ACK Edge supports two container network plugins: Flannel and Terway Edge. Because the plugin cannot be changed after cluster creation, choose carefully before creating a cluster.
Networking models
The two plugins use different networking models, which determines how pods communicate with the rest of your infrastructure.
Overlay (Flannel): Pods run in a logically separate network encapsulated over the physical network. Containers and compute resources are on different network planes. External clients cannot reach pod IP addresses directly. Virtual Extensible LAN (VXLAN) packet encapsulation adds a small performance overhead.
Underlay (Terway Edge): Pods share the same network plane as compute resources. External clients can reach pod IP addresses directly, with no encapsulation overhead. In the cloud, Terway Edge integrates natively with Alibaba Cloud load balancers and Elastic Container Instance (ECI).
Choose a network plugin
| Terway Edge | Flannel VXLAN | |
|---|---|---|
| Plugin source | Developed by Alibaba Cloud | Community plugin (Flannel project) |
| Networking model | Underlay | Overlay |
| Choose when | You manage self-managed data centers or Edge Node Service (ENS) instances; you need large-scale clusters or high network efficiency; you require seamless cloud product integration | You manage edge devices or compute instances from other cloud providers; you have small-scale or geographically dispersed deployments |
| Network performance | High — approximately 20% faster than VXLAN encapsulation | Moderate — requires VXLAN packet encapsulation |
| Pod CIDR block | In the cloud: scalable, or use a Virtual Private Cloud (VPC) CIDR block directly. At the edge: fixed at cluster creation | Fixed at cluster creation |
| Integration with cloud products | Full integration with Classic Load Balancer (CLB), Application Load Balancer (ALB), Network Load Balancer (NLB), and ECI | Limited — some features unavailable |
| External access to pod IPs | Supported — external clients can access pod IP addresses directly | Not supported |
| Limitations for cross-LAN communication | Requires both: (1) a leased line connecting nodes to the cloud VPC, and (2) node vSwitches that support Border Gateway Protocol (BGP) for route advertisements | Requires Layer 3 connectivity between nodes |