Drop-in CNI plugin replacement for Kubernetes bandwidth limiting with intelligent heavy hitter detection using eBPF.
Natra (Nätrå - Network-Rå) protects your Kubernetes workloads from network traffic overload using:
- Count-Min Sketch for memory-efficient heavy hitter detection
- Token Bucket rate limiting for precise traffic control
- tcx (TC eXpress) for qdisc-less eBPF attachment that coexists with AWS VPC CNI
Unlike standard bandwidth plugins that rate limit ALL traffic uniformly, Natra detects heavy hitters within a Pod's flows and only throttles those - letting legitimate traffic flow freely.
Active Development - Phase 0 Complete (CNI Architecture)
# Deploy CNI plugin installer to cluster
kubectl apply -f deploy/cni-installer.yaml
# Create a Pod with bandwidth annotation
kubectl run test --image=nginx --annotations="kubernetes.io/ingress-bandwidth=10M"# Build CNI plugin
make build-cni
# Build Docker image
make docker-build
# Run tests
make test- Linux kernel 6.6+ (for tcx support) or 5.x+ (clsact fallback)
- Go 1.22+
- clang/llvm (for eBPF compilation)
- Docker
- Kubernetes cluster (for deployment)
- Architecture - System design and technical decisions
- CNI Specification - CNI compliance documentation
- Development Guide - Local setup and development workflow
Apache License 2.0 - see LICENSE for details.