We are very excited to announce Calico v3.9. Here are some highlights from the release.
Cross-subnet VXLAN encapsulation
Calico can now selectively perform VXLAN encapsulation only for traffic which crosses a subnet boundary. This is similar to the existing functionality when using IP-in-IP encapsulation. This feature is useful in situations where encapsulation is not required within an L2 domain but is required for crossing a subnet boundary. For example, when running a Kubernetes cluster on AWS using multiple VPC subnets, communication within each VPC subnet will remain unencapsulated, and Calico will only encapsulate traffic between different subnets.
For more information on how to use this feature, see the documentation.
Support live migration from flannel to Calico
In Calico v3.7, we introduced native support for VXLAN encapsulation in Calico as an additional option alongside Calico’s existing support for IP in IP and unencapsulated networking. VXLAN allows Calico to run in some environments, like Azure, where IP in IP encapsulation is not permitted. While it’s been possible to use Calico’s policy enforcement with VXLAN encapsulation provided by other solutions, like flannel, Calico v3.7 brought that functionality to Calico natively.
In Calico v3.9, we’ve introduced support for migration of existing flannel and canal clusters to use Calico’s native VXLAN networking and network policy enforcement. Migrated users no longer need to install both Calico and flannel, and can now take advantage of Calico’s flexible IP address management capabilities. See the getting started documentation for more information on how to migrate your cluster.