Logo

Documentation

Network Requirements

Antrea has a few network requirements to get started, ensure that your hosts and firewalls allow the necessary traffic based on your configuration.

Configuration Host(s) Protocols/Ports Configurable Other
Antrea with VXLAN enabled All UDP 4789 Yes
Antrea with Geneve enabled All UDP 6081 Yes
Antrea with STT enabled All TCP 7471 Yes
Antrea with GRE enabled All IP Protocol ID 47 No No support for IPv6 clusters
Antrea with IPsec ESP enabled All IP protocol ID 50 and 51, UDP 500 and 4500 No
Antrea with WireGuard enabled All UDP 51820[3] Yes
Antrea Multi-cluster with WireGuard encryption Multi-cluster Gateway Node UDP 51821 Yes
Antrea with feature BGPPolicy enabled Selected by user-provided BGPPolicies TCP 179[1] Yes
All Kube-apiserver host TCP 443 or 6443[2] Yes
All All TCP 10349, 10350, 10351, UDP 10351 Yes

[1] The default value is 179, but a user created BGPPolicy can assign a different port number.

[2] The value is passed to kube-apiserver --secure-port flag. You can find the port number from the output of kubectl get svc kubernetes -o yaml.

[3] Antrea automatically adds the firewall rules to allow the WireGuard packets (starting from v2.4), so the manual configuration on the host is not needed.

Getting Started

To help you get started, see the documentation.