{"id":2196,"date":"2026-01-08T11:03:35","date_gmt":"2026-01-08T11:03:35","guid":{"rendered":"https:\/\/imesh.ai\/blog\/?p=2196"},"modified":"2026-01-19T10:20:07","modified_gmt":"2026-01-19T10:20:07","slug":"cilium-networking-concepts-routing-and-ipam","status":"publish","type":"post","link":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/","title":{"rendered":"Cilium networking concepts: Routing and IPAM"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2196\" class=\"elementor elementor-2196\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5a965d33 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5a965d33\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3c5e164e\" data-id=\"3c5e164e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7aa4844e elementor-widget elementor-widget-text-editor\" data-id=\"7aa4844e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<figure class=\"wp-block-image\"><img alt=\"\" \/>As Kubernetes continues to dominate enterprise\u00a0infrastructure, networking performance has become a critical concern\u2014especially for teams adopting service meshes, zero-trust networking, and large-scale cloud deployments. This shift has accelerated the adoption of\u00a0<a href=\"https:\/\/cilium.io\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Cilium CNI<\/strong><\/a>, driven by its\u00a0<a href=\"https:\/\/ebpf.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">eBPF<\/a>-based\u00a0datapath,\u00a0kube-proxy replacement, and deep integration with cloud-native platforms like AWS EKS.\u00a0<\/figure>\n<p><!-- \/wp:image --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p>\n<p>As production clusters scale, teams increasingly move toward\u00a0VPC-native networking and high-performance\u00a0datapaths, where the way traffic is\u00a0routed\u00a0and how\u00a0IP addresses\u00a0are\u00a0allocated\u00a0directly affects latency, scalability, and operational cost. In this context, Cilium\u2019s\u00a0routing modes and IP Address Management (IPAM)\u00a0are no longer low-level implementation details\u2014they are\u00a0core architectural decisions\u00a0that define how reliably and efficiently Kubernetes workloads communicate at scale.\u00a0In this blog, we dive deep into\u00a0Cilium routing modes and\u00a0IPAM and\u00a0explain how to choose the right model for production-grade\u00a0<a href=\"https:\/\/kubernetes.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">Kubernetes<\/a>\u00a0networking.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\">Video on Cilium Networking Concepts\u00a0<\/h2>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><\/p>\n<p>In case you want to refer to the\u00a0video,\u00a0then here is\u00a0my video\u00a0(disclaimer: I have used AI-voice over to avoid MTI from my accent).\u00a0<\/p>\n<p><iframe title=\"Cilium Networking Concepts: Routing and IPAM\" width=\"1130\" height=\"636\" src=\"https:\/\/www.youtube.com\/embed\/NmLUnzQvvjA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h2 class=\"wp-block-heading\">Cilium\u00a0routing mode on AWS EKS\u00a0<\/h2>\n<h2 class=\"wp-block-heading\">Concept\u00a0of routing in Kubernetes\u00a0<\/h2>\n<p><!-- \/wp:heading --><!-- wp:heading {\"level\":3} --><\/p>\n<p><!-- \/wp:heading --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Routing\u00a0determines\u00a0the path a data packet takes to travel from Pod A to Pod B.\u00a0(refer\u00a0FIG.\u00a0A)\u00a0<\/li>\n<li>It bridges the gap between the logical network (Kubernetes Pods) and the physical network (Cables\/Routers).\u00a0<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-2215 size-full\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-logical-physical.png\" alt=\"Pod to pod communication in Kubernetes\" width=\"495\" height=\"330\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-logical-physical.png 495w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-logical-physical-300x200.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-logical-physical-400x267.png 400w\" sizes=\"(max-width: 495px) 100vw, 495px\" \/><\/li>\n<\/ul>\n<figure><\/figure>\n<figure class=\"wp-block-image\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 FIG. A: Transfer of a data packet from Pod A to B<\/figure>\n<p><!-- \/wp:image --><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"level\":3} --><\/p>\n<h3 class=\"wp-block-heading\">Challenge\u00a0we face while routing<\/h3>\n<p><!-- \/wp:heading --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Since Pods are ephemeral and constantly changing their IP addresses, your physical network usually has no idea they exist\u00a0due to which traffic will be not able\u00a0to reach\u00a0the destination Pod.