, Kubernetes internal, interface regex, CIDR, and skip-interface.
Configure dual stack or IPv6 only
Set up dual-stack or IPv6-only pod networking on Calico Open Source by configuring IP pools, node IP autodetection, and the CNI plugin.
Configure Kubernetes control plane to operate over IPv6
Run the Kubernetes control plane over IPv6 with Calico Open Source for dual-stack or IPv6-only clusters, including kubeadm flags and node configuration.
Add a floating IP to a pod
Attach one or more floating IPs to a Kubernetes pod with Calico Open Source IPAM so external clients can reach the workload over any IP protocol.
Use a specific IP address with a pod
Pin a Kubernetes pod to a chosen IP address with Calico Open Source IPAM by setting a pod annotation that supplies the requested address.
Assign IP addresses based on topology
Bind Calico Open Source IP pools to specific zones, racks, or regions with node selectors so pods receive addresses that match the cluster topology.
Migrate from one IP pool to another
Migrate workloads from one Calico Open Source IPPool to another on a running cluster without disrupting existing pod connectivity.
Change IP pool block size
Resize an IPPool block in Calico Open Source — by creating a replacement pool and migrating workloads — to use IP space more efficiently.
Restrict a pod to use an IP address in a specific range
Restrict pods to a defined IP address range with Calico Open Source so legacy firewalls and security appliances can recognize cluster workloads.
LoadBalancer IP address management
Use the Calico Open Source LoadBalancer controller to allocate addresses to Kubernetes Service type LoadBalancer from configured IP pools.
Networking for OpenStack
Set up a development machine
Walk-through example of provisioning a developer VM on a Calico Open Source OpenStack cloud, with security groups, an external network attachment, and SSH access.
Prepare a VM guest OS for IPv6
Prepare a guest OS image for IPv6 connectivity on Calico Open Source OpenStack VMs by configuring DHCPv6 client behavior and accepting router advertisements.
IP addressing and connectivity
Plan IPv4 and IPv6 address ranges, gateway routing, and Neutron network setup to connect Calico Open Source OpenStack VMs with the data center fabric.
Endpoint labels and operator policy
Reference for the project, network, security-group, and namespace labels that Calico Open Source places on WorkloadEndpoints for OpenStack VMs, plus how to use them in policy.
Configure systems for use with Calico
Configure Nova, Neutron, and DHCP agent settings on OpenStack compute hosts to run Calico Open Source as either a core plugin or an ML2 mechanism driver.
Detailed semantics
Reference for the IP-only connectivity model Calico Open Source provides between OpenStack instances, and how it differs from traditional Neutron L2 semantics.
Floating IPs
Allocate Neutron floating IPs against a Calico Open Source OpenStack tenant network, including router gateways, provider subnets, and core-plugin requirements.
Service IPs
Assign a service IP to a Calico Open Source OpenStack VM by attaching either a Neutron floating IP or an additional fixed IP on the VM port.
Host routes
Configure Neutron subnet host routes so the next-hop IP points at the local hypervisor in Calico Open Source OpenStack deployments and traffic flows correctly.
Multiple regions
Deploy Calico Open Source across multiple OpenStack regions sharing one etcd datastore, with per-region namespaces for inter-region policy.
Kuryr
Use Kuryr together with the networking-calico ML2 driver in Calico Open Source so Neutron provides networking for container workloads.
Calico's interpretation of Neutron API calls
Reference for how Calico Open Source interprets each Neutron API call — networks, subnets, ports, security groups, and Horizon actions — in an OpenStack deployment.