At Tigera, we work with hundreds of Calico and Calico Enterprise customers every year and have learned a very important lesson in the process: Designing networks and troubleshooting a broken network are difficult problems. As a Kubernetes architect, what you get from the network team is real estate (racks/compute infrastructure) and an underlay network (nodes that can talk to each other). You have to plan, architect, get the buy-in and implement the network for the actual applications (pods) running in the cluster. You can’t design something completely new if you are constrained by ToRs (top of rack switches), core network fabric, or compliance/security requirements. A successful network design should include:
- Native or private IP addressing for pods: factors driving this are organizational constraints, and performance
- IP address allocation and management
- Ingress and egress traffic routing
- BGP routing design
- Integration with the existing network fabric
We’ll begin with a high-level overview of pod networking scenarios and packet path. Then we will do a deep-dive into IP address management and BGP routing design, with an example of each. As part of BGP routing, we’ll walk through various network design options. Finally we’ll conclude with a recommended template for on-prem network design.