networking
Kubernetes Bandwidth Estimator
Estimate internal pod-to-pod bandwidth, external egress, and recommended NIC size for your Kubernetes cluster. Accounts for service mesh overhead and Hetzner egress pricing.
Kubernetes Network Capacity Planning
Kubernetes cluster networking has two distinct traffic types: internal (east-west, pod-to-pod) and external (north-south, ingress/egress). Each has different bottlenecks.
Internal Bandwidth
internal_mbps = pods × req_per_pod_sec × payload_kb × 8 / 1000This is bidirectional — each request involves a sender and receiver, so actual NIC utilization is doubled. Add 2× headroom for burst.
Egress Billing (Hetzner)
Hetzner includes 20 TB/mo outbound per server. Traffic within a Hetzner private network (vSwitch) is free:
# Use private network IPs between services
# Public → Private: free
# Private → Private: free
# Private → Internet: counts against quotaNIC Saturation Signs
- ›Node network drops:
kubectl top nodesshows high network IO - ›
ethtool -Sshows non-zero drops| grep drop - ›Cilium:
cilium monitor --type dropshows kernel-level drops
Reducing Internal Bandwidth
- ›Enable gRPC instead of REST (smaller payloads, multiplexing)
- ›Use protocol buffers instead of JSON (3–10× smaller)
- ›Place high-traffic pod pairs on the same node (avoids network hop)
- ›Use Cilium's node-local DNS cache to eliminate DNS traffic overhead
Frequently Asked Questions
How do I find my actual pod-to-pod bandwidth?
Run iperf3 between pods: `kubectl run iperf-server --image=networkstatic/iperf3 -- -s` then `kubectl run iperf-client --image=networkstatic/iperf3 -- -c <server-ip> -t 30`. Cilium Hubble also shows per-flow bandwidth metrics without any additional tooling.
How much egress does Hetzner include for free?
Hetzner includes 20 TB/month of outbound traffic per server. Traffic between Hetzner servers in the same network (private network) is free and doesn't count against this quota. Overages are €1/TB.
When do I need a 10 Gbps NIC?
When your peak internal bandwidth exceeds ~5 Gbps (to leave headroom). Hetzner's cx and cax servers have 1 Gbps NICs. Dedicated servers (AX series) have 1 Gbps uplinks upgradeable to 10 Gbps. For high-throughput workloads (video processing, ML data loading), NIC saturation is a real risk.
Does service mesh overhead affect my egress bill?
No — service mesh overhead (Envoy headers, telemetry) only affects internal traffic and does not increase external egress. The overhead is in CPU/latency, not bandwidth.