diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
index 6d5987dc003777c9928703945f97fa8971c95a50..6eedfc3f3b2e73871a003d2f241a88887e234a3a 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
@@ -40,5 +40,9 @@
 # Generate TLS certs for secure typha<->calico-node communication
 # typha_secure: false
 
+# Scaling typha: 1 replica per 100 nodes is adequate
 # Number of typha replicas
 # typha_replicas: 1
+
+# Set max typha connections
+# typha_max_connections_lower_limit: 300
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 277fa36b81bcf9fb80732db083e52f757c724b36..dc9000f03e5202f37aae669cc389745afd033481 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -74,9 +74,15 @@ kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
 
 # Use typha (only with kdd)
 typha_enabled: false
+
+# Scaling typha: 1 replica per 100 nodes is adequate
 # Number of typha replicas
 typha_replicas: 1
 
+# Set max typha connections
+typha_max_connections_lower_limit: 300
+
+
 # Generate certifcates for typha<->calico-node communication
 typha_secure: false
 
diff --git a/roles/network_plugin/calico/templates/calico-typha.yml.j2 b/roles/network_plugin/calico/templates/calico-typha.yml.j2
index 227b07bcb3b3878e5f122f4a0cddd7c30bf1e51d..dbff9651416199e35952c3272af194c946ff4274 100644
--- a/roles/network_plugin/calico/templates/calico-typha.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-typha.yml.j2
@@ -82,6 +82,8 @@ spec:
             value: "kubernetes"
           - name: TYPHA_HEALTHENABLED
             value: "true"
+          - name: TYPHA_MAXCONNECTIONSLOWERLIMIT
+            value: "{{ typha_max_connections_lower_limit }}"
 {% if typha_secure %}
           - name: TYPHA_CAFILE
             value: /etc/ca/ca.crt