VPC native and Route based cluster

VPC-native Clusters
Route-based Clusters
Key Differences
Benefits of VPC-native Clusters
References

In Google Kubernetes Engine (GKE), clusters differ in how they route Pod-to-Pod traffic. You can choose between:

VPC-native clusters
Route-based clusters

Each approach has its own networking model and operational considerations.

VPC-native Clusters

A VPC-native cluster leverages alias IP ranges so that each VM or Pod network interface can carry multiple IP addresses. This design allows Pods to have their own unique internal IP, simplifying network policies and firewall configurations.

The image illustrates a VPC-Native Cluster with alias IP ranges, showing a GKE cluster with nodes and pods, and their respective IP ranges within a VPC.

GKE Autopilot clusters enable VPC-native routing by default, so you don’t need to configure alias IPs manually.

Route-based Clusters

In a route-based cluster, Pod networking relies on custom static routes defined in your VPC. Each route has:

A destination range (CIDR block)
A next-hop (instance, VPN tunnel, or gateway)

When a Pod sends traffic, Google Cloud uses the destination IP to look up the matching route and forward the packet accordingly.

The image is a diagram titled "Route-Based Cluster (Custom Static Routes)" explaining the use of custom static routes within a VPC network, with Google Cloud routes defining paths and each route consisting of a destination prefix and a next hop.

Key Differences

Feature	VPC-native	Route-based
IP assignment	Pod alias IP ranges	Static routes for Pod CIDR
Scalability	No route quota limits	Limited by custom route quotas
Firewall granularity	Per-Pod IP ranges	Per-Node or broad CIDR
VPC peering	Fully supported	Requires extra route propagation
Autopilot default	Enabled	Not available

Benefits of VPC-native Clusters

VPC-native clusters deliver several advantages:

Native routability
Pod IPs are fully routable within the cluster’s VPC and any peered networks.
No static route quotas
Alias IPs remove the need for per-Pod static routes, avoiding route quota consumption.
Granular firewall rules
Apply policies directly to Pod IP ranges for tighter security controls.
On-premises connectivity
Secondary Pod IP ranges can be reached via Cloud VPN or Cloud Interconnect using Cloud Router.
Enhanced feature support
Services such as Network Endpoint Groups (NEGs) are optimized for VPC-native networking.

The image outlines the benefits of a VPC-Native Cluster, highlighting features like native routability, no custom static routes quota, granular firewall rules, on-premises networks, and enhanced feature compatibility.

References

Watch Video

Demo Creating a private cluster with limited public endpoint access

Demo Create a VPC native cluster and configure max allowed pods

⌘I

Introduction

High Level Overview

Playground Instructions

GKE Deployment and Administration

Networking for GKE clusters

Managing Security Aspects

Plan Deploy And Manage Workloads On GKE

GKE Design Considerations

Its a wrap

VPC native and Route based cluster

VPC-native Clusters

Route-based Clusters

Key Differences

Benefits of VPC-native Clusters

References

Watch Video

Introduction

High Level Overview

Playground Instructions

GKE Deployment and Administration

Networking for GKE clusters

Managing Security Aspects

Plan Deploy And Manage Workloads On GKE

GKE Design Considerations

Its a wrap

​VPC-native Clusters

​Route-based Clusters

​Key Differences

​Benefits of VPC-native Clusters

​References

Watch Video

VPC-native Clusters

Route-based Clusters

Key Differences

Benefits of VPC-native Clusters

References