By Cody McCain, Senior Product Manager and Susan Wu, Senior Product Marketing Manager, Networking and Security Business Unit

Enterprises benefit from collaborative engineering and receive the latest innovations from open source projects. However, it’s a challenge for enterprise to rely solely on community support to run their operations. This is because community support is best-effort and cannot provide a pre-defined SLA.

While Kubernetes itself is open source, and part of Cloud Native Computing Foundation (CNCF), it takes an ecosystem of surrounding technologies as curated by CNCF—from the container registry and storage engine to the container network plugin to run Kubernetes.

Announcing VMware Container Networking with Antrea

With the new release of VMware Container Networking with Antrea, enterprises get the best of both worlds – access to the latest innovation from Project Antrea and world-class support from VMware. Container Networking with Antrea is the commercial offering consisting of full support for Project Antrea.

Container Networking with Antrea will package the latest release of Project Antrea version 0.9.1. Antrea is a purpose-built Kubernetes networking solution for public and private clouds building upon Open vSwitch, the open source technology optimized for distributed multi-layer switching performance. Antrea is designed to run anywhere Kubernetes runs – on-premises, in the public cloud including managed Kubernetes, and at the edge.

What Are the Key Features in Project Antrea 0.9.1?

Policy Enforcement for Managed Kubernetes Services

Antrea makes support for AWS EKS generally available and improves support for Azure AKS using CNI chaining and the “networkPolicyOnly” traffic mode enabling policy enforcement when using native connectivity.

In addition, Antrea has support for Google GKE and can be used as a primary CNI in Amazon and Azure to address VPC IP exhaustion and high volumes of smaller workloads.


Unlike Kubernetes network policies, which are scoped to namespaces, a native Antrea ClusterNetworkPolicy enables cluster administrators to define policies across multiple namespaces. These policies can be ordered, support additional response actions, and simplify policy enforcement that applies to all workloads in a cluster.

Policy Tiering

Antrea enables global policies (and in the future, native Antrea namespace-scoped policies) to be grouped into a policy tier. Antrea currently includes 5 static tiers which are evaluated in the order listed: Emergency, SecurityOps, NetworkOps, Platform, Application.

In a future release, Antrea will allow users to defined custom tiers and to set their evaluation order. Kubernetes RBAC ensures only authorized users can assign policies to their respective tiers. Separating policies into tiers allows security administrators to delegate policy creation while ensuring important global security postures remain intact and cannot be overridden by developers.

Observability and Diagnostics Enhancements

Antrea exposes a wealth of diagnostic and operational metrics with Prometheus and provides Kubernetes-native CustomResourceDefinitions (CRDs) to observe and diagnose Antrea components and packet data flows.

For example, Traceflow allows operators to inject packets into the container data plane to ascertain network policy, routing, and encapsulation effects on traffic between pods. Additionally, antctl, the command line utility for Antrea can produce support bundles to aid our support teams in diagnosing problems 

NSX-T and VMware Container Networking  

VMware NSX-T provides a complete solution for connecting and protecting modern applications running in containers, virtual machines and bare metal. VMware Container Networking with Antrea works in tandem with NSX-T to provide seamless container connectivity for Kubernetes clusters in your software-defined data center.

NSX-T and VMware Container Networking  with Antrea

Designed into VMware Tanzu

Container Networking with Antrea has been designed into Tanzu Kubernetes Grid (TKG) on vSphere and other public clouds, and Tanzu Kubernetes Cluster Service for running on vSphere with Tanzu.

As enterprises adopt microservices and service mesh technology, applications running on Kubernetes clusters using Antrea networking, can be discovered, connected, and protected by Tanzu Service Mesh.


There’s no better time to try out Container Networking with Antrea. Customers with NSX-T Advanced entitlement can receive Container Networking with Antrea with signed images and binaries, fully supported at no additional charge.