Calico vs kube-proxy

Kube-proxy vs Calico Felix

Kube-proxy is the default network agent on the node. Kube-proxy relies on iptables to enforce packet filtering.

Calico’s replacement for the kube-proxy is Felix. What Felix do is: talk directly to the Kube api-server instead of talking through kube-proxy.

Felix also gives the possibility to use eBPF instead of iptables.

What is eBPF? eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. https://ebpf.io/

So how is Felix leveraging eBPF? Instead of relying on the iptables, Felix uses a bpfpacket filter which gains performance in some cases.

Want to learn more about Calico and networking explained? Read more about it in the article below.