# CNI

## **Overview** <a href="#tong-quan" id="tong-quan"></a>

**CNI (Container Network Interface)** is a standard set of tools that provides networking capabilities to containers in a Kubernetes cluster. Simply put, CNI is an abstraction layer that helps Kubernetes manage and configure networking for pods (a collection of containers sharing the same network) in a flexible and efficient way.

#### How does CNI work? <a href="#cni-hoat-dong-nhu-the-nao" id="cni-hoat-dong-nhu-the-nao"></a>

When you create a new pod, Kubernetes calls CNI to create a network interface for that pod. The CNI plugin performs the following tasks:

* **Assign IP address:** Assign a unique IP address to the pod.
* **Routing configuration:** Set up routing rules that allow communication between pods,...

Additionally, the connections work as follows:

* **Connecting within the same VPC** : Nodes within the same VPC will connect directly to each other.
* **Connecting between different VPCs** : Use VPC Peering to connect nodes between different VPCs.
* **Connect to external infrastructure:** Use networking solutions such as site-to-site VPN or Direct Connect to connect from nodes in VPC to external infrastructures (On Cloud, On-premise).

This helps maintain a continuous, flexible, and secure network infrastructure in a multi-cloud or hybrid-cloud environment.

***

## Comparison between CNI plugins <a href="#so-sanh-giua-cac-plugin-cni" id="so-sanh-giua-cac-plugin-cni"></a>

Currently, VKS is providing 3 popular CNI plugins: Calico Overlay, Cilium Overlay, Cilium VPC Native Routing. In which:

* **Calico Overlay** : Uses overlay model through tunneling ( **IP-in-IP** ). Compatible with many infrastructures but performance can be affected by tunnel **overhead .**
* **Cilium Overlay** : Also uses the overlay model but has strong integration with **eBPF** , which improves performance, security, and scalability.
* **Cilium VPC Native Routing** : Uses **eBPF** and **no overlay required** , leveraging the routing capabilities of the VPC infrastructure, providing the best performance and scalability.

**When to use Calico Overlay** : simple to use, does not require too high performance.

**When to use Cilium Overlay** : simple to use, does not require too high performance but requires intensive monitoring (Hubble).

**When to use Cilium VPC Native Routing** : high performance requirements, easy **connectivity to external systems** , and in-depth monitoring needs (Hubble).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vngcloud.vn/vng-cloud-document/vks/network/cni.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.