\u00a0<\/li>\n<li>\u2018Where to send the package?\u2019- such concern arises (refer FIG. B)\u00a0<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:image --><\/p>\n<figure class=\"wp-block-image\"><img alt=\"\" \/> \u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0<a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/underlay-dynamic-pods.png\">\u00a0 <\/a><a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/underlay-dynamic-pods.png\">\u00a0 <\/a><a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/underlay-dynamic-pods.png\"><img decoding=\"async\" class=\"aligncenter wp-image-2216 size-full\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/underlay-dynamic-pods.png\" alt=\"Challenges during communication of Pods on different nodes\" width=\"495\" height=\"330\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/underlay-dynamic-pods.png 495w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/underlay-dynamic-pods-300x200.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/underlay-dynamic-pods-400x267.png 400w\" sizes=\"(max-width: 495px) 100vw, 495px\" \/><\/a><\/figure>\n<p><!-- \/wp:image --><!-- wp:paragraph --><\/p>\n<p>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0FIG. B: Pods on different nodes communicating across a physical network.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"level\":3} --><\/p>\n<h3 class=\"wp-block-heading\">How Cilium\u00a0solves\u00a0the routing challenge\u00a0<\/h3>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><\/p>\n<p>Cilium solves this challenge in two ways<\/p>\n<ol>\n<li>Overlay mode (refer FIG. C)<\/li>\n<li>Native routing (refer FIG. D)\u00a0<\/li>\n<\/ol>\n<p><!-- \/wp:paragraph --><!-- wp:list {\"ordered\":true} --><\/p>\n<ol class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ol class=\"wp-block-list\"><!-- wp:list-item --><\/ol>\n<\/li>\n<\/ol>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<p><a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-tunneling.png\"><img decoding=\"async\" class=\"alignleft wp-image-2217 size-medium\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-tunneling-300x196.png\" alt=\"Routing challenges solved by Cilium CNI in Overlay mode\" width=\"300\" height=\"196\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-tunneling-300x196.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-tunneling-400x262.png 400w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-tunneling.png 626w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>FIG. C:\u00a0\u00a0Packet transfer in Overlay mode<\/p>\n<p><a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/native-direct-solution.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-2219 size-medium\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/native-direct-solution-300x164.png\" alt=\"Routing challenges solved by Cilium CNI using Native routing or direct mode\" width=\"300\" height=\"164\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/native-direct-solution-300x164.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/native-direct-solution-400x219.png 400w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/native-direct-solution.png 693w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:image --><\/p>\n<figure><\/figure>\n<p><!-- \/wp:image --><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>FIG. D:\u00a0 Packet transfer in Native routing\u00a0<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:image --><\/p>\n<p><!-- \/wp:image --><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading --><\/p>\n<h2 class=\"wp-block-heading\">Routing modes in Cilium\u00a0<\/h2>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><\/p>\n<p>Following are the 2\u00a0main types of Routing modes in Cilium\u00a0based on the way\u00a0of\u00a0sending\u00a0a package from one pod to another:<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:list {\"ordered\":true} --><\/p>\n<ol class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ol class=\"wp-block-list\"><!-- wp:list-item --><\/ol>\n<\/li>\n<\/ol>\n<ol>\n<li>Overlay Mode (Tunneling)\u00a0<\/li>\n<li>Native Routing (Direct mode)<\/li>\n<\/ol>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<h2>Routing mode1: Overlay mode (Tunneling)\u00a0<\/h2>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><\/p>\n<p>As the name suggests, we use a <strong>tunnel<\/strong> between nodes\u00a0to transport data. This is the\u00a0default mode\u00a0in Cilium, and quite honestly,\u00a0it&#8217;s\u00a0the easiest way to get started. Why? Because it requires\u00a0zero changes\u00a0to your existing physical network routers.