Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2017

Weave Net 2.1: Fast Datapath and Simplified Encryption

K8s Guru
2 min read
#weave-net #cni #networking #encryption #network-policy
Weave Net 2.1: Fast Datapath and Simplified Encryption

Table of Contents

Introduction

On May 18, 2017, Weaveworks released Weave Net 2.1, the latest iteration of its peer-to-peer Kubernetes networking fabric. The update sharpened performance via the fast datapath, streamlined encrypted meshes, and tightened integration with Kubernetes NetworkPolicy—while preserving Weave Net’s hallmark ease of installation.

What’s New

  • Fast Datapath Improvements: Leveraging conntrack bypass and better flow caching, Weave Net 2.1 reduces latency for pod-to-pod traffic—especially on clusters with higher packet rates.
  • Automatic Encryption Enhancements: Simplified password secret distribution and optimized AES-GCM usage to secure multi-cloud networks with minimal overhead.
  • Network Policy Controller: Updated controller supports Kubernetes networking.k8s.io/v1 policies, aligning with the GA spec introduced in Kubernetes 1.7.
  • IPAM Diagnostics: New weave status ipam output highlights address allocation, helping SREs catch exhaustion before it causes pod scheduling failures.
  • Multi-Cluster Bridges (tech preview): Experimental weave connect flows let operators stitch clusters together over WAN links for hybrid deployments.

Installation Refresher

kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')

Enable encryption with a shared secret:

kubectl create secret -n kube-system generic weave-passwd \
  --from-literal=password='S3cur3Mesh!'
kubectl set env daemonset/weave-net -n kube-system \
  WEAVE_PASSWORD='$(WEAVE_PASSWORD)'

Operating Tips

  • Use weave status connections to confirm peers form a full mesh; investigate dropped connections caused by firewalls or MTU mismatches.
  • For clusters on AWS/GCE, set WEAVE_MTU=8912 to optimize overlay packets for jumbo frames; default 1376 works across public internet.
  • Combine Weave Net with kubectl port-forward or skaffold dev to emulate production routing while developing locally.
  • Monitor Weave Net via the Prometheus exporter (--metrics flag) to surface peer RTT, packet drops and encryption stats.

Use Cases

  • Multi-cloud Clusters: Encrypted mesh network simplifies bridging on-prem and cloud worker nodes.
  • Simple Policy Enforcement: Without bringing in Calico/Cilium, teams can enforce basic ingress/egress rules using Kubernetes NetworkPolicy.
  • Legacy Environment Integration: Fast datapath ensures pods on older kernels still achieve respectable throughput.

Summary

AspectDetails
Release DateMay 18, 2017
Key InnovationsFast datapath tuning, streamlined encryption, NetworkPolicy controller updates
SignificanceReinforced Weave Net as the plug-and-play CNI for teams prioritizing simplicity with optional security controls