PCN-CNI (PCN-K8S)

Robust Kubernetes CNI with eBPF

PCN-K8S is a CNI plugin for Kubernetes to provide networking for the pods, it leverages the Polycube services.

It supports the Kubernetes Cluster Networking for “ClusterIP” and “NodePort” services.

There are mainly four components that combines to deliver functionality of PCN-K8S:

1. PCN-K8S-Agent: It interfaces with the Kubernetes API master service and dynamically reconfigures the networking components in order to create the network environment required by the Kubernetes and provide connectivity to the pods.

2. PCN-CNI: It’s a plugin that implements CNI specification to connect new pods to the PCN-k8s networking.

3. PCN-K8Switch: This service provides a pod network solution for Kubernetes that implement eBPF data path, it forwards packets between pods and provides support for ClusterIP and NodePort services.

PCN-K8Sfilter: A service that is attached to the physical interface of the node and performs a filtering on

4. the incoming packets using the eBPF. It verifies and forward the request to PCN-K8Switch, if they’re directed to the “NodePort” services.

Our PCN-K8S CNI solution supports different network methods to communicate with the pods:

Overlay Networking: When nodes are on a different subnets and the user does not have direct control over the physical network an overlay networking is used. The default (and only supported yet) technology is VxLAN.

Direct Routing: When nodes are on the same subnet packets can be exchanged between nodes without encapsulation.

VPC: When nodes run on a cloud provider that supports Virtual Private Cloud (VPC).

Limitation:

1. Security Policies and Load Balancing are currently not supported in Kubernetes Cluster Networking.

2. VPC mode currently supports AWS only.

Card image cap

PCN-IPTABLES

An high-performance firewall as alternative to Linux iptables

Learn More
Card image cap

Polycube

Cloud Native Secure Networks for Kubernetes

Learn More