VPC native and Route based cluster

In Google Kubernetes Engine (GKE), clusters differ in how they route Pod-to-Pod traffic. You can choose between:

VPC-native clusters
Route-based clusters

Each approach has its own networking model and operational considerations.

VPC-native Clusters

A VPC-native cluster leverages alias IP ranges so that each VM or Pod network interface can carry multiple IP addresses. This design allows Pods to have their own unique internal IP, simplifying network policies and firewall configurations.

The image illustrates a VPC-Native Cluster with alias IP ranges, showing a GKE cluster with nodes and pods, and their respective IP ranges within a VPC.

Note

GKE Autopilot clusters enable VPC-native routing by default, so you don’t need to configure alias IPs manually.

Route-based Clusters

In a route-based cluster, Pod networking relies on custom static routes defined in your VPC. Each route has:

A destination range (CIDR block)
A next-hop (instance, VPN tunnel, or gateway)

When a Pod sends traffic, Google Cloud uses the destination IP to look up the matching route and forward the packet accordingly.

The image is a diagram titled "Route-Based Cluster (Custom Static Routes)" explaining the use of custom static routes within a VPC network, with Google Cloud routes defining paths and each route consisting of a destination prefix and a next hop.

Key Differences

Feature	VPC-native	Route-based
IP assignment	Pod alias IP ranges	Static routes for Pod CIDR
Scalability	No route quota limits	Limited by custom route quotas
Firewall granularity	Per-Pod IP ranges	Per-Node or broad CIDR
VPC peering	Fully supported	Requires extra route propagation
Autopilot default	Enabled	Not available

Benefits of VPC-native Clusters

VPC-native clusters deliver several advantages:

Native routability
Pod IPs are fully routable within the cluster’s VPC and any peered networks.
No static route quotas
Alias IPs remove the need for per-Pod static routes, avoiding route quota consumption.
Granular firewall rules
Apply policies directly to Pod IP ranges for tighter security controls.
On-premises connectivity
Secondary Pod IP ranges can be reached via Cloud VPN or Cloud Interconnect using Cloud Router.
Enhanced feature support
Services such as Network Endpoint Groups (NEGs) are optimized for VPC-native networking.

The image outlines the benefits of a VPC-Native Cluster, highlighting features like native routability, no custom static routes quota, granular firewall rules, on-premises networks, and enhanced feature compatibility.

References

Watch Video

Watch video content