Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Comparing CNI Models in Container Service for Kubernetes — Alibaba Cloud Series Part 1

Comparing CNI Models in Container Service for Kubernetes — Alibaba Cloud Series Part 1

In this article by our guest author, we will discuss the different CNI models in an Alibaba Cloud Kubernetes (ACK) cluster.

By Sirinat Paphatsirinatthi, Guest Author

Alibaba Cloud Container Service for Kubernetes (ACK) is a Kubernetes service provided by Alibaba Cloud to support large scale architecture like microservices or event driven architecture. Containers in a cluster can communicate each other in the same Kubernetes namespaces or other namespaces, which the backend behind this is the Container Network Interface (CNI).

In the first article of this series, we will try to better understand the characteristics of different CNI models in an ACK cluster. Let’s begin!

Terway

Terway is a container network that leverage elastic network interfaces (ENIs) or a vSwitchs to allocate pod IPs and manage container communications.

Terway provides the following features:

  • Containers and virtual machines (VMs) are at the same network layer, which facilitates cloud migration with cloud reduced.
  • Containers are able to use their IP addresses to access VPC resources.
  • Allows you to use network policies to configure rules for pods communication.
  • You do not need plan CIDR blocks for containers. Containers or cloud resources in different clusters can communicate with each other directly if they open security groups.
  • Containers can be attached to the backends of Load Balancers without requiring port forwarding on nodes (Node Port).

terway

Flannel

Flannel is a container network that has its own network CIDR block, the CIDR block of pods will not overlap with the cluster VPC.

Flannel provides the following features:

  • The CIDR block of pods does not overlap with the CIDR block of the VPC.
  • Required to add routes to the VPC for each node in the cluster
  • The number of nodes in the VPC is restricted by the quota of the routing table

flannel

Terway vs. Flannel

Now, we have learned about the different CNI models, let's discuss about how you can decide on which CNI to choose from. Terway is a container network that can allocate pod IPs from vSwitchs, but Flannel has its own network CIDR block, therefore CIDR block of pods will not overlap with the cluster VPC.

Generally speaking, Terway would be the preferred choice for most applications. Terway allows you to use standard Kubernetes network policies to regulate how containers communicate with each other. In addition, Terway is compatible with Calico network polices.

1
Table 1: Terway vs. Flannel

What's more, if you select the Terway network plug-in when you create a cluster, you can choose to enable the Terway IPvlan mode. Compared with the default Terway mode, the Terway IPvlan mode optimizes the performance of pod networks, Service networks, and network policies.

If you do not want to use network policies, you can select Flannel as the network plug-in. However, Flannel only provides basic features and does not support standard Kubernetes network policies.

For a detailed introduction on using the Terway plug-in on Alibaba Cloud, please refer to the official documentation at: https://www.alibabacloud.com/help/doc-detail/97467.htm

Conclusion

I hope that this blog helped you understand the differences between Flannel and Terway, the two CNI models in Alibaba Cloud Container Service for Kubernetes (ACK). If you want to learn more about the inner workings of Kubernetes networks, I suggest checking out this blog by Alibaba Cloud, From Confused to Proficient: Details of the Kubernetes Cluster Network.

In the next section, we’re going to learn about ACK ECS types comparisons.

About the Author

Sirinat Paphatsirinatthi is a CNCF Certified Kubernetes Application Developer / Administrator experienced in cloud native and container based architecture design for scalability and high availability. He has helped the leading bank of Thailand to adopt Kubernetes through DevSecOps good practices (Develop Fast, Deploy Fast, Learn Fast) which everyone will collaborate in one cross functional team (Develop, DevOps, Test).

Disclaimer: The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.

DevOps Container Trends Computing Kubernetes Flannel Container Network Interface Terway
0 0 0
Share on

Read previous post:

[Infographic] 5 Steps to Accelerate Your Digitalization in Asia

Read next post:

Alibaba Cloud Sustainability Report 2021

Alibaba Clouder

2,605 posts | 747 followers

You may also like

Comments

Alibaba Clouder

2,605 posts | 747 followers

Related Products

More Posts by Alibaba Clouder

See All