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p>\n<p>If you look at the\u00a0diagram (FIG.E), you can see exactly what happens. When &#8216;Pod A&#8217; on the left wants to talk to &#8216;Pod C&#8217; on the right, Cilium\u00a0doesn&#8217;t\u00a0send the raw packet directly onto the network.\u00a0Instead, it wraps that original packet inside a &#8216;tunnel&#8217;\u2014usually using standard protocols like\u00a0VXLAN\u00a0or\u00a0Geneve.\u00a0To your physical network, this just looks like traffic moving from\u00a0Node A to Node B, effectively hiding the internal Pod conversation. The network acts purely as a carrier.\u00a0The big win here is\u00a0simplicity.\u00a0\u00a0<\/p>\n<p><a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2221 size-full\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1.png\" alt=\"Transfer of data from Node A to Node B in Overlay mode\" width=\"1525\" height=\"643\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1.png 1525w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1-300x126.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1-1024x432.png 1024w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1-768x324.png 768w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1-400x169.png 400w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1-800x337.png 800w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/overlay-diagram-1-1160x489.png 1160w\" sizes=\"(max-width: 1525px) 100vw, 1525px\" \/><\/a><\/p>\n<p>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 FIG. E:\u00a0\u00a0Data transfer using Overlay mode<\/p>\n<h2>Routing mode2:\u00a0Native\u00a0routing (Direct\u00a0mode)\u00a0<\/h2>\n<p><!-- \/wp:paragraph --><!-- wp:image --><\/p>\n<p><!-- \/wp:image --><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading --><\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><\/p>\n<p>Now let\u2019s look at our second option: Native Routing, sometimes called Direct mode. As the name implies, this mode removes the tunnel entirely.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p>\n<p>If you compare this to the\u00a0previous\u00a0slide,\u00a0you\u2019ll\u00a0see we are no longer wrapping packets in &#8216;boxes.&#8217; Instead,\u00a0packets are sent\u00a0directly onto the network without any encapsulation\u00a0overhead like VXLAN or Geneve.\u00a0So, without a tunnel, how does the packet get from the Pod to the network?\u00a0This is where Cilium is smart\u2014it\u00a0utilizes\u00a0the standard routing capabilities already built into the host.\u00a0Instead of handling everything itself, it delegates the job.\u00a0<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p>\n<p>If you look closely at the bottom of the diagram (refer FIG. F)<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:image --><\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/node.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2222 size-full\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/node.png\" alt=\"Cilium native routing on AWS EKS using eBPF, pod CIDRs, and node routing tables \" width=\"724\" height=\"327\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/node.png 724w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/node-300x135.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/node-400x181.png 400w\" sizes=\"(max-width: 724px) 100vw, 724px\" \/><\/a><img alt=\"\" \/>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0FIG. F:\u00a0 Transfer of packet from Pod to Network\u00a0<\/figure>\n<p><!-- \/wp:image --><!-- wp:paragraph --><\/p>\n<p><span data-contrast=\"auto\">You will see the <\/span>&#8216;Routing Table&#8217;<span data-contrast=\"auto\">\u00a0box. When a Pod (like 10.10.10.1) sends a packet, Cilium simply hands it over to the standard Linux Kernel routing table. You can see the rules right there in the\u00a0image (<\/span><span data-contrast=\"auto\">FIG.F)<\/span><span data-contrast=\"auto\">: 10.10.10.1\/32 via lxc1. The Kernel sees this packet, checks its own routing rules, and treats it exactly as if it came from a\u00a0<\/span>local process<span data-contrast=\"auto\">\u00a0running on the host itself. It then\u00a0forwards\u00a0the packet out through the physical interface (eth0) just like normal server traffic.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p>Now, this sounds great\u2014better performance, no overhead. But there is a catch.<span data-contrast=\"auto\">\u00a0Because we removed the tunnel, we\u00a0can&#8217;t\u00a0hide our Pod IPs anymore. This means your underlying physical network\u00a0<\/span>must<span data-contrast=\"auto\">\u00a0be smart enough to know where every Pod lives. If your routers\u00a0don&#8217;t\u00a0know the Pod IPs, they\u00a0won&#8217;t\u00a0know where to send the packets.