undefined | Better HN

0 pointsmarcinzm7y ago0 comments

EKS pods use the VPC networking layer so I think they meet the criteria. They use secondary IPs attached to instances rather than virtual IPs. I’ve been able to route to them from non-EKS instances in the same VPC.

0 comments

3 comments · 1 top-level

dilyevsky7y ago· 2 in thread

Ah I see aws has their own cni that does that via eni. I never realized that it allowed for native pod addressing (and it was never brought up during their pitches). Might be worse performance for big clusters because it’s still using calico (iptables)

anything4dogs7y ago

> Might be worse performance for big clusters because it’s still using calico (iptables)

I'm curious why you think that Calico's use of iptables will have performance impacts for large clusters, and what type of performance impacts you expect (bandwidth / latency / cpu / something else?).

From my experience, Calico performs rather well in large clusters (e.g. 2k nodes, appx 100 pods / node, several hundred network policies).

gtaylor7y ago

I think Calico is only used for network policy on the AWS VPC CNI plugin.

j / k navigate · click thread line to collapse