CNI

Why develop CNI?

Application containers on Linux are a rapidly evolving area, and within this area networking is not well addressed as it is highly environment-specific. We believe that many container runtimes and orchestrators will seek to solve the same problem of making the network layer pluggable.

To avoid duplication, we think it is prudent to define a common interface between the network plugins and container execution: hence we put forward this specification, along with libraries for Go and a set of plugins.

Who is using CNI?

Container runtimes

• Kubernetes - a system to simplify container operations
• HashiCorp Nomad - A simple and flexible scheduler and orchestrator to deploy and manage containers and non-containerized applications across on-prem and clouds at scale.
• Containerd - A CRI-compliant container runtime
• cri-o - A lightweight container runtime
• OpenShift - Kubernetes with additional enterprise features
• Cloud Foundry - a platform for cloud applications
• Apache Mesos - a distributed systems kernel
• Amazon ECS - a highly scalable, high performance container management service
• Singularity - a container platform optimized for HPC, EPC, and AI
• OpenSVC - an orchestrator for legacy and containerized application stacks

3rd party plugins

• Project Calico - a layer 3 virtual network
• Weave - a multi-host Docker network
• Contiv Networking - policy networking for various use cases
• SR-IOV
• Cilium - BPF & XDP for containers
• Infoblox - enterprise IP address management for containers
• Multus - a Multi plugin
• Romana - Layer 3 CNI plugin supporting network policy for Kubernetes
• CNI-Genie - generic CNI network plugin
• Nuage CNI - Nuage Networks SDN plugin for network policy kubernetes support
• Silk - a CNI plugin designed for Cloud Foundry
• Linen - a CNI plugin designed for overlay networks with Open vSwitch and fit in SDN/OpenFlow network environment
• Vhostuser - a Dataplane network plugin - Supports OVS-DPDK & VPP
• Amazon ECS CNI Plugins - a collection of CNI Plugins to configure containers with Amazon EC2 elastic network interfaces (ENIs)
• Bonding CNI - a Link aggregating plugin to address failover and high availability network
• ovn-kubernetes - a container network plugin built on Open vSwitch (OVS) and Open Virtual Networking (OVN) with support for both Linux and Windows
• Juniper Contrail / TungstenFabric - provides an overlay SDN solution, delivering multicloud networking, hybrid cloud networking, simultaneous overlay-underlay support, network policy enforcement, network isolation, and service chaining and flexible load balancing
• Knitter - a CNI plugin supporting multiple networking for Kubernetes
• DANM - a CNI-compliant networking solution for TelCo workloads running on Kubernetes
• VMware NSX – a CNI plugin that enables automated NSX L2/L3 networking and L4/L7 Load Balancing; network isolation at the pod, node, and cluster level; and zero-trust security policy for your Kubernetes cluster.
• cni-route-override - a meta CNI plugin that override route information
• Terway - a collection of CNI Plugins based on alibaba cloud VPC/ECS network product
• Cisco ACI CNI - on-premise and cloud container networking with a consistent policy and security model
• Kube-OVN - a CNI plugin that bases on OVN/OVS and provides advanced features like subnet, static ip, ACL, QoS, etc.
• Project Antrea - an Open vSwitch Kubernetes CNI
• OVN4NFV-K8S-Plugin - a OVN based CNI controller plugin to provide cloud native based Service function chaining (SFC), Multiple OVN overlay networking

The CNI team also maintains some core plugins in a separate repository .

Contributing to CNI

We welcome contributions, including bug reports , code, and documentation improvements. If you intend to contribute to code or documentation, please read the CONTRIBUTING page and see the contact section of this page.

How do I use CNI?

Requirements

The CNI spec is language agnostic. To use the Go language libraries in this repository, you’ll need a recent version of Go.

Reference Plugins

The CNI project maintains a set of reference plugins that implement the CNI specification.

What might CNI do in the future?

CNI currently covers a wide range of needs for network configuration due to its simple model and API. However, in the future CNI might want to branch out into other directions:

• Dynamic updates to existing network configuration
• Dynamic policies for network bandwidth and firewall rules

If these topics are of interest, please contact the team via the mailing list or IRC and find some like-minded people in the community to put a proposal together.

Where are the binaries?

The plugins have been moved to a separate repo: https://github.com/containernetworking/plugins , and the releases there include binaries and checksums.

Prior to release 0.7.0 the cni release also included a cnitool binary; as this is a developer tool we suggest you build it yourself.

Contact

For any questions about CNI, please reach out via:

• Email: cni-dev
• IRC: # containernetworking channel on freenode.net
• Slack: #cni on the CNCF slack . NOTE: the previous CNI Slack (containernetworking.slack.com) has been sunsetted.

If you have a security issue to report, please do so privately to the email addresses listed in the MAINTAINERS file.