Production Ready Container Networking

Docker San Jose MeetupJuly 21st, 2016

Github: @jainvipin | Twitter: @jainvipin_

Developer/Hacker/Collaborator/Disruptor

Networking Enthusiast, Cisco Employee

DevOps, Golang Fan

Lately, Mining Containers

Who am I?

A word about Contiv Networking for Containers

• Multi-tenant multi-host networking for containers• Service Load Balancing, Security Policies, Telemetry• Physical Network Integration, etc.

Storage for Containers• Persistent Storage for Containers• Policies for allocation, garbage collection, snapshots, IOPs rate limiting, etc. • Supports Ceph, NFS backends, etc.

Clustering• Discover, Provision and Manage nodes

All Open Sourced• Componentized packages for individual use• Hacks/Contributions Welcome!

Sponsored by Cisco

1. Scale: 200-500 containers per host may not be unusual• Efficient Packing; More State (endpoints, networks, policies, DNS queries, etc.)• More of Everything!

2. Speed: Comes up in a second (many more simultaneously in a cluster)• Automation is a MUST• Network/Volume/Scheduling must be quick to provision• And work at scale!

3. Layers of Orchestration: Container Layer, VM Layer, Physical Layer• Challenges Workload Visibility: Encap in encap makes it obscure• Makes Monitoring/Diagnostics difficult• Reduces Performance: Processing at each layer, and encapsulation/abstraction would affect performance• Nested and Migrating Apps

4. Stable Predictable Networking Deployment• Components of networking, and elements should be easy and predictable to install and run

Production Readiness Networking Challenges

5. Application Centric (vs. Infrastructure centric) consumption of resources• Creating networks, volumes as applications need, and dispose them accordingly• Must integrate with application blue-print• Keeping it easy to consume for application

6. Shared Resources• Needs Predictable resource acquisition/disposal => Need Ops Policies

7. Hybrid Scenarios• Consistency, Security, Connectivity across heterogeneous workloads• Across private/public cloud

8. Security• Tenancy, Isolation, Compliance for network/storage/compute

9. Telemetry and Diagnostics• Need to be real time, Must work at the scale/speed

Production Readiness Networking Challenges

Shared Resources

Policies for Resource Acquisition

Hybrid Cloud

Consistent Policies For Network

Security

Tenant Isolation Security Policies

Telemetry /Diagnostics

Application Statistics Data Export

Contiv’s ApproachScale

Route and Policy Distribution

Speed

Automated Scale-out

Orchestration Layers

Flat Networks Bare Metal Options

Application Centric

Integrated with App Blueprint

Elements of Contiv NetworkingCluster-wide Connectivity

Truly Multi-tenant

Network Isolation

Traffic Prioritization

App-Blueprint Integration

Network Monitoring

Scalable

Physical Network Integration: { L2 | L3 | SDN-Fabric }

Micro Services Ready

Leverages NIC

IPAM, Service Discovery

Contiv Networking

High Throughput

Thanks!

http://contiv.io

http://contiv.github.io/documents/tutorials/container-101.html