Understanding Flannel: Deployment, Modes, and Packet Flow in Kubernetes

Flannel, maintained by CoreOS, is a networking component for Kubernetes that assigns each Pod a globally unique IP address and stores the mapping between Pod subnets and node IPs in etcd; the flanneld daemon runs on every host to maintain etcd information and routing tables.

Deployment

Apply the official manifest with:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Working modes and principles

Flannel supports several data‑forwarding methods:

UDP – the earliest mode, now deprecated due to poor performance.

VXLAN – an overlay network that encapsulates original packets inside another network packet.

Host‑GW – the agent writes container routes directly into the host routing table, giving every host a full view of the container network.

Directrouting – a hybrid of VXLAN and Host‑GW.

VXLAN configuration example

When using kubeadm, specify the pod network CIDR:

kubeadm init --pod-network-cidr=10.244.0.0/16

In the controller‑manager configuration enable node CIDR allocation:

--allocate-node-cidrs=true \ --cluster-cidr=10.244.0.0/16 \

Typical kube-flannel.yml snippet:

{ "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } }

VXLAN creates a virtual tunnel endpoint (VTEP) on each host; the VTEP device (e.g., flannel.1 ) handles encapsulation and decapsulation of packets.

Packet transmission flow (Pod 1 → Pod 2)

Container routing: the container sends the packet via eth0 according to its routing table.

Host routing: the packet reaches the host’s virtual interface cni0 , which forwards it to the VTEP device flannel.1 (the tunnel entry point).

VXLAN encapsulation: the VTEP adds a VXLAN header and looks up the destination MAC address from its ARP table (e.g., 10.244.2.0 lladdr d2:d0:1b:a7:a9:cd PERMANENT ).

Second‑layer encapsulation: the kernel wraps the VXLAN packet into an Ethernet frame suitable for the host network.

UDP packet creation: the packet is placed into a UDP datagram, using the FDB (forwarding database) maintained by flanneld to resolve the destination host’s MAC address.

Delivery: the UDP packet travels over the physical network to the destination host, where it is decapsulated, handed to flannel.1 , and finally delivered to the target container via the cni0 bridge.

--- end ---