BestHub
Sign in
Cloud Native 12 min read

How to Switch Calico Between BGP, IPIP, and Cross‑Subnet Modes in Kubernetes

This guide explains how to configure the Calico CNI plugin for Kubernetes, covering the supported networking modes (BGP, IPIP, cross‑subnet), how to switch between them, set up route reflectors, adjust MTU, manage AS numbers, modify IP pools, disable SNAT, and assign fixed pod IPs.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
How to Switch Calico Between BGP, IPIP, and Cross‑Subnet Modes in Kubernetes

Applicable Scope

The guide applies to Kubernetes versions v1.14.x, v1.15.x, v1.16.x and Calico version v3.13.4.

Overview

Calico is an open‑source networking and network‑security solution for containers, virtual machines, and host workloads. It supports platforms such as Kubernetes, Docker, OpenStack, and bare‑metal. Calico provides several networking modes:

BGP mode: Nodes act as virtual routers using the BGP protocol to enable inter‑pod communication.

IPIP mode: A new IP packet is encapsulated inside the original IP packet, replacing source and destination IPs with the host IPs.

Cross‑subnet mode: Combines BGP for same‑subnet nodes and IPIP for cross‑subnet nodes, useful when BGP cannot be used across subnets.

Switching Calico to BGP Mode

After deployment, Calico uses the calico-ipip mode by default. To change to BGP mode, edit the calico-node DaemonSet and set the environment variables:

CALICO_IPV4POOL_IPIP=off
FELIX_IPINIPENABLED=false

Restart the nodes and verify that routes to other nodes now use the host network interface instead of the tunl0 tunnel.

Switching Calico to Cross‑Subnet Mode

Modify the IPPool resource to set ipipMode to crossSubnet: kubectl edit ipPool/default-ipv4-ippool Change ipipMode to crossSubnet, delete the existing Calico‑node pod so it is recreated, and verify that same‑subnet nodes use BGP while cross‑subnet nodes use IPIP.

Configuring a Route Reflector

Installing calicoctl

Calicoctl can be installed as a binary on a single host, as a container, or as a Kubernetes pod. Example binary installation:

curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.13.3/calicoctl
chmod +x calicoctl
cp calicoctl /usr/bin/

Configure calicoctl to connect to the Kubernetes datastore:

export CALICO_DATASTORE_TYPE=kubernetes
export CALICO_KUBECONFIG=~/.kube/config
calicoctl node status

Calico Node‑to‑Node Mesh

By default Calico uses a full mesh. In large clusters this can be costly, so a BGP route reflector is used to reduce the number of peer relationships.

Disabling Node‑to‑Node Mesh

cat <<EOF | calicoctl apply -f -
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: false
  asNumber: 63400
EOF

Setting a Route Reflector

Label a node as a route reflector and assign a cluster ID:

calicoctl patch node rke-node4 -p '{
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment