Unified network security and observability to prevent, detect and mitigate security breaches in Kubernetes clusters
Open-source networking and security for containers and Kubernetes.
A free version of Calico Cloud focused on observability and policy management for a single cluster.
SaaS platform for Kubernetes network security and observability.
Self-managed platform for Kubernetes network security and observability.
Calico Open Source is a networking and security solution for containers, virtual machines, and native host-based workloads that was born out of Project Calico.
Best fit:
Users who want open source, best-in-class networking, network security, and observability capabilities for Kubernetes.
A free, single cluster, single user version of Calico Cloud that provides additional enhanced Kubernetes observability and network security capabilities for Calico Open Source users.
Best fit:
Calico Open Source users who want to leverage some of the improved observability and policy management capabilities that are available in Calico Cloud for free.
Calico Cloud is a fully-managed SaaS platform that provides unified network security and observability to prevent, detect and mitigate security breaches in Kubernetes clusters. It is built on Calico Open Source, the most widely adopted container networking and security solution.
Best fit:
Organizations that want a fully managed SaaS platform for network security and observability.
Calico Enterprise is a self-managed platform for unified network security and observability to prevent, detect and mitigate security breaches in Kubernetes clusters. It is built on Calico Open Source, the most widely adopted container networking and security solution.
Best fit:
Organizations that want a self-managed platform for network security and observability.
| Calico Open Source | Calico Cloud Free Tier* | Calico Cloud | Calico Enterprise | |
|---|---|---|---|---|
| Management and Support | ||||
| Mutli-cluster security controls management | ||||
| Data retention | In-memory | 24 hours | 7 days | Unlimited |
| Number of clusters | Unlimited | One | Unlimited | Unlimited |
| Support and maintenance | Community-driven | Community-driven | Standard/Business | Standard/Business |
| Networking | ||||
| High performance, scalable pod networking | ||||
| Advanced IP address management | ||||
| Direct infrastructure peering without the overlay | ||||
| eBPF data plane | ||||
| Windows data plane | ||||
| nftables data plane | ||||
| iptables data plane | ||||
| VPP data plane | ||||
| Multiple Calico networks on a pod | ||||
| Dual ToR peering | ||||
| Ingress Gateway | ||||
| Egress Gateway | ||||
| Cluster Mesh | ||||
| Network Security | ||||
| Seamless support for Kubernetes network policy | ||||
| Label-based policies for K8s and non-K8s workloads | ||||
| Namespace and cluster-wide scope | ||||
| Global default deny policy design | ||||
| Application layer policy | ||||
| Policy for services | ||||
| Policy board | View only | |||
| DNS/FQDN-based policy | ||||
| Hierarchical tiered network policy | ||||
| Policy recommendations | ||||
| Staged network policy | ||||
| Preview staged policies | ||||
| Network sets to limit IP ranges for egress and ingress traffic to workloads | ||||
| Data-in-transit encryption | ||||
| Universal firewall integration | ||||
| Workload-based IDS/IPS | ||||
| Deep Packet Inspection (DPI) | ||||
| DDoS protection | ||||
| Workload-centric WAF | ||||
| Ingress WAF | ||||
| Compliance reporting and alerts | ||||
| SIEM integrations | ||||
| Network Security for VMs and Bare Metal | ||||
| Restrict traffic to/from hosts and VMs using network policy | ||||
| Automatic host endpoints | ||||
| Apply policy to host-forwarded traffic | ||||
| Centralized log forwarding for VMs and Bare Metal Hosts | ||||
| Observability | ||||
| Goldmane API to retrieve flow logs | ||||
| Calico Whisker UI | ||||
| Dynamic Service and Threat Graph | ||||
| Application level observability | ||||
| Dynamic packet capture | ||||
| Flow visualizer | ||||
| Logs (flow) | ||||
| Logs (http traffic, audit, bgp, dns, events) | ||||
| Calico Dashboards | ** | |||
| Alerts |