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Now,\u00a0let&#8217;s\u00a0look at how Overlay mode is different from native routing.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><span data-contrast=\"none\">Overlay vs Native<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Overlay abstracts the network using\u00a0tunneling, while Native routing removes encapsulation and relies on the underlay to route Pod IPs directly.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Choose Overlay for fastest, no-touch setup; choose Native routing for maximum performance and cloud-native scalability.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Now\u00a0let\u2019s\u00a0look at a\u00a0special purpose\u00a0datapath\u00a0known as the AWS ENI Datapath which\u00a0enabled when Cilium is run with the\u00a0option\u00a0<\/span><b><span data-contrast=\"auto\">&#8212;<\/span><\/b>ipam=eni<span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">AWS ENI\u00a0datapath<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">It is a special purpose\u00a0datapath\u00a0that is useful when running Cilium in an AWS environment.\u00a0Pods are assigned ENI IPs which are directly routable in the <strong>AWS VPC<\/strong>. This simplifies communication of pod traffic within VPCs and avoids the need for SNAT.\u00a0Pod IPs are assigned a security group. The security groups for pods are configured per node which allows to create node pools and give different security group assignments to different pods.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">To understand how this works,\u00a0let&#8217;s\u00a0trace the packet flow using the architecture diagram\u00a0(<\/span><span data-contrast=\"auto\">FIG.G)<\/span><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/dp-architecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2223 size-full\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/dp-architecture.png\" alt=\"Cilium eBPF ingress and egress traffic flow on AWS EKS using ENI routing \" width=\"678\" height=\"411\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/dp-architecture.png 678w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/dp-architecture-300x182.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2026\/01\/dp-architecture-400x242.png 400w\" sizes=\"(max-width: 678px) 100vw, 678px\" \/><\/a><\/p>\n<p><span class=\"NormalTextRun SCXW112214926 BCX8\">\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 FIG.G:\u00a0 ENI <\/span><span class=\"NormalTextRun SCXW112214926 BCX8\">datapath<\/span><span class=\"NormalTextRun SCXW112214926 BCX8\">\u00a0architecture<\/span><\/p>\n<p><span data-contrast=\"auto\">Let&#8217;s start with\u00a0<\/span><strong>Ingress (Traffic coming IN)<\/strong>.<span data-contrast=\"auto\">\u00a0When a packet arrives from the VPC, it hits the Node on a specific network interface\u2014in this case, eth1, which is our Secondary ENI.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The Linux Kernel receives this packet and\u00a0encounters\u00a0an\u00a0<\/span>IP Rule. <span data-contrast=\"auto\">This rule instructs the kernel to look at the\u00a0<\/span>Main Routing Table<span data-contrast=\"auto\">\u00a0for any local traffic. The Main Routing Table has a direct mapping. It knows that this specific Pod IP is reachable via a virtual interface called lxc12345.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">However, before the packet crosses that &#8216;virtual cable&#8217; into the Pod, it is processed by\u00a0<\/span>Cilium\u00a0eBPF<span data-contrast=\"auto\">. This acts as our policy enforcement point. It verifies if the traffic is\u00a0allowed by your network policies. If\u00a0permitted, the packet is delivered to eth0 inside the Pod.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Now, let&#8217;s look at\u00a0<\/span><strong>Egress (Traffic going OUT)<\/strong>.<span data-contrast=\"auto\">\u00a0When the Pod sends a packet out, it travels back to the host. This presents a routing challenge: because the host has multiple network interfaces, we must ensure the packet leaves through the specific ENI that owns the Pod&#8217;s IP (eth1), rather than the system default.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">To solve this, Cilium uses\u00a0<\/span>Source-Based Routing<span data-contrast=\"auto\">. As the packet reaches the host, an\u00a0<\/span>IP Rule<span data-contrast=\"auto\">\u00a0examines the\u00a0<\/span>Source IP<span data-contrast=\"auto\">. It\u00a0identifies\u00a0that this IP belongs to ENI 1 and forces a lookup in\u00a0<\/span>Routing Table 100<span data-contrast=\"auto\">\u00a0(a custom table specifically for this ENI).