Connect, secure, and manage multi-cloud Kubernetes workloads with Antrea, an enterprise-grade CNI with centralized policy management via NSX.
Best for
Kubernetes networking is complex. Organizations running containers across multiple clusters and clouds need a consistent networking layer that simplifies operations, enforces security policies, and provides visibility into traffic flows.
Antrea provides a unified networking stack that works consistently across managed Kubernetes providers.
One CNI for vSphere with Tanzu, OpenShift, Rancher, EKS, AKS, and GKE. No more managing different networking configurations per platform.
Apply advanced network policies with cross-namespace enforcement, intrusion detection and prevention, and IPSec encryption for pod-to-pod traffic.
Security teams get granular control over container communication without slowing down development teams.
Manage network policies across all Kubernetes clusters from a single NSX console.
Define security policies once and enforce them consistently across every connected cluster, regardless of the underlying Kubernetes platform.
Traceflow diagnostics let you trace packet paths through the cluster to troubleshoot connectivity issues quickly.
IPFIX flow export gives operations teams real-time visibility into container network traffic patterns and anomalies.
Antrea is built on Open vSwitch (OVS) for high-performance data plane operations, delivering measurable improvements in network policy processing, resource efficiency, and encrypted throughput.
Enforce consistent network policies across vSphere with Tanzu, Red Hat OpenShift, SUSE Rancher, Amazon EKS, Azure AKS, and Google GKE.
Organizations running Kubernetes across multiple platforms get a single policy model instead of managing platform-specific networking configurations.
Go beyond standard Kubernetes NetworkPolicy with cross-namespace rules, intrusion detection and prevention (IDPS), and IPSec encryption for pod traffic.
Security teams can enforce zero-trust networking at the container level without modifying application code.
Define global security policies that cannot be overridden by application teams. Role-based tier control lets platform admins set baseline rules while developers manage application-level policies.
This separation of duties aligns with enterprise governance requirements.
Traceflow lets you trace the path of a packet through the Kubernetes network stack, identifying where traffic is being dropped or delayed.
IPFIX network flow export integrates with existing monitoring tools for traffic analysis and anomaly detection across clusters.
Organizations deploying Kubernetes on vSphere with Tanzu get Antrea as the integrated CNI. It also works with Red Hat OpenShift and SUSE Rancher for teams running multiple Kubernetes distributions.
Antrea uses Open vSwitch (OVS) as its data plane, providing high-performance pod networking with support for advanced features like Geneve and VXLAN encapsulation.
Managing network policies individually on each Kubernetes cluster does not scale. Antrea integrates with NSX to provide a single management console for network policy across all connected clusters.
Platform administrators define security policies in NSX, and Antrea enforces them consistently across every cluster. This works across on-premises and cloud-hosted Kubernetes environments.
Standard Kubernetes NetworkPolicy is limited. It does not support cross-namespace rules, intrusion detection, or encrypted pod communication out of the box.
Antrea extends Kubernetes networking with enterprise security capabilities. Teams can implement zero-trust container networking with granular policies, IDPS, and IPSec encryption between pods.
Antrea provides consistent container networking and policy enforcement across a broad ecosystem of Kubernetes platforms, enabling organizations to standardize networking regardless of where their clusters run.
Native integration with vSphere with Tanzu workload clusters
Enterprise Kubernetes with Antrea CNI replacement
Multi-cluster management with consistent networking
Extend enterprise policies to AWS-managed Kubernetes
Unified networking for Google Cloud Kubernetes workloads
Consistent policy enforcement on Azure Kubernetes Service
VMware Container Networking with Antrea is an enterprise-grade Kubernetes CNI (Container Network Interface) that provides pod networking, network policy enforcement, micro-segmentation, and centralized multi-cluster management through NSX integration.
It is built on Open vSwitch (OVS) for high-performance data plane operations and supports a wide range of Kubernetes platforms.
No. VMware Container Networking with Antrea is no longer sold as a standalone product. It is now included as part of VMware Cloud Foundation.
Organizations with an active VCF subscription have access to Antrea and its NSX integration capabilities at no additional licensing cost.
Antrea supports VMware vSphere with Tanzu, Red Hat OpenShift, SUSE Rancher, Amazon EKS, Google GKE, and Azure AKS.
This broad platform support enables organizations to enforce consistent network policies across hybrid and multi-cloud Kubernetes environments from a single management console.
Antrea registers Kubernetes clusters with NSX, enabling administrators to define and enforce network security policies from the NSX console. Policies are pushed to all connected clusters and enforced by Antrea at the pod level.
NSX also provides inventory visibility across clusters, including namespace, pod, and service information for topology mapping and troubleshooting.
Antrea provides micro-segmentation with cross-namespace policies, intrusion detection and prevention (IDPS), IPSec encryption for pod-to-pod traffic, and tiered policy management with role-based access control.
These capabilities go beyond standard Kubernetes NetworkPolicy and allow security teams to implement zero-trust container networking at enterprise scale.
VirtualizationWorks helps organizations plan Kubernetes networking with Antrea, understand VCF licensing, and design multi-cluster policy architectures.
Have questions about this product, VMware licensing, or deployment options? Fill out the form below and a VirtualizationWorks specialist will follow up.
