Frequently Asked Questions
- How is Romana different from other container network alternatives like flannel or Weave?
- How is Romana different from other layer 3 container network alternatives like Calico?
- What are the network requirements for Romana?
- Will Romana run in AWS?
- Does Romana support Kubernetes running on other public clouds?
- Does Romana work with OpenStack?
- How are network segments isolated?
1. How is Romana Different from flannel or Weave?
flannel and Weave create a local bridge on each container host and assign it a network address range. This lets local container endpoints communicate directly. Off-host traffic is encapsulated and tunneled across the physical network to the destination host. Other configurations are possible as well.
Both flannel and Weave build overlay networks and encapsulate traffic between hosts, negatively affecting performance.
Romana does not need an overlay and can deliver native network performance, even across zones in Amazon VPCs. Also, Romana does not bridge traffic so network policy can be applied at layer 3 with iptables rules on the host. Support for network policy APIs with flannel requires a separate network policy controller from Canal and Weave requires a network policy controller to run on every node.
2. How is Romana Different from Calico?
Romana and Calico are similar in that they both use layer 3 for container networks. However, Romana is network agnostic and does not impose any specific technology or topology.
Romana uses IP address management together with route advertisement to eliminate the need for an overlay network, even across VPC subnets. Romana’s topology-aware IPAM reduces the need for route updates when new endpoints are added and does not require distributing full route tables to each node, or full mesh peering.
Romana can be deployed on flat layer 2 network segments as well as IP fabrics running VXLAN as an overlay virtual network. Routed layer 3 networks are also supported with automatic configuration of upstream network devices using either BGP or OSPF. See Datacenter Deployment Options for more details.
3. What are the network requirements for Romana?
Romana is network agnostic and does not impose any technology or topology restrictions. Romana works on standard layer 2 networks including simple LANs as well as VLANs and VXLAN overlay networks. Routed network designs are also supported. See Datacenter Deployment Options for details.
4. Will Romana run in AWS?
Yes. Romana supports kops, the popular AWS installation and operations project for Kubernetes. Romana allows Kubernetes clusters to use native VPC networking across availability zones. Romana avoids the VPC route limitations by aggregating routes to stay within the 50 route limit. More details here.
5. Does Romana support Kubernetes on other public clouds?
Yes. With kubeadm, Romana can be installed on Kubernetes clusters running on any public cloud. However, today, route advertisement for layer 3 networks is only available for AWS VPCs. This means that for other public clouds clusters will use only inter-node routes. More details here.
6. Does Romana work with OpenStack?
Yes. Romana lets users build multi-tenant networks on routed provider networks with standard Neutron. See this blog post for more detail.
7. How are network segments isolated?
Romana isolates endpoints with traffic filters applied to network CIDRs. Network interfaces tap directly into the kernel providing isolation from other endpoints on the host that might otherwise share a linux bridge where Ethernet frames flow freely. This lets packet filtering at layer 3 using iptable rules enforce isolation and network security policy.