Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation


Welcome to the official repository of L2S-M, a Kubernetes operator that enables virtual networking in K8s clusters.

Link-Layer Secure connectivity for Microservice platforms (L2S-M) is a K8s networking solution that complements the CNI plugin approach of K8s to create and manage virtual networks in K8s clusters. These virtual networks allow workloads (pods) to have isolated link-layer connectivity with other pods in a K8s cluster, regardless of the k8s node where they are actually deployed. L2S-M enables the creation/deletion of virtual networks on-demand, as well as attaching/detaching pods to that networks. The solution is seamlessly integrated within the K8s environment, through a K8s operator:

alt text

L2S-M provides its intended functionalities using a programmable data-plane based on Software Defined Networking (SDN), which in turn provides a high degree of flexibility to dynamically incorporate new application and/or network configurations into K8s clusters. Moreover, L2S-M has been designed to flexibly accommodate various deployment options, ranging from small K8s clusters to those with a high number of distributed nodes.

The main K8s interface of pods remains intact (provided by a CNI plugin), retaining the compatibility with all the standard K8s elements (e.g., services, connectivity through the main interface, etc.). Moreover, the solution has the potential to be used for inter-cluster communications to support scenarios where network functions are spread through multiple distributed infrastructures (this is still a work in progress).

The figure outlines the design of L2S-M. See how L2S-M works to read further details on the L2S-M solution.

If you want to learn how to install L2S-M in your cluster, see the installation guide of this repository to start its installation.

Did you already install the operator and you cannot wait to start building your own virtual networks in your K8s cluster? Check out our ping-pong example!

If you want more information about the original idea of L2S-M and its initial design, you can check our latest publication in the IEEE Network journal:

  • L. F. Gonzalez, I. Vidal, F. Valera and D. R. Lopez, "Link Layer Connectivity as a Service for Ad-Hoc Microservice Platforms," in IEEE Network, vol. 36, no. 1, pp. 10-17, January/February 2022, doi: 10.1109/MNET.001.2100363.

Did you like L2S-M and want to use it in your K8s infrastructure or project? Please, feel free to do so, and don't forget to cite us!

Demo video

This video exemplifies the process to create virtual networks in Kubernetes using the L2S-M open-source software. More concretely, it shows how L2S is used to create a simple content distribution network on a Kubernetes cluster.

Inter-cluster communications

We are currently working on a solution to enable communications among workloads deployed on differente Kubernetes clusters. The solution enables the creation and deletion of virtual link-layer networks to connect application workloads running in different virtualization domains. This way, it supports inter-domain link-layer communications among remote workloads.

The solution can work jointly with L2S-M or be used standalone through the Multus CNI. Details can be checked here.

The solution enables the creation and deletion of virtual link-layer networks to connect application workloads running in different virtualization domains. This way, it supports inter-domain link-layer communications among remote workloads.

Additional information about L2S-M

In the following section of the repository, you can find a series of documents and slides that provide additional information about L2S-M, including presentations where our solution has been showcased to the public in various events.

L2S-M has been presented in the following events:

Use cases where L2S-M has been used:

The following publications and references showcase various use cases where L2S-M was used as the basis for providing secure communications within one, or multiple, Kubernetes clusters:

  • Fishy Reference Framework: Complex experimentation platform developed to support the H2020 FISHY project use cases & its main functionalities. L2S-M was utilised as a component that provided secured communications between all FISHY functionalities and elements, either virtualised or physical.

    • I. Vidal et al., 'A Multi-domain Testbed for Collaborative Research on the IoT-Edge-Cloud Continuum,' in 2023 20th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), 2023, pp. 394--395. DOI: 10.1109/SECON58729.2023.10287436.
  • Smart Campus use case: This use case was centred around the deployment of a "Content Delivery Network" (CDN) for distributing audiovisual content in a Univeristy environment composed of multiple edge and cloud K8s clusters. L2S-M provided inter-cluster and intra-cluster networking to securely connect all its elements.

    • L. F. Gonzalez, I. Vidal, F. Valera, R. Martin, and D. Artalejo, 'A Link-Layer Virtual Networking Solution for Cloud-Native Network Function Virtualisation Ecosystems: L2S-M,' Future Internet, vol. 15, no. 8, 2023.* DOI: 10.3390/fi15080274. [Online]. Available here.
  • Secure Federated Learning use case: This use case, done in collaboration with the University of Bristol, was centred around the implementation of a secured federated learning infrastructure. L2S-M enabled the isolated and secured communication between the FL clients and the server.

    • J. M. Parra-Ullauri, L. F. Gonzalez, A. Bravalheri, R. Hussain, X. Vasilakos, I. Vidal, F. Valera, R. Nejabati, and D. Simeonidou, 'Privacy Preservation in Kubernetes-based Federated Learning: A Networking Approach,' in IEEE INFOCOM2023 - IEEE Conference on Computer CommunicationsWorkshops (INFOCOMWKSHPS), 2023, pp. 1--7. DOI: 10.1109/INFOCOMWKSHPS57453.2023.10225925.

How to reach us

Do you have any doubts about L2S-M or its installation? Do you want to provide feedback about the solution? Please, do not hesitate to contact us out through e-mail!


The work in this open-source project has partially been supported by the European Horizon NEMO project (grant agreement 101070118), the European Horizon CODECO project (grant agreement 101092696), and by the national 6GINSPIRE project (PID2022-137329OB-C429).

Other projects where L2S-M has been used