Typical Calico Network Structure

Calico uses IP Tunnel and VXLAN to encapsulate and decapsulate data, defines ACLs, plans network policies using iptables, and uses the kernel routing table to implement end-to-end data exchange. See Figure 3.

The Calico cluster network topology consists of the three parts, as shown in Figure:

• Physical nodes in a cluster can communicate with each other. Calico uses the BMS network, IPIP, or VXLAN host network overlay mode to implement network plane communication between nodes.
• In a physical cluster node, Calico maps the network to the container in veth pair mode and manages the container port network information through the routing table and iptables.
• Between physical cluster nodes, Calico components exchange cluster topology information through the etcd cluster and obtain the routing information of container services in the cluster through BGP, implementing cross-node container network interconnection.