Networking
The Calico Cloud network plugins provide a range of networking options to fit your implementation and maximize performance.
Getting started
Networking overview
Reference primer for networking fundamentals — OSI layers, packet anatomy, MTU, IP addressing, routing, overlays, DNS, and NAT — that underpin Calico Cloud.
Kubernetes network model
Reference primer for Kubernetes networking concepts that help when operating Calico Cloud — pod IPs, services, DNS, NAT outgoing, and dual stack.
Configuring networking
Configure BGP peering
Set up BGP peering for Calico Cloud connected clusters — full mesh, per-node peers, top-of-rack switches, and route reflectors — with BGPPeer and BGPConfiguration resources.
Deploy a dual ToR cluster
Deploy a dual ToR cluster connected to Calico Cloud so two independent connectivity planes provide redundancy between racks for on-premises clusters.
Configure multiple Calico Cloud networks on a pod
Add extra Calico Cloud networks to each pod in a connected cluster with the Multus-CNI plugin, then control access with tiered network policy on every interface.
Overlay networking
Choose VXLAN or IP-in-IP overlay encapsulation in a Calico Cloud connected cluster so pod traffic crosses underlay networks that don't route pod CIDRs natively.
Advertise Kubernetes service IP addresses
Advertise Kubernetes service cluster IPs and external IPs out of a Calico Cloud connected cluster over BGP so upstream routers can reach them directly.
Configure MTU to maximize network performance
Tune the Calico Cloud MTU on the Installation resource so pod traffic matches the underlay, accounting for VXLAN, IP-in-IP, and WireGuard overhead.
Custom BGP Configuration
Override the default BIRD BGP templates in a Calico Cloud connected cluster to access advanced BIRD features for proof-of-concept and special-case routing.
Configure outgoing NAT
Configure NAT outgoing on Calico Cloud IP pools in a connected cluster so pod traffic destined outside the cluster is source-NATed to the node IP.
Use a specific MAC address for a pod
Pin a chosen MAC address on a Kubernetes pod interface in a Calico Cloud connected cluster with the CNI plugin, for cases such as MAC-bound software licenses.
Use NodeLocal DNSCache in your cluster
Run NodeLocal DNSCache alongside Calico Cloud in a connected cluster and write the network policy that lets pod DNS traffic reach the per-node cache.
Add Maglev load balancing to a service
Switch a Kubernetes service to Maglev consistent-hash load balancing on the Calico Cloud eBPF data plane for stable backend selection in connected clusters.
Mark a load balancer node for maintenance
Mark a node in a Calico Cloud connected cluster for load balancer maintenance with an annotation so the eBPF data plane stops sending new service traffic to its pods.
IP address management
Configure BGP peering
Set up BGP peering for Calico Cloud connected clusters — full mesh, per-node peers, top-of-rack switches, and route reflectors — with BGPPeer and BGPConfiguration resources.
Deploy a dual ToR cluster
Deploy a dual ToR cluster connected to Calico Cloud so two independent connectivity planes provide redundancy between racks for on-premises clusters.
Configure multiple Calico Cloud networks on a pod
Add extra Calico Cloud networks to each pod in a connected cluster with the Multus-CNI plugin, then control access with tiered network policy on every interface.
Overlay networking
Choose VXLAN or IP-in-IP overlay encapsulation in a Calico Cloud connected cluster so pod traffic crosses underlay networks that don't route pod CIDRs natively.
Advertise Kubernetes service IP addresses
Advertise Kubernetes service cluster IPs and external IPs out of a Calico Cloud connected cluster over BGP so upstream routers can reach them directly.
Configure MTU to maximize network performance
Tune the Calico Cloud MTU on the Installation resource so pod traffic matches the underlay, accounting for VXLAN, IP-in-IP, and WireGuard overhead.
Custom BGP Configuration
Override the default BIRD BGP templates in a Calico Cloud connected cluster to access advanced BIRD features for proof-of-concept and special-case routing.
Configure outgoing NAT
Configure NAT outgoing on Calico Cloud IP pools in a connected cluster so pod traffic destined outside the cluster is source-NATed to the node IP.
Use a specific MAC address for a pod
Pin a chosen MAC address on a Kubernetes pod interface in a Calico Cloud connected cluster with the CNI plugin, for cases such as MAC-bound software licenses.
Use NodeLocal DNSCache in your cluster
Run NodeLocal DNSCache alongside Calico Cloud in a connected cluster and write the network policy that lets pod DNS traffic reach the per-node cache.
LoadBalancer IP address management
Use the Calico Cloud LoadBalancer controller to allocate IPs to Kubernetes Service type LoadBalancer from configured IPPool resources in a connected cluster.
Egress gateways
Configure egress gateways, on-premises
Send selected application traffic through Calico Cloud egress gateways on-premises so external firewalls see a predictable source IP for cluster workloads.
Configure egress gateways, Azure
Route selected application traffic out of a Calico Cloud connected cluster through egress gateways with native Azure VNet IPs.
Configure egress gateways, AWS
Route selected application traffic out of a Calico Cloud connected cluster through egress gateways with native AWS VPC subnet IPs.
Optimize egress networking for workloads with long-lived TCP connections
Reduce egress gateway downtime impact on long-lived TCP sessions in Calico Cloud connected clusters by reading termination annotations and draining gracefully.
Configure egress traffic to multiple external networks
Direct Calico Cloud egress gateway traffic onto multiple external networks with potentially overlapping IPs by associating gateways with named ExternalNetworks.
Troubleshoot egress gateways
Troubleshooting guide for Calico Cloud egress gateways covering connection failures, source IP mismatches, BGP route propagation, and required pod metadata.