diff --git a/docs/calico.md b/docs/calico.md
index d213f1f72281ea7e8db1d1b1ad4d337847062360..5eedef8acac195e01ac228b4ea00c8c8d2e62baf 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -67,6 +67,15 @@ To re-define you need to edit the inventory and add a group variable `calico_net
 calico_network_backend: none
 ```
 
+##### Optional : Define the default pool CIDR
+
+By default, `kube_pods_subnet` is used as the IP range CIDR for the default IP Pool.
+In some cases you may want to add several pools and not have them considered by Kubernetes as external (which means that they must be within or equal to the range defined in `kube_pods_subnet`), it starts with the default IP Pool of which IP range CIDR can by defined in group_vars (k8s-cluster/k8s-net-calico.yml):
+
+```
+calico_pool_cidr: 10.233.64.0/20
+```
+
 ##### Optional : BGP Peering with border routers
 
 In some cases you may want to route the pods subnet and so NAT is not needed on the nodes.
@@ -86,6 +95,12 @@ In order to define global peers, the `peers` variable can be defined in group_va
 In order to define peers on a per node basis, the `peers` variable must be defined in hostvars.
 NB: Ansible's `hash_behaviour` is by default set to "replace", thus defining both global and per node peers would end up with having only per node peers. If having both global and per node peers defined was meant to happen, global peers would have to be defined in hostvars for each host (as well as per node peers)
 
+Since calico 3.4, Calico supports advertising Kubernetes service cluster IPs over BGP, just as it advertises pod IPs.
+This can be enabled by setting the following variable as follow in group_vars (k8s-cluster/k8s-net-calico.yml)
+```
+calico_advertise_cluster_ips: true
+```
+
 ##### Optional : Define global AS number
 
 Optional parameter `global_as_num` defines Calico global AS number (`/calico/bgp/v1/global/as_num` etcd key).
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
index 21fd7994fb10fa4f2f21c0180a4fa7cc3f1ce28c..6ca30a24448ab97eb20cf970ae417c8eff0684be 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-net-calico.yml
@@ -11,6 +11,9 @@
 # add default ippool name
 # calico_pool_name: "default-pool"
 
+# add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
+# calico_pool_cidr: 1.2.3.4/5
+
 # Global as_num (/calico/bgp/v1/global/as_num)
 # global_as_num: "64512"
 
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 69611c33f724f2a3797c9b18c5fa078e55250e15..0d0cad2503630f9b4a7499c790d58cd6d7979c82 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -75,13 +75,23 @@
 
 - name: Calico | Check if calico network pool has already been configured
   shell: >
-    {{ bin_dir }}/calicoctl get ippool | grep -w "{{ kube_pods_subnet }}" | wc -l
+    {{ bin_dir }}/calicoctl get ippool | grep -w "{{ calico_pool_cidr | default(kube_pods_subnet) }}" | wc -l
   register: calico_conf
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
 
+- name: Calico | Ensure that calico_pool_cidr is within kube_pods_subnet when defined
+  assert:
+    that: "[calico_pool_cidr] | ipaddr(kube_pods_subnet) | length == 1"
+    msg: "{{ calico_pool_cidr }} is not within or equal to {{ kube_pods_subnet }}"
+  delegate_to: localhost
+  run_once: true
+  when:
+    - 'calico_conf.stdout == "0"'
+    - calico_pool_cidr is defined
+
 - name: Calico | Configure calico network pool
   shell: >
     echo "
@@ -91,7 +101,7 @@
           "name": "{{ calico_pool_name }}",
         },
         "spec": {
-          "cidr": "{{ kube_pods_subnet }}",
+          "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
           "ipipMode": "{{ ipip_mode }}",
           "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl create -f -
   run_once: true
@@ -107,7 +117,7 @@
         "spec": {"disabled": false, "ipip": {"enabled": {{ ipip }}, "mode": "{{ ipip_mode|lower }}"},
                  "nat-outgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}},
         "apiVersion": "v1",
-        "metadata": {"cidr": "{{ kube_pods_subnet }}"}
+        "metadata": {"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}"}
       }' | {{ bin_dir }}/calicoctl apply -f -
   environment:
     NO_DEFAULT_POOLS: true
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
index 9ce2483cc8a6f502ab0b24629e5f97653ba22bc3..be76da0abdcefc0b8f619c7d64fa529881e5d0eb 100644
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -17,7 +17,7 @@
       "ipam": {
         "type": "calico-ipam",
         "assign_ipv4": "true",
-        "ipv4_pools": ["{{ kube_pods_subnet }}"]
+        "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"]
       },
 {% if enable_network_policy %}
       "policy": {