Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2022

Calico 3.24: eBPF Networking and Security Advances

K8s Guru
2 min read
#calico #ebpf #wireguard #network-policy #kubernetes #zero-trust
Calico 3.24: eBPF Networking and Security Advances

Table of Contents

Introduction

Calico 3.24, released on August 20, 2022, continues to advance eBPF-powered networking and security for Kubernetes. This release enhances the eBPF dataplane, improves WireGuard encryption capabilities, and delivers better observability for zero-trust networking deployments.

Networking changes tend to show up under pressure: rolling upgrades, failovers, and the ‘why can’t it connect?’ moments. This release is worth a look if you care about predictable traffic behavior and simpler troubleshooting in real clusters.

eBPF Dataplane Improvements

  • Performance optimizations reduce latency and CPU overhead for pod-to-pod communication.
  • Service mesh acceleration enables high-performance service-to-service communication without sidecars.
  • Network policy enforcement improvements reduce per-packet processing overhead.
  • Connection tracking enhancements improve scalability for high-connection-count workloads.

WireGuard Encryption Enhancements

  1. Key rotation improvements simplify certificate management and rotation for encrypted connections.
  2. Multi-cluster encryption enables secure communication across cluster boundaries.
  3. Performance optimizations reduce encryption overhead while maintaining security.
  4. Observability enhancements provide better visibility into encryption status and key health.

Observability & Monitoring

  • Flow logs improvements provide more detailed network flow information for security analysis.
  • Metrics expansion exposes detailed network and security metrics for Prometheus integration.
  • Service graph visualization shows network topology with policy enforcement overlays.
  • Policy analytics provides insights into network policy effectiveness and coverage.

Network Policy Improvements

  • Policy performance optimizations reduce evaluation time for complex policy rules.
  • Policy validation enhancements provide better error messages and policy testing tools.
  • Global network sets improvements enable more flexible policy definitions.
  • Policy inheritance enables hierarchical policy application across namespaces.

Getting Started

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

Enable eBPF dataplane:

calicoctl patch felixconfiguration default --type merge -p '{"spec":{"bpfEnabled":true}}'

Summary

AspectDetails
Release DateAugust 20, 2022
Headline FeatureseBPF improvements, WireGuard enhancements, better observability
Why it MattersDelivers high-performance, secure networking with comprehensive observability

Calico 3.24 continues to evolve as a leading networking and security solution for Kubernetes, providing teams with powerful tools for zero-trust networking.