On this page:

You are viewing documentation for CNI version: v0.8

CNI v0.8 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest release, v0.9, or the current documentation.

Plugins Overview


Build Status

Some CNI network plugins, maintained by the containernetworking team. For more information, see the individual READMEs.

Read CONTRIBUTING for build and test instructions.

Reference plugins:

Main: interface-creating

  • bridge : Creates a bridge, adds the host and the container to it.
  • ipvlan : Adds an ipvlan interface in the container.
  • macvlan : Creates a new MAC address, forwards all traffic to that to the container.
  • ptp : Creates a veth pair.
  • host-device : Move an already-existing device into a container.

Windows: windows specific

  • win-bridge : Creates a bridge, adds the host and the container to it.
  • win-overlay : Creates an overlay interface to the container.

IPAM: IP address allocation

  • dhcp : Runs a daemon on the host to make DHCP requests on behalf of the container
  • host-local : Maintains a local database of allocated IPs
  • static : Allocate a static IPv4/IPv6 addresses to container and it’s useful in debugging purpose.

Meta: other plugins

  • flannel : Generates an interface corresponding to a flannel config file
  • tuning : Tweaks sysctl parameters of an existing interface
  • portmap : An iptables-based portmapping plugin. Maps ports from the host’s address space to the container.
  • bandwidth : Allows bandwidth-limiting through use of traffic control tbf (ingress/egress).
  • sbr : A plugin that configures source based routing for an interface (from which it is chained).
  • firewall : A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container.


The sample plugin provides an example for building your own plugin.


For any questions about CNI, please reach out via:

If you have a security issue to report, please do so privately to the email addresses listed in the OWNERS file.