Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2017

kube-router 0.2: Native BGP Routing and Network Policy in One CNI

K8s Guru
2 min read
#kube-router #bgp #cni #network-policy #kubernetes
kube-router 0.2: Native BGP Routing and Network Policy in One CNI

Table of Contents

Introduction

On November 2, 2017, the kube-router project published kube-router 0.2, advancing its vision of an all-in-one Kubernetes networking stack. kube-router blends three critical capabilities—CNI (pod networking), service proxying and network policy—using Linux kernel primitives like BGP, IPVS and nftables. Version 0.2 stabilizes this trifecta and makes kube-router a compelling alternative to running separate CNIs, kube-proxy and policy engines.

Key Features

  • BGP Peering Enhancements: Native integration with Calico-style node-to-node mesh and external routers, including graceful restart and multi-hop sessions.
  • IPVS Service Proxy GA: kube-router’s kube-proxy replacement leverages IPVS for in-kernel load balancing with connection tracking optimizations.
  • NetworkPolicy Controller: Uses nftables to enforce Kubernetes NetworkPolicy, supporting ingress/egress rules and namespace selectors.
  • Firewall & Pod CIDR Sync: Watches node annotations to automatically program routes and iptables for pod CIDR allocations, simplifying cloud deployments.
  • Metrics & Health Checks: /metrics endpoint surfaces BGP session status, IPVS backend health and policy installs for Prometheus.

Deployment Overview

kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/v0.2.0/daemonset/kubeadm-kuberouter.yaml
  • Set --run-service-proxy=true and --run-firewall=true to enable the full feature set.
  • Optionally disable kube-proxy (kubectl -n kube-system delete ds kube-proxy) after validating kube-router’s IPVS configuration.
  • Configure external BGP peers using ConfigMap entries or node annotations (e.g., projectcalico.org/IPv4Address: 10.0.0.1/24).

Why kube-router?

  • Single Daemon: Reduces operational overhead—one DaemonSet handles routing, services and policy.
  • High Performance: IPVS and BGP rely on kernel fast paths, cutting down user-space hop latency compared to iptables DNAT.
  • Interoperability: Plays nicely with physical routers and supports on-prem topologies without overlays.
  • Minimal Dependencies: No etcd requirement; kube-router consumes Kubernetes API directly.

Considerations

  • Test failover scenarios—ensure BGP timers and IPVS syncs meet your SLAs.
  • When replacing kube-proxy, persist kube-proxy ConfigMap for quick rollback.
  • For large clusters, adjust --advertise-cluster-ip to control which services broadcast via BGP.
  • Combine with MetalLB if you need BGP-advertised LoadBalancer services; kube-router focuses on pod/service routing.

Summary

AspectDetails
Release DateNovember 2, 2017
Key InnovationsBGP routing improvements, IPVS service proxy GA, nftables NetworkPolicy
SignificanceShowcased an all-in-one kernel-native alternative to traditional kube-proxy + standalone CNI setups