I am trying to understand how do Calico Global Network Policies work "under the hood". Let's say I have lots of (namespaced) network policies. For example, the same policy deployed to lots of namespaces. Common example might be to block or allow specific traffic in all namespaces. And let's say in this example, these are specialized workloads all deployed to a single node. If I replace these large number of (namespaced) policies with a single global network policy, will it reduce the number of IP table rules configured on the node?
I did some testing. Implementing a Calico Global network policy does result in reduced number of iptables rules on the host.