On this page:

CNI

The Container Networking Interface Specification

Why develop CNI?

Application containers on Linux are a rapidly evolving area, and within this area networking is not well addressed as it is highly environment-specific. We believe that many container runtimes and orchestrators will seek to solve the same problem of making the network layer pluggable.

To avoid duplication, we think it is prudent to define a common interface between the network plugins and container execution: hence we put forward this specification, along with libraries for Go and a set of plugins.

Who is using CNI?

Container runtimes

  • Kubernetes - a system to simplify container operations
  • Containerd - A CRI-compliant container runtime
  • cri-o - A lightweight container runtime
  • OpenShift - Kubernetes with additional enterprise features
  • Cloud Foundry - a platform for cloud applications
  • Apache Mesos - a distributed systems kernel
  • Amazon ECS - a highly scalable, high performance container management service
  • Singularity - a container platform optimized for HPC, EPC, and AI
  • OpenSVC - an orchestrator for legacy and containerized application stacks

3rd party plugins

  • Project Calico - a layer 3 virtual network
  • Weave - a multi-host Docker network
  • Contiv Networking - policy networking for various use cases
  • SR-IOV
  • Cilium - BPF & XDP for containers
  • Infoblox - enterprise IP address management for containers
  • Multus - a Multi plugin
  • Romana - Layer 3 CNI plugin supporting network policy for Kubernetes
  • CNI-Genie - generic CNI network plugin
  • Nuage CNI - Nuage Networks SDN plugin for network policy kubernetes support
  • Silk - a CNI plugin designed for Cloud Foundry
  • Linen - a CNI plugin designed for overlay networks with Open vSwitch and fit in SDN/OpenFlow network environment
  • Vhostuser - a Dataplane network plugin - Supports OVS-DPDK & VPP
  • Amazon ECS CNI Plugins - a collection of CNI Plugins to configure containers with Amazon EC2 elastic network interfaces (ENIs)
  • Bonding CNI - a Link aggregating plugin to address failover and high availability network
  • ovn-kubernetes - a container network plugin built on Open vSwitch (OVS) and Open Virtual Networking (OVN) with support for both Linux and Windows
  • Juniper Contrail / TungstenFabric - provides an overlay SDN solution, delivering multicloud networking, hybrid cloud networking, simultaneous overlay-underlay support, network policy enforcement, network isolation, and service chaining and flexible load balancing
  • Knitter - a CNI plugin supporting multiple networking for Kubernetes
  • DANM - a CNI-compliant networking solution for TelCo workloads running on Kubernetes
  • VMware NSX – a CNI plugin that enables automated NSX L2/L3 networking and L4/L7 Load Balancing; network isolation at the pod, node, and cluster level; and zero-trust security policy for your Kubernetes cluster.
  • cni-route-override - a meta CNI plugin that override route information
  • Terway - a collection of CNI Plugins based on alibaba cloud VPC/ECS network product
  • Cisco ACI CNI - on-premise and cloud container networking with a consistent policy and security model
  • Kube-OVN - a CNI plugin that bases on OVN/OVS and provides advanced features like subnet, static ip, ACL, QoS, etc.
  • Project Antrea - an Open vSwitch Kubernetes CNI
  • OVN4NFV-K8S-Plugin - a OVN based CNI controller plugin to provide cloud native based Service function chaining (SFC), Multiple OVN overlay networking

The CNI team also maintains some core plugins in a separate repository .

Contributing to CNI

We welcome contributions, including bug reports , code, and documentation improvements. If you intend to contribute to code or documentation, please read the CONTRIBUTING page and see the contact section of this page.

How do I use CNI?

Requirements

The CNI spec is language agnostic. To use the Go language libraries in this repository, you’ll need a recent version of Go.

Reference Plugins

The CNI project maintains a set of reference plugins that implement the CNI specification.

What might CNI do in the future?

CNI currently covers a wide range of needs for network configuration due to its simple model and API. However, in the future CNI might want to branch out into other directions:

  • Dynamic updates to existing network configuration
  • Dynamic policies for network bandwidth and firewall rules

If these topics are of interest, please contact the team via the mailing list or IRC and find some like-minded people in the community to put a proposal together.

Where are the binaries?

The plugins have been moved to a separate repo: https://github.com/containernetworking/plugins , and the releases there include binaries and checksums.

Prior to release 0.7.0 the cni release also included a cnitool binary; as this is a developer tool we suggest you build it yourself.

Contact

For any questions about CNI, please reach out via:

If you have a security issue to report, please do so privately to the email addresses listed in the MAINTAINERS file.