Calico

Calico provides container and Kubernetes network security through network policy enforcement, zero-trust networking, and runtime threat defense built on open-source Project Calico. Unlike traditional Kubernetes networking relying on iptables creating performance bottlenecks, Calico delivers eBPF-powered data plane performing packet processing directly in Linux kernel eliminating overhead while providing native Kubernetes service handling without kube-proxy.

Built on pluggable data plane architecture supporting eBPF, standard Linux networking, Windows HNS, and VPP, Calico powers over 100 million containers across 8 million nodes in 166 countries. Core capabilities include Kubernetes Network Policy enforcement with fine-grained pod-to-pod communication controls, DNS policy enforcement controlling domain-based access, egress gateway managing outbound traffic, and WireGuard encrypted tunneling. The eBPF data plane delivers higher throughput with lower CPU consumption, scales to thousands of services, and provides XDP-based DDoS mitigation with source IP-preserving load balancing. Additional capabilities include runtime threat detection with threat intelligence integration, vulnerability management with container image scanning, compliance automation for CIS Benchmarks, and detailed flow logs with network visualization for forensics.

Founded in 2016 by Andrew Randall and Christopher Liljenstolpe from original Project Calico engineering team, Tigera raised $65 million. Project Calico has grown to be most widely adopted container networking and security solution, used by Discover, Chipotle, NBCUniversal, Box, Siemens Healthineers, Royal Bank of Canada, and Bell Canada. Tigera offers Calico Open Source as free community edition, Calico Cloud as SaaS platform, and Calico Enterprise as self-managed platform.