Understanding Kubernetes Networking: Pods, Services, and CNI Options

Kubernetes Network Communication

a. Container‑to‑container communication within the same pod uses the loopback interface (lo).

b. Pod‑to‑pod communication occurs directly via pod IPs without any translation.

c. Pod‑to‑service communication uses the pod IP, the cluster IP (service IP), and back to the pod IP, implemented through iptables or IPVS.

d. Service clusters communicate with external networks via the service’s external IP.

CNI Network Interfaces

Flannel provides address allocation but lacks network policy support. It defaults to a VXLAN backend, creating a flannel.1 tunnel interface and a cni0 interface for pod communication.

Flannel supports multiple backends:

VXLAN: overlay network mode.

DirectRouting (host‑gw): direct routing mode, not recommended for large clusters due to broadcast storms.

UDP: generally avoided because of poor performance.

Calico is more complex to deploy but offers address allocation, network policies, and three‑layer routing with better performance. It includes a powerful control plane based on BGP.

Calico Network Optimization

1. IPIP mode: traffic is encapsulated in a tunl0 device, suitable for cross‑subnet pod communication but incurs slight overhead.

2. BGP mode: by setting CALICO_IPV4POOL_IPIP to "off" in calico.yaml, IPIP is disabled and BGP routing is used. BGP provides native host‑gateway routing, higher efficiency, and works well for large, same‑subnet pod networks.

Images illustrate the network topologies for IPIP and BGP configurations.