Home Explore Blog CI



kubernetes
3rd chunk of `content/en/blog/_posts/2017-08-00-High-Performance-Networking-With-Ec2.md`
309304d19a4e4848a7581552c4730423ad3a67f9787cff5a00000001000008ce
Because of this local routing function, top-level routes to pods on other instances on the subnet can be aggregated, collapsing the total number of routes necessary to as few as one per subnet. To avoid using a single instance to forward all traffic, more routes can be used to spread traffic across multiple instances, up to the maximum number of available routes (i.e. equivalent to kubenet).


The net result is that you can now build clusters of any size across AZs without an overlay. Romana clusters also support network policies for better security through network isolation.


## Making it All Work


While the combination of aggregated routes and node forwarding on a subnet eliminates overlays and avoids the VPC 50 route limitation, it imposes certain requirements on the CNI provider. For example, hosts should be configured with inter-node routes only to other nodes in the same zone on the local subnet. Traffic to all other hosts must use the default route off host, then use the (aggregated) VPC route to forward traffic out of the zone. Also: when adding a new host, in order to maintain aggregated VPC routes, the CNI plugin needs to use IP addresses for pods that are reachable on the new host.


The latest release of Romana also addresses questions about how VPC routes are installed; what happens when a node that is forwarding traffic fails; how forwarding node failures are detected; and how routes get updated and the cluster recovers.


Romana v2.0 includes a new AWS route configuration function to set VPC routes. This is part of a new set of network advertising features that automate route configuration in L3 networks. Romana v2.0 includes topology-aware IP address management (IPAM) that enables VPC route aggregation to stay within the 50 route limit as described here, as well as new health checks to update VPC routes when a routing instance fails. For smaller clusters, Romana configures VPC routes as kubenet does, with a route to each instance, taking advantage of every available VPC route.


## Native VPC Networking Everywhere


When using Romana v2.0, native VPC networking is now available for clusters of any size, with or without network policies and for HA production deployment split across multiple zones.
Title: Romana v2.0: Native VPC Networking Improvements
Summary
Romana's local routing allows aggregating routes to pods on subnets, reducing the number of routes needed. Clusters of any size can be built across AZs without an overlay, supporting network policies. The CNI provider should configure inter-node routes only to nodes in the same zone, using the default route for traffic to other zones. Romana v2.0 includes AWS route configuration, topology-aware IPAM for VPC route aggregation, and health checks. Native VPC networking is available for any size cluster, with or without network policies and for HA deployments.