<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Routing Table 100\u00a0contains\u00a0a default route that directs the traffic out through eth1. This ensures the packet returns to the network through the correct interface, preventing AWS from dropping it as spoofed traffic.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This architecture provides high performance and visibility because the Pod IP is preserved throughout the VPC (no SNAT is\u00a0required). The trade-off is that you consume AWS IP addresses, which limits the number of Pods per node based on your EC2 instance type.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Now that we\u00a0understand how packets\u00a0travel,\u00a0let&#8217;s\u00a0see how they get their addresses in our next section\u00a0i.e.,\u00a0<\/span>IP Address Management\u00a0<span data-contrast=\"none\">(IPAM).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:240,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">IP Address Management<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p>IP Address Management (IPAM)<span data-contrast=\"auto\">\u00a0is the process of automatically assigning, tracking, and managing IP addresses used by applications, servers, containers, and Kubernetes pods. In modern DevOps and cloud environments\u2014where infrastructure scales up and down dynamically\u2014IPAM ensures that every workload gets a unique IP address without conflicts or manual intervention.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span class=\"TextRun SCXW179905206 BCX8\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW179905206 BCX8\">Next, we will discuss about the\u00a0<\/span><span class=\"NormalTextRun SCXW179905206 BCX8\">various types<\/span><span class=\"NormalTextRun SCXW179905206 BCX8\">\u00a0of IPAM based on how the pods will get IPs.<\/span><\/span><span class=\"EOP SCXW179905206 BCX8\" data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">IPAM\u00a0types<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<ol>\n<li><span data-contrast=\"none\">Cluster Pool\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">AWS ENI IPAM<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Kubernetes Host Scope<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">CRD-Backed<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Multi-Pool<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li>\n<\/ol>\n<h2><span data-contrast=\"none\">Cluster Pool<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Allocates pod IPs from a pre-defined cluster-wide CIDR, independent of the underlying cloud network.\u00a0\u00a0<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">AWS ENI IPAM<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Assigns pod IPs directly from AWS VPC subnets using Elastic Network Interfaces for native cloud integration.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Kubernetes Host Scope<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Limits IP address allocation to individual nodes, simplifying management but reducing cross-node flexibility.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">CRD-Backed<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Uses Kubernetes Custom Resource Definitions to declaratively manage and\u00a0observe\u00a0IP address allocation.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559685&quot;:0}\">\u00a0<\/span><\/p>\n<h2><span data-contrast=\"none\">Multi-Pool<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Enables multiple IP pools to support different workloads, environments, or network requirements within the same cluster.<\/span><\/p>\n<h2><span data-contrast=\"none\">Best\u00a0practice\u00a0of choosing the IPAM type<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Choose the IPAM mode based on scale, performance needs, and cloud integration, while continuously\u00a0monitoring\u00a0IP\u00a0utilization\u00a0to avoid exhaustion.<\/span><\/p>\n<h2><span data-contrast=\"none\">Final\u00a0thoughts<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Understanding\u00a0<\/span>routing modes in <span data-contrast=\"none\">Cilium\u2014Overlay (Tunneling) and Native Routing<\/span><b><span data-contrast=\"none\">\u2014<\/span><\/b><span data-contrast=\"none\">along with<\/span><b><span data-contrast=\"none\">\u00a0<\/span><\/b><span data-contrast=\"none\">IP Address Management (IPAM)<\/span><span data-contrast=\"none\">\u00a0is essential for building secure, scalable, and high-performance Kubernetes networks. Overlay mode offers simplicity and portability across environments, while native routing delivers lower latency and higher throughput by\u00a0leveraging\u00a0the underlying network. Complementing these routing choices with the right IPAM strategy\u2014such as Cluster Pool, AWS ENI IPAM, or multi-pool configurations\u2014ensures efficient IP\u00a0utilization\u00a0and reliable pod connectivity at scale.