Open in app

Sign in

Write

Sign in

Alibaba Cloud Series — EP 1: Comparing CNI models in Container Service for Kubernetes (ACK)

Sirinat Paphatsirinatthi
2 min readAug 27, 2021

Container Service for Kubernetes (ACK) is a Kubernetes service provided by Alibaba Cloud to support large scale architecture like Microservices or Even Driven.

Containers in a cluster can communicate each other in the same Kubernetes namespaces or other namespaces which the backend behind this is CNI or Container Network Interface.

In this section, we will try to understand how different between CNI models in a ACK cluster. Let’s begin.

Diagram 1.1: Terway Architecture

Terway

Terway is a container network that leverage elastic network interfaces (ENIs) or a vSwitchs to allocate pod IPs and manage container communications. As you have seen in the diagram, you can see that Pods has a vSwitch that its CIDR block (192.168.32.0/19) is under the VPC CIDR Block (192.168.0.0/16).

Terway provides the following features:

  • Containers and virtual machines (VMs) are at the same network layer, which facilitates cloud migration with cloud reduced.
  • Containers are able to use their IP addresses to access VPC resources.
  • Allows you to use network policies to configure rules for pods communication.
  • We do not need plan CIDR blocks for containers. Containers or Cloud Resources in different clusters can communicate with each other directly if they open security groups.
  • Containers can be attached to the backends of LoadBalancers without requiring port forwarding on nodes (Node Port).
Diagram 1.2: Flannel Architecture

Flannel

Flannel is a container network that has its own network CIDR block, the CIDR block of pods (172.20.0.0/16) will not overlap with the cluster VPC (192.168.0.0/16) as you have seen in the diagram.

Flannel provides the following features:

  • The CIDR block of pods does not overlap with the CIDR block of the VPC.
  • Required to add routes to the VPC for each node in the cluster
  • The number of nodes in the VPC is restricted by the quota of the routing table

Now, we have learned how different between CNI models. Terway is a container network that we can allocate pod IPs from vSwitchs, but Flannel has its own network CIDR block, therefore CIDR block of pods will not overlap with the cluster VPC.

In the next section, we’re going to learn about ACK ECS types comparisons.

Ack
Alibaba
Cni

--

--

Sirinat Paphatsirinatthi

Written by Sirinat Paphatsirinatthi

319 Followers

HashiCorp Ambassador

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams