Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
eBPF Host Routing with Advanced Container Networking Services is currently in PREVIEW.
See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
This article shows you how to enable eBPF Host Routing with Advanced Container Networking Services on Azure Kubernetes Service (AKS) clusters.
Prerequisites
- An Azure account with an active subscription. If you don't have one, create a free account before you begin.
Use the Bash environment in Azure Cloud Shell. For more information, see Get started with Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Authenticate to Azure using Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use and manage extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
The minimum version of Azure CLI required for the steps in this article is 2.71.0. To find the version, run
az --version. If you need to install or upgrade, see Install Azure CLI.eBPF Host Routing is only supported with Azure CNI powered by Cilium. See Configure Azure CNI Powered by Cilium for more information on managed Cilium clusters.
Review the Limitations section for node requirements and compatibility with existing iptable rules.
Install the aks-preview Azure CLI extension
Important
AKS preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:
Install or update the Azure CLI preview extension using the az extension add or az extension update command.
The minimum version of the aks-preview Azure CLI extension is 14.0.0b6
# Install the aks-preview extension
az extension add --name aks-preview
# Update the extension to make sure you have the latest version installed
az extension update --name aks-preview
Register the AdvancedNetworkingPerformancePreview feature flag
Register the AdvancedNetworkingPerformancePreview feature flag using the az feature register command.
az feature register --namespace "Microsoft.ContainerService" --name "AdvancedNetworkingPerformancePreview"
Verify successful registration using the az feature show command. It takes a few minutes for the registration to complete.
az feature show --namespace "Microsoft.ContainerService" --name "AdvancedNetworkingPerformancePreview"
Once the feature shows Registered, refresh the registration of the Microsoft.ContainerService resource provider using the az provider register command.
Enable Advanced Container Networking Services and eBPF Host Routing
To proceed, you must have an AKS cluster with Advanced Container Networking Services enabled.
The az aks create command with the Advanced Container Networking Services flag, --enable-acns, creates a new AKS cluster with all Advanced Container Networking Services features. These features encompass:
Container Network Observability: Provides insights into your network traffic. To learn more visit Container Network Observability.
Container Network Security: Offers security features like FQDN filtering. To learn more visit Container Network Security.
Container Network Performance: Improves latency and throughput for pod to pod traffic. To learn more visit Container Network Performance
Note
Clusters with the Cilium data plane support Container Network Performance with eBPF Host Routing starting with Kubernetes version 1.33.
Warning
Only nodes with Ubuntu 24.04, or Azure Linux 3.0 are compatible. If using Ubuntu 24.04, refer to the preview documentation for enabling the feature flag.
Create an Azure resource group for the cluster using the az group create command.
export LOCATION="<location>"
az group create --location $LOCATION --name <resourcegroup-name>
Create a new AKS cluster with eBPF Host Routing enabled.
# Set environment variables for the AKS cluster name and resource group. Make sure to replace the placeholders with your own values.
export CLUSTER_NAME="<aks-cluster-name>"
export RESOURCE_GROUP="<resourcegroup-name>"
export LOCATION="<location>"
export OS_SKU="<os-sku>" # Use AzureLinux or Ubuntu2404
# Create an AKS cluster
az aks create \
--name $CLUSTER_NAME \
--resource-group $RESOURCE_GROUP \
--location $LOCATION \
--network-plugin azure \
--network-plugin-mode overlay \
--network-dataplane cilium \
--kubernetes-version 1.33 \
--os-sku $OS_SKU \
--enable-acns \
--acns-datapath-acceleration-mode BpfVeth \
--generate-ssh-keys
Enable Advanced Container Networking Services on an existing cluster
The az aks update command with the Advanced Container Networking Services flag, --enable-acns, updates an existing AKS cluster with all Advanced Container Networking Services features that includes Container Network Observability, Container Network Security, and Container Network Performance.
Note
Enabling eBPF Host Routing on an existing cluster may disrupt existing connections.
az aks update \
--resource-group $RESOURCE_GROUP \
--name $CLUSTER_NAME \
--enable-acns \
--acns-datapath-acceleration-mode BpfVeth
Disabling eBPF Host Routing on an existing cluster
eBPF Host Routing can be disabled independently without affecting other ACNS features. To disable it, set the flag --acns-datapath-acceleration-mode=None.
az aks update \
--resource-group $RESOURCE_GROUP \
--name $CLUSTER_NAME \
--enable-acns \
--acns-datapath-acceleration-mode None
Related content
- Get more information about Advanced Container Networking Services for AKS.
- Explore the Container Network Observability feature in Advanced Container Networking Services.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure Kubernetes Service