Antrea is a Kubernetes-native project that implements the Container Network Interface (CNI) and Kubernetes NetworkPolicy to provide network connectivity and security for pod workloads.

The project enforces the Kubernetes Network Policy API which assigns network traffic filtering rules to pods and extends firewall functionality to the pod edge to enable the nano-segmentation of workloads. 

It also extends the benefit of programmable networks from Open vSwitch (OVS) to simplify Kubernetes networking across differing clouds and operating systems with a unified network stack.

Antrea can be extended to support advanced networking use cases like kernel bypass and network service mesh. 

Antrea can allocate external IPs to load balancer service types from a pool that one sets. When a service is created, the “virtual IP” is allocated to one of the nodes with a “nodeSelector” and the traffic is routed ky kube-proxy (or antrea proxy) to the service endpoints.

Additional details on Antrea are available here