Enabling IPVS in Kubernetes

Calico has beta-level support for kube-proxy’s ipvs proxy mode. Calico ipvs support is activated automatically if Calico detects that kube-proxy is running in that mode.

ipvs mode promises greater scale and performance vs iptables mode. However, it comes with some limitations. In IPVS mode:

  • kube-proxy has a known issue affecting hosts with host interfaces that that are not named using the pattern ethN.
  • Calico requires additional iptables packet mark bits in order to track packets as they pass through IPVS.
  • Calico needs to be configured with the port range that is assigned to Kubernetes NodePorts. If services do use NodePorts outside Calico’s expected range, Calico will treat traffic to those ports as host traffic instead of pod traffic.
  • Calico does not yet support Kubernetes services that make use of a locally-assigned ExternalIP. Calico does support ExternalIPs that are implemented via an external load balancer.
  • Calico has not yet been scale tested with ipvs.

Calico will detect if you change kube-proxy’s proxy mode after Calico has been deployed. Any Kubernetes ipvs-specific configuration needs to be configured before changing the kube-proxy proxy mode to ipvs.