AKS Networking — Which one to choose?

Microservices have become hugely popular in recent years. Mainly, because they come with a couple of benefits that are super useful in the era of containerization and cloud computing. The vast majority (around 78%) are using Kubernetes for running microservices.

The popularity of Kubernetes is no longer limited to early adopters. It is now used all over the world and available from every major cloud provider as a fully managed services.

If we talk specifically about AKS(Azure Kubernetes Service), it offers flexibility, CI/CD integration and enterprise-grade security and governance.

While deploying AKS, one of the most asked questions is which networking model to use, Kubenet or Azure CNI(Container Networking Interface). It is an important decision to make as once AKS cluster is created with one of the networking models then there is no turning back as it can’t be changed later.

I will try to make your life easy by providing all the required information, so you don’t need to go through multiple sources.

What is Kubenet?

Kubenet networking option is the default configuration for AKS cluster creation. In which, nodes get an IP address from the Azure virtual network subnet and pods receive IP addresses from a logically different address space to the Azure virtual network subnet of the nodes. For the reachabilty of the pods to Azure Vnet, Network address translation (NAT) is configured in the background.

What is Azure CNI?

In case of Azure CNI, pods get IP addresses from the subnet and can be accessed directly. These IP addresses are always unique across the network space and are always planned in advance. There is a maximum limit for the number of pods that a node can support. Hence, number of IP addresses per node is then reserved upfront for that node.

More planning is required for this approach, as can lead to IP address exhaustion which will end up with rebuilding of the cluster in a larger subnet as your application demands grow.

Azure CNI (advanced) networking

It is very difficult to say which one is better approach as both the network models have their own pros and cons. Hence, decision totally depends on your requirement and the calculations you have made.

Network Model Comparision — Kubenet Vs Azure CNI

Kubenet

Pros:

1. Conserve IP address spaces.
2. Requires Kubernetes services and load balancer to expose Pods.
3. User defined routes(UDR) are created and maintained manually.
4. Maximum of 400 nodes per cluster.
5. Support both basic and standard Azure load balancers.
6. Calico network policy is supported.
7. Both new or existing subnets are supported.

Cons

1. VM to pod and on-prem to pod using VPN or express route is not supported, however, other way round is supported.
2. Doesn’t support Azure network policies.
3. Limitation of 110 pods per node.
4. Doesn’t support windows server node pools.
5. Doesn’t support CIDR and advance customisations.

Azure CNI

Pros:

1. Pods can be reached to connected networks by their private IP addresses.
2. Azure network policy is supported.
3. Limitation of 250 pods per node.
4. Supports windows server node pools.
5. Expose pods using cluster subnet IPs. This can be negative when you are connecting through pod IPs internally.
6. VM to pod and on-prem to pod using VPN or express route is supported both ways.

Cons:

1. Require bigger IP address space as it uses at least 30 IP addresses per node.
2. Doesn’t support CIDR and advance customisations.

Decision making points

It is very difficult to say which one is better approach as both the network models have their own pros and cons. Hence, decision totally depends on your requirement and the calculations you have made.

1. Is windows node pool a requirement? (Azure CNI is the choice)
2. Are pods communication mostly internal or external? (Internal- Kubenet and External- Azure CNI)
3. Do you need advance features like virtual nodes or network policies? (Azure CNI)
4. Do you require hybrid connectivity? (Azure CNI is preferred)

Hope, this article helps you in easing the decision making for AKS networking.

Follow me on LinkedIn for more articles like this.

https://au.linkedin.com/in/shailender-choudhary-78740019