Will you be at KubeCon this year? Join us for CalicoCon 2019!

Enabling IPVS in Kubernetes

Calico has support for kube-proxy’s ipvs proxy mode. Calico ipvs support is activated automatically if Calico detects that kube-proxy is running in that mode.

ipvs mode provides greater scale and performance vs iptables mode. However, it comes with some limitations. In IPVS mode:

  • Calico requires additional iptables packet mark bits in order to track packets as they pass through IPVS.
  • Calico needs to be configured with the port range that is assigned to Kubernetes NodePorts. If services do use NodePorts outside Calico’s expected range, Calico will treat traffic to those ports as host traffic instead of pod traffic.

Calico will detect if you change kube-proxy’s proxy mode after Calico has been deployed. Any Kubernetes ipvs-specific configuration needs to be configured before changing the kube-proxy proxy mode to ipvs.