Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2023

Calico 3.26: eBPF Networking and Security Advances

K8s Guru
2 min read
#calico #networking #ebpf #wireguard #kubernetes #security
Calico 3.26: eBPF Networking and Security Advances

Table of Contents

Introduction

Calico 3.26, released on August 22, 2023, is most relevant if you expose services on Kubernetes and need stable, debuggable traffic paths. The practical wins usually show up at the edge: clearer traffic behavior, fewer surprises during failover, and easier debugging when routes go weird.

eBPF Improvements

  • eBPF data plane optimizations reduce latency and CPU overhead for network policies.
  • Policy enforcement improvements provide faster rule matching with reduced overhead.
  • Service proxy enhancements deliver better load balancing performance.
  • Connection tracking improvements enable better scalability for high-connection workloads.

WireGuard Enhancements

  1. Encryption improvements enhance performance and reliability for encrypted connections.
  2. Key rotation provides seamless key updates without connection interruption.
  3. Multi-cluster support enables encrypted connectivity across cluster boundaries.
  4. Performance optimizations reduce CPU overhead for encrypted traffic.

Observability Improvements

  • Flow logs export enables better visibility into network traffic and policy enforcement.
  • Metrics expansion exposes detailed network and security metrics for Prometheus.
  • Dashboard integration provides visualization of network topology and policies.
  • Tracing support enables correlation of network flows with application behavior.

Security Features

  • Network policies improvements provide more expressive rules and better performance.
  • Global network policies enable cluster-wide security policies.
  • Policy reporting provides insights into policy violations and compliance.
  • Audit logging tracks all policy decisions and network events.

Getting Started

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/custom-resources.yaml

Enable eBPF mode:

apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  calicoNetwork:
    linuxDataplane: BPF
    bpfLogLevel: Info

Summary

AspectDetails
Release DateAugust 22, 2023
Headline FeatureseBPF improvements, WireGuard enhancements, better observability
Why it MattersDelivers high-performance networking and security with eBPF and WireGuard

Calico 3.26 provides teams with comprehensive networking and security capabilities using modern technologies for optimal performance and reliability.