Calico architecture

1. Calico Architecture
Rajesh Kumar

2. 2
Components
Calico is made up of t he f ollowing int er dependent
component s:
•Felix, t he primary Calico agent t hat runs on each
machine t hat host s endpoint s.
•The Or chest r at or plugin, orchest r at or -specif ic
code t hat t ight ly int egr at es Calico int o t hat
orchest r at or .
•et cd, t he dat a st ore.
•BI RD, a BGP client t hat dist r ibut es r out ing
inf ormat ion.
•BGP Rout e Ref lect or (BI RD), an opt ional BGP
rout e r ef lect or f or higher scale.

3. 3
Felix
Felix is a daemon t hat r uns on every machine t hat
pr ovides endpoint s: in most cases t hat means on
nodes t hat host cont ainer s or VMs. I t is
responsible f or pr ogr amming r out es and ACLs, and
anyt hing else r equired on t he host , in or der t o
pr ovide t he desir ed connect ivit y f or t he endpoint s
on t hat host .

4. 4
Orchestrator Plugin
Unlike Felix t her e is no single ‘or chest rat or plugin’:
inst ead, t her e ar e separat e plugins f or each maj or
cloud orchest r at ion plat f orm (e.g. OpenSt ack,
Kubernet es). The purpose of t hese plugins is t o
bind Calico mor e t ight ly int o t he orchest r at or ,
allowing user s t o manage t he Calico net wor k j ust as
t hey’d manage net work t ools t hat wer e built int o
t he or chest r at or .
A good example of an or chest r at or plugin is t he
Calico Neut r on ML2 mechanism dr iver . This
component int egrat es wit h Neut ron’s ML2 plugin,
and allows user s t o conf igure t he Calico net wor k by

5. 5
etcd
et cd is a dist r ibut ed key-value st or e t hat has a
f ocus on consist ency. Calico uses et cd t o provide
t he communicat ion bet ween component s and as a
consist ent dat a st or e, which ensur es Calico can
always build an accur at e net work.
Depending on t he orchest rat or plugin, et cd may
eit her be t he mast er dat a st or e or a light weight
mir ror of a separ at e dat a st ore. For example, in an
OpenSt ack deployment , t he OpenSt ack dat abase
is consider ed t he “sour ce of t rut h” and et cd is
used t o mirr or inf ormat ion about t he net wor k t o
t he ot her Calico component s.

6. 6
BGP Client (BIRD)
Calico deploys a BGP client on every node t hat also
host s a Felix. The role of t he BGP client is t o r ead
rout ing st at e t hat Felix programs int o t he ker nel
and dist ribut e it ar ound t he dat a cent er.
I n Calico, t his BGP component is most
commonly BI RD, t hough any BGP client , such
as GoBGP t hat can dr aw r out es f rom t he ker nel
and dist ribut e t hem is suit able in t his role.

7. 7
BGP Route Reflector (BIRD)
For larger deployment s, simple BGP can become a
limit ing f act or because it r equires ever y BGP client
t o be connect ed t o ever y ot her BGP client in a
mesh t opology. This requir es an increasing number
of connect ions t hat rapidly become t r icky t o
maint ain, due t o t he N^2 nat ur e of t he increase.
For t hat r eason, in larger deployment s, Calico will
deploy a BGP rout e ref lect or . This component ,
commonly used in t he I nt er net , act s as a cent r al
point t o which t he BGP client s connect , prevent ing
t hem f r om needing t o t alk t o every single BGP
client in t he clust er .
For r edundancy, mult iple BGP r out e r ef lect or s can

8. 8
BGP Route Reflector (BIRD)
The BGP r out e r ef lect or is r esponsible f or t he
f ollowing t ask:
Centralized Route Distribution –
When t he Calico BGP client advert ises r out es f r om
it s FI B t o t he rout e ref lect or, t he rout e ref lect or
adver t ises t hose rout es out t o t he ot her nodes in
t he deployment .
Rat e t his Page:

9. Thank You

10. Thank You