On this page:

You are viewing documentation for CNI version: v1.0

CNI v1.0 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest release, v1.1, or the current documentation.

Plugins Overview

These are general-purpose CNI network plugins maintained by the containernetworking team. For more information, see the individual plugin pages.

Reference plugins:

Main: interface-creating

  • bridge : Creates a bridge, adds the host and the container to it
  • ipvlan : Adds an ipvlan interface in the container
  • macvlan : Creates a new MAC address, forwards all traffic to that to the container
  • ptp : Creates a veth pair
  • host-device : Moves an already-existing device into a container

Windows: windows specific

  • win-bridge : Creates a bridge, adds the host and the container to it
  • win-overlay : Creates an overlay interface to the container

IPAM: IP address allocation

  • dhcp : Runs a daemon on the host to make DHCP requests on behalf of a container
  • host-local : Maintains a local database of allocated IPs
  • static : Allocates static IPv4/IPv6 addresses to containers

Meta: other plugins

  • tuning : Changes sysctl parameters of an existing interface
  • portmap : An iptables-based portmapping plugin. Maps ports from the host’s address space to the container
  • bandwidth : Allows bandwidth-limiting through use of traffic control tbf (ingress/egress)
  • sbr : A plugin that configures source based routing for an interface (from which it is chained)
  • firewall : A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container


For any questions about CNI, please reach out via:

If you have a security issue to report, please do so privately to the email addresses listed in the OWNERS file.