container networking challenges for production readiness
TRANSCRIPT
Production Ready Container Networking
Docker San Jose MeetupJuly 21st, 2016
Github: @jainvipin | Twitter: @jainvipin_
Developer/Hacker/Collaborator/Disruptor
Networking Enthusiast, Cisco Employee
DevOps, Golang Fan
Lately, Mining Containers
Who am I?
A word about Contiv Networking for Containers
• Multi-tenant multi-host networking for containers• Service Load Balancing, Security Policies, Telemetry• Physical Network Integration, etc.
Storage for Containers• Persistent Storage for Containers• Policies for allocation, garbage collection, snapshots, IOPs rate limiting, etc. • Supports Ceph, NFS backends, etc.
Clustering• Discover, Provision and Manage nodes
All Open Sourced• Componentized packages for individual use• Hacks/Contributions Welcome!
Sponsored by Cisco
1. Scale: 200-500 containers per host may not be unusual• Efficient Packing; More State (endpoints, networks, policies, DNS queries, etc.)• More of Everything!
2. Speed: Comes up in a second (many more simultaneously in a cluster)• Automation is a MUST• Network/Volume/Scheduling must be quick to provision• And work at scale!
3. Layers of Orchestration: Container Layer, VM Layer, Physical Layer• Challenges Workload Visibility: Encap in encap makes it obscure• Makes Monitoring/Diagnostics difficult• Reduces Performance: Processing at each layer, and encapsulation/abstraction would affect performance• Nested and Migrating Apps
4. Stable Predictable Networking Deployment• Components of networking, and elements should be easy and predictable to install and run
Production Readiness Networking Challenges
5. Application Centric (vs. Infrastructure centric) consumption of resources• Creating networks, volumes as applications need, and dispose them accordingly• Must integrate with application blue-print• Keeping it easy to consume for application
6. Shared Resources• Needs Predictable resource acquisition/disposal => Need Ops Policies
7. Hybrid Scenarios• Consistency, Security, Connectivity across heterogeneous workloads• Across private/public cloud
8. Security• Tenancy, Isolation, Compliance for network/storage/compute
9. Telemetry and Diagnostics• Need to be real time, Must work at the scale/speed
Production Readiness Networking Challenges
Shared Resources
Policies for Resource Acquisition
Hybrid Cloud
Consistent Policies For Network
Security
Tenant Isolation Security Policies
Telemetry /Diagnostics
Application Statistics Data Export
Contiv’s ApproachScale
Route and Policy Distribution
Speed
Automated Scale-out
Orchestration Layers
Flat Networks Bare Metal Options
Application Centric
Integrated with App Blueprint
Elements of Contiv NetworkingCluster-wide Connectivity
Truly Multi-tenant
Network Isolation
Traffic Prioritization
App-Blueprint Integration
Network Monitoring
Scalable
Physical Network Integration: { L2 | L3 | SDN-Fabric }
Micro Services Ready
Leverages NIC
IPAM, Service Discovery
Contiv Networking
High Throughput
Thanks!
http://contiv.io
http://contiv.github.io/documents/tutorials/container-101.html