Project Calico

Project Calico v1.0 'Layer 3' Virtualised Networking Solution Released

Calico [...] involves connecting all virtualized workloads directly to the IP-routed L3 network fabric in the data center via a software-based router in each compute node.  Isolation between different tenants in the cloud is provided by configuring firewall rules on the router software in each compute node.  By applying the same design principles and control plane technologies as those on which the Internet is based, Calico scales almost without limit.  And since workloads communicate with each other directly over IP, all the usual diagnostic tools such as ping and traceroute just work.

Calico tries to solve the minor overhead of tunneling by requiring a massive static routing table that has to be rebroadcast to every host every time a container goes up/down. They claim that "it scales because BGP is used for the Internet", but this is disingenious because the Internet configuration of BGP leans heavily on route aggregation to make the global Internet routing table as small as it can be. There are no /32 or even /24 prefixes in the Internet BGP table, I'm not sure what the limit is today, but it used to be the case that anything longer than a /20 would just be ignored.