Tigera, creator and maintainer of the open-source networking project Project Calico, has announced a major expansion of its unified network security platform designed for Kubernetes environments. The updates aim to help enterprises consolidate infrastructure and accelerate the migration of legacy workloads to cloud-native platforms.

The expansion introduces several capabilities focused on improving cluster management, reducing operational complexity and enabling smoother migration from virtual machine environments.

Among the new features is an AI Assistant for Calico, which introduces a conversational intelligence layer to help engineers troubleshoot networking and security issues. Instead of relying on complex log analysis and query languages, engineers can ask questions in natural language and receive context-aware explanations based on real cluster telemetry. The assistant can also proactively identify misconfigurations, unused network policies and potential security exposures.

Tigera has also launched the Calico Load Balancer, a software-defined load balancing capability built directly into the platform. Designed to replace traditional hardware-based appliances, the solution uses an eBPF-based data plane to provide high-performance load balancing within Kubernetes clusters.

According to the company, the distributed architecture allows existing cluster nodes to function as a load-balancing tier. This enables horizontal scaling, reduces reliance on external networking hardware and allows platform teams to configure services using standard Kubernetes workflows.

The load balancer also supports session persistence for stateful applications and allows nodes to be taken offline for maintenance without interrupting active user sessions. Tigera said the design can reduce latency by enabling return traffic to follow shorter network paths compared with traditional appliance-based systems.

Another key feature is new Layer 2 networking support that allows virtual machines to be migrated into Kubernetes environments without changing their existing IP addresses or VLAN configurations. The capability is designed to reduce migration friction for organisations moving workloads from platforms such as VMware to Kubernetes-based environments.

Through this approach, virtual machines can transition into Kubernetes platforms such as KubeVirt while maintaining their original network identity. Tigera said this helps organisations avoid large-scale network redesigns that often slow down modernisation projects.

Once migrated, the workloads gain access to Calico’s built-in network security capabilities, including microsegmentation and policy-based traffic control. The company said this enables organisations to simplify their security architecture while improving visibility across container and virtual machine workloads.

Ratan Tipirneni, chief executive officer of Tigera, said the growing operational burden of managing legacy infrastructure and fragmented environments has created challenges for enterprise platform teams.

“The industry is at a breaking point where the operational overhead of managing legacy hardware and fragmented VM silos is no longer sustainable,” Tipirneni stated.

“By building a distributed load balancer into the fabric of Calico, launching an AI assistant that troubleshoots at the speed of thought, and introducing live migration support to move VMs to Kubernetes, we are giving platform teams the power to innovate rather than spend hours managing and troubleshooting,” he added.

The expanded platform is designed to provide a unified approach to networking, security and observability across containerised and virtualised environments. Tigera said the platform enables consistent network policy enforcement across multiple layers while providing centralised visibility for platform teams.

Calico is designed to operate across multiple Kubernetes distributions, as well as environments that include virtual machines and bare-metal infrastructure. Tigera said this flexibility helps enterprises avoid vendor lock-in while supporting hybrid and multi-cloud deployment models.

The latest updates reflect a broader industry shift toward consolidating networking and security capabilities into integrated platforms as organisations continue to scale their cloud-native infrastructure.