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><span data-contrast=\"none\">By selecting the\u00a0appropriate\u00a0<\/span>Cilium\u00a0routing mode and IPAM configuration<span data-contrast=\"none\">\u00a0based on your infrastructure, performance goals, and operational complexity, platform teams can reduce networking bottlenecks, avoid IP exhaustion, and\u00a0operate\u00a0Kubernetes clusters with greater confidence.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">In case you need help on adopting Cilium for your\u202fenterprise, you can reach out to\u00a0our\u00a0<\/span><a href=\"https:\/\/imesh.ai\/request-for-enterprise-cilium-CNI-support.html\"><span data-contrast=\"none\">Cilium experts<\/span><\/a><span data-contrast=\"none\">.<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>As Kubernetes continues to dominate enterprise\u00a0infrastructure, networking performance has become a critical<span class=\"excerpt-more\"><\/span><\/p>\n","protected":false},"author":12,"featured_media":2214,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[123],"tags":[],"class_list":["post-2196","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cilium"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cilium networking concepts: Routing and IPAM - IMESH<\/title>\n<meta name=\"description\" content=\"Explore Cilium routing and IPAM on AWS EKS. Learn how eBPF, native routing, and ENI IPAM power scalable Kubernetes networking.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cilium networking concepts: Routing and IPAM - IMESH\" \/>\n<meta property=\"og:description\" content=\"Explore Cilium routing and IPAM on AWS EKS. Learn how eBPF, native routing, and ENI IPAM power scalable Kubernetes networking.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/\" \/>\n<meta property=\"og:site_name\" content=\"IMESH\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-08T11:03:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-19T10:20:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1450\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Soubhagya Das\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Soubhagya Das\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/\"},\"author\":{\"name\":\"Soubhagya Das\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/person\/f24ff7de8ff9b6190b8d0822ae2501aa\"},\"headline\":\"Cilium networking concepts: Routing and IPAM\",\"datePublished\":\"2026-01-08T11:03:35+00:00\",\"dateModified\":\"2026-01-19T10:20:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/\"},\"wordCount\":1623,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png\",\"articleSection\":[\"Cilium\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/\",\"url\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/\",\"name\":\"Cilium networking concepts: Routing and IPAM - IMESH\",\"isPartOf\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png\",\"datePublished\":\"2026-01-08T11:03:35+00:00\",\"dateModified\":\"2026-01-19T10:20:07+00:00\",\"description\":\"Explore Cilium routing and IPAM on AWS EKS. Learn how eBPF, native routing, and ENI IPAM power scalable Kubernetes networking.\",\"breadcrumb\":{\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage\",\"url\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png\",\"contentUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png\",\"width\":1450,\"height\":836},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/imesh.ai\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cilium networking concepts: Routing and IPAM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/imesh.ai\/blog\/#website\",\"url\":\"https:\/\/imesh.ai\/blog\/\",\"name\":\"IMESH Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/imesh.ai\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/imesh.ai\/blog\/#organization\",\"name\":\"IMESH\",\"url\":\"https:\/\/imesh.ai\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg\",\"contentUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg\",\"width\":2560,\"height\":1665,\"caption\":\"IMESH\"},\"image\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/imeshai\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/person\/f24ff7de8ff9b6190b8d0822ae2501aa\",\"name\":\"Soubhagya Das\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-150x150.jpg\",\"contentUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-150x150.jpg\",\"caption\":\"Soubhagya Das\"},\"sameAs\":[\"http:\/\/imesh.ai\"],\"url\":\"https:\/\/imesh.ai\/blog\/author\/soubhagyaranjan-das\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cilium networking concepts: Routing and IPAM - IMESH","description":"Explore Cilium routing and IPAM on AWS EKS. Learn how eBPF, native routing, and ENI IPAM power scalable Kubernetes networking.