Terway Edge uses Terway on cloud node pools and Flannel on edge node pools as the Container Network Interface (CNI) plug-in for ACK Edge clusters. Communication within a single node pool works out of the box. Cross-domain communication between cloud and edge nodes requires Express Connect circuits, Virtual Border Router (VBR) configuration, and Border Gateway Protocol (BGP) support on the edge gateway.
Usage notes
-
The edge gateway (vSwitch) must support BGP and be able to configure BGP peers with nodes in the cluster.
-
On the data center gateway, the container CIDR block must not overlap with any other CIDR blocks.
-
Modify Terway configurations only through the ACK console. Do not modify the
eni_configConfigMap directly withkubectl— changes made this way may cause configuration overrides during component updates, potentially resulting in network failures.
Network architecture
Terway Edge deploys differently on the cloud and edge sides:
-
Cloud node pool: Uses the Terway network plug-in, consistent with ACK managed Pro clusters.
-
Edge node pool: Uses the Flannel plug-in in Route mode.
Communication within the cloud node pool and within the edge node pool stays within each respective network domain and requires no additional configuration.
Cross-domain communication — between cloud containers and edge containers — requires Express Connect circuits and routes configured on VBRs. The following figure shows an example where the virtual private cloud (VPC) CIDR block is 192.168.0.0/16 and the edge container CIDR block is 10.0.0.0/16.
Cloud-to-edge: On the VBRs of cloud containers, configure the CIDR block for edge containers (10.0.0.0/16) and connect to routing devices in the data center through Express Connect circuits. Flannel at the edge advertises BGP CIDR blocks and routes to the data center routing devices, enabling cloud containers to reach edge containers.
Edge-to-cloud: On the data center routing devices, configure routes to the cloud container CIDR block (192.168.0.0/16) and connect to VBRs through Express Connect circuits. On the VBRs, configure a route for this CIDR block to the corresponding VPC. This enables edge containers to reach cloud containers.
Cloud network CNI
Cloud node pools use Terway, a cloud-native container network solution built on the Elastic Network Interface (ENI) provided by Alibaba Cloud. Terway assigns IP addresses within a VPC to pods.
| Capability | Detail |
|---|---|
| Network layer | Containers and VMs (such as Elastic Compute Service (ECS) instances) share the same network layer |
| Communication | ENIs communicate without the need to use packet encapsulation or route tables |
For more information, see Terway.
Edge network CNI
Edge node pools use the Flannel plug-in in Route mode, which deploys containers in underlay networks.
| Capability | Detail |
|---|---|
| IP allocation | The pod CIDR block is divided evenly across nodes; each pod gets an IP from its node's CIDR block |
| Intra-domain routing | Flannel configures routing rules in the host network stack; traffic is forwarded through host routes to the destination pod's host |
| Cross-domain routing | Flannel advertises BGP CIDR blocks of the current network domain to vSwitches; cross-domain traffic is routed through vSwitches and BGP paths to the destination network domain, then forwarded to the destination pod |