@projectcalico Sponsored by CONTAINER NETWORKING AN INTRODUCTION Ed Harrison @eepyaich 2 nd February 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
@projectcalico
Sponsored by
CONTAINER NETWORKING
AN INTRODUCTION
Ed Harrison
@eepyaich
2nd February
2016
@projectcalico
Host
Host
Networking – why do I care?
Application
A service
Host
Yet
another
service … and
another
application
…
… another
application
A service
… another
application
@projectcalico
Doesn’t Docker sort this out for me?
Host [10.0.0.1]
Application
[172.17.0.2]
A service
[172.17.0.3]
… another
[172.17.0.4]
Docker Bridge
Simple
Works “out of the box”
Easily understood
… but not “real IP
networking”
Onerous port assignment
constraints on applications
Requires app developers to
be aware of constraints
IP:10.0.0.1:80IP:10.0.0.1:80IP:10.0.0.1:8080
@projectcalico
What about multiple hosts, then?
Overlay networks
Connect each container to a virtual Layer 2 segment
Separate “overlay” domain over “underlay” network with GRE, MPLS, VXLAN, or proprietary tunneling protocols
Allows for isolation between networks
But…
Lots of state – 1,000 machines => full mesh
of 499,500 tunnels!
Breaking out of virtual network sandboxes
requires NAT / router
Requires app developers to be networking
experts
Host [10.0.0.1] Host [10.0.0.2]
192.168.0.1
192.168.0.2
19
2.1
68
.0.5
192.168.0.3192.168.0.4 172.17.0.2 17
2.1
7.0
.3
192.168.0.0/16
172.17.0.0/16
10.0.0.0/24
@projectcalico
Remember these “3 tier applications”?
What about security then?
@projectcalico
Getting Medieval
@projectcalico
Isolating Prod / Dev / Test
@projectcalico
The ideal security model
Port 3306
Port 80
@projectcalico Metaswitch Networks | Proprietary and
confidential | © 2014 | 9
@projectcalico
@projectcalico
The Internet Model
Router
Host Host Host Host
RouterRouter
IP IP IP IP… …
…
@projectcalico
Project Calico
HostHost
Router
Workload Workload Workload Workload
RouterRouter
IP IP IP IP
Plugin
… …
…
@projectcalico
An open source project to enable
scalable, simple and secure IP
networking in a data center / cloud
environment
What is Calico?
SimpleScalable SecureThousands of servers,
100k’s of workloads
Don’t demand users to
be networking experts
Rich micro-service
policy framework
@projectcalico
Life Before and after Calico
Before Calico After Calico
Scale challenges above few hundred
servers / thousands of workloads
Scale to millions of workloads with minimal
CPU and network overhead
Troubleshooting connectivity issues can
take hours
What is happening is “obvious” –
traceroute, ping, etc., work as expected
EXITOn/off ramps + NAT to break out of
overlay
Path from workload to non-virtual device
or public internet (or even between data
centers) is just a route
High availability / load balancing across
links requires LB function (virtual or
physical) and/or app-specific logic
Equal Cost Multi-Path (ECMP) & Anycast
just work, enabling scalable resilience and
full utilization of physical links
CC
NA
CCNA or equivalent required to
understand end-to-end networking,
deploy applications
Basic IP networking knowledge only
required
@projectcalico
Get Involved
Main project website:
www.projectcalico.org
Github
github.com/projectcalico
Mailing list, Slack info:
projectcalico.org/contact/
freenode IRC: #calico
Download & try it out
We welcome your
feedback and contributions
Follow us @projectcalico
Related Documents