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/","og_locale":"en_US","og_type":"article","og_title":"Cilium networking concepts: Routing and IPAM - IMESH","og_description":"Explore Cilium routing and IPAM on AWS EKS. Learn how eBPF, native routing, and ENI IPAM power scalable Kubernetes networking.","og_url":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/","og_site_name":"IMESH","article_published_time":"2026-01-08T11:03:35+00:00","article_modified_time":"2026-01-19T10:20:07+00:00","og_image":[{"width":1450,"height":836,"url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png","type":"image\/png"}],"author":"Soubhagya Das","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Soubhagya Das","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#article","isPartOf":{"@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/"},"author":{"name":"Soubhagya Das","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/person\/f24ff7de8ff9b6190b8d0822ae2501aa"},"headline":"Cilium networking concepts: Routing and IPAM","datePublished":"2026-01-08T11:03:35+00:00","dateModified":"2026-01-19T10:20:07+00:00","mainEntityOfPage":{"@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/"},"wordCount":1623,"commentCount":0,"publisher":{"@id":"https:\/\/imesh.ai\/blog\/#organization"},"image":{"@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage"},"thumbnailUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png","articleSection":["Cilium"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/","url":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/","name":"Cilium networking concepts: Routing and IPAM - IMESH","isPartOf":{"@id":"https:\/\/imesh.ai\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage"},"image":{"@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage"},"thumbnailUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png","datePublished":"2026-01-08T11:03:35+00:00","dateModified":"2026-01-19T10:20:07+00:00","description":"Explore Cilium routing and IPAM on AWS EKS. Learn how eBPF, native routing, and ENI IPAM power scalable Kubernetes networking.","breadcrumb":{"@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#primaryimage","url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png","contentUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png","width":1450,"height":836},{"@type":"BreadcrumbList","@id":"https:\/\/imesh.ai\/blog\/cilium-networking-concepts-routing-and-ipam\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/imesh.ai\/blog\/"},{"@type":"ListItem","position":2,"name":"Cilium networking concepts: Routing and IPAM"}]},{"@type":"WebSite","@id":"https:\/\/imesh.ai\/blog\/#website","url":"https:\/\/imesh.ai\/blog\/","name":"IMESH Blog","description":"","publisher":{"@id":"https:\/\/imesh.ai\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/imesh.ai\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/imesh.ai\/blog\/#organization","name":"IMESH","url":"https:\/\/imesh.ai\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg","contentUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg","width":2560,"height":1665,"caption":"IMESH"},"image":{"@id":"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/imeshai"]},{"@type":"Person","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/person\/f24ff7de8ff9b6190b8d0822ae2501aa","name":"Soubhagya Das","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/person\/image\/","url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-150x150.jpg","contentUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-150x150.jpg","caption":"Soubhagya Das"},"sameAs":["http:\/\/imesh.ai"],"url":"https:\/\/imesh.ai\/blog\/author\/soubhagyaranjan-das\/"}]}},"jetpack_featured_media_url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2025\/12\/cilium-img.png","_links":{"self":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts\/2196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/comments?post=2196"}],"version-history":[{"count":24,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts\/2196\/revisions"}],"predecessor-version":[{"id":2273,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts\/2196\/revisions\/2273"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/media\/2214"}],"wp:attachment":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/media?parent=2196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/categories?post=2196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/tags?post=2196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}