VMware Container Networking with Antrea | 30 Nov 2020 | 17240593

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

About VMware Container Networking with Antrea

Project Antrea OSS Core

VMware Container Networking with Antrea depends on and packages components from the open source Project Antrea. The open source project has a more frequent release cadence and strives to quickly evolve and introduce new features, platforms and deployment scenarios. As some features are maturing, they may be exposed in an alpha or beta readiness state and will not be officially supported in VMware Container Networking with Antrea until sufficient function, scale, and stability testing have been completed.

Therefore, the officially supported feature set and deployment scenarios in VMware Container Networking with Antrea will consist of a subset of the open source Project Antrea features and additional VMware product integrations and commercial capabilities.

See Antrea Docs for additional feature documentation.

What's New

  • The AntreaProxy feature is graduated from Alpha to Beta and is therefore enabled by default.
  • The Traceflow feature is graduated from Alpha to Beta and is therefore enabled by default.
  • Support for Prometheus metrics is graduated from Alpha to Beta and Antrea metrics are therefore exposed by default.
  • Support for IPv6 and dual-stack clusters (alpha).
  • Support for audit logging for Antrea-native policy rules.
  • Add "baseline" tier for Antrea-native policies: policies in that tier are enforced after (i.e., with a lower precedence) than K8s network policies.
  • Add support for Antrea-native policies to the "antctl get netpol" command.
  • Add config option to disable SNAT for Pod-to-External traffic in noEncap mode.
  • Add NetworkPolicy information to the IPFIX flow records exported by the Agent when FlowExporter is enabled.
  • Support for the FlowExporter feature for Windows Nodes.
  • Add support for Pod Traffic Shaping by leveraging the upstream bandwidth plugin, maintained by the CNI project.
  • Add "antctl log-level" command to change log verbosity of a specific Antrea Agent or of the Controller at runtime.
  • Support for Antrea-native policies in Traceflow.
  • Add ability for users to define their own policy tiers using a Tier CRD.
  • Route exchange with NSX-T.
  • Add "name" field for individual rules in Antrea-native policy.
  • Add “status” field to Antrea-native NetworkPolicy.
  • Tier Mapping with RBAC Admission Controller -- advanced feature use with Antrea Policy (alpha).
  • Wavefront integration (advanced feature).


Compatibility Requirements

K8S Distribution K8S Versions OS Cloud NSXT Default Overlay
vSphere with Tanzu Guest Clusters
(Tanzu Kubernetes Grid Service)
1.16, 1.17, 1.18, 1.19 PhotonOS 3 vSphere 7.0 U1 3.x Geneve Encapsulation
Tanzu Kubernetes Grid 1.16, 1.17, 1.18, 1.19 PhotonOS 3
Ubuntu 18.04
Amazon Linux 2
vSphere 6.7, 7.0
3.x Geneve Encapsulation
AWS EKS v1.15.11 Amazon Linux 2 AWS N/A Policy-Only (chained CNI)
Azure AKS 1.17, 1.18           - Azure N/A Policy-Only (chained CNI)



Resolved Issues

  • Traceflow fails due to destination Node not receiving the trace packet #1357.

    Traceflow fails with timeout. The source Node reports the Trace results but the destination do not.

    Workaround: Use IP DSCP field instead of Geneve TLV metadata to encode the Traceflow data-plane tag #1466.


check-circle-line exclamation-circle-line close-line
Scroll to top icon