Calico — How It Works¶
Felix agent, BIRD BGP, Typha fan-out proxy, and pluggable data plane internals.
Component Architecture¶
sequenceDiagram
participant K8sAPI as Kubernetes API
participant Typha as Typha (fan-out proxy)
participant Felix as Felix (per-node agent)
participant DP as Data Plane (eBPF/iptables)
participant BIRD as BIRD (BGP daemon)
participant Network as Network Fabric
K8sAPI->>Typha: Watch NetworkPolicy, Pod, Node changes
Typha->>Felix: Fan-out updates (reduces API load)
Felix->>Felix: Calculate policy rules
Felix->>DP: Program eBPF maps / iptables rules
Felix->>BIRD: Update route table
BIRD->>Network: Advertise routes via BGPData Plane Options¶
| Data Plane | How It Works | Best For |
|---|---|---|
| iptables | Felix writes iptables chains with ipsets | Legacy, widest compatibility |
| eBPF | Felix loads eBPF programs (TC hooks) | Performance, kube-proxy replacement |
| nftables | Felix writes nftables rules | Newer kernels, atomic rule updates |
| VPP | Vector Packet Processing (userspace) | Telecom / NFV, extreme throughput |
| Windows HNS | Host Networking Service rules | Windows worker nodes |
Typha — Scale Proxy¶
Without Typha, every Felix agent watches the Kubernetes API directly. At scale (500+ nodes), this overwhelms the API server.
flowchart TB
subgraph Without["Without Typha (≤200 nodes)"]
API1["K8s API"] --> F1["Felix 1"]
API1 --> F2["Felix 2"]
API1 --> FN["Felix N"]
end
subgraph With["With Typha (200+ nodes)"]
API2["K8s API"] --> T1["Typha 1"]
API2 --> T2["Typha 2"]
T1 --> FA["Felix A"]
T1 --> FB["Felix B"]
T2 --> FC["Felix C"]
T2 --> FD["Felix D"]
end
style Without fill:#c62828,color:#fff
style With fill:#2e7d32,color:#fffNetwork Policy Tiers (Calico Extended)¶
flowchart TB
Packet["Incoming Packet"] --> Security["Security Tier\n(highest priority)"]
Security --> Platform["Platform Tier"]
Platform --> App["Application Tier"]
App --> Default["Default Tier\n(K8s NetworkPolicy)"]
Default --> Allow["Allow / Deny"]
style Security fill:#c62828,color:#fff
style Platform fill:#e65100,color:#fff
style App fill:#1565c0,color:#fff