Upload
sukhesh-halemane
View
343
Download
2
Embed Size (px)
Citation preview
Kubernetes Meetup #8Networking for Microservcies
Sukhesh Halemane @shalemanJoji Mekkat @jojimt
April 21
• Container Networking and Storage with Ops Policies• Provides Northbound Integration: entire policy model
exposed natively– Besides REST interfaces, auto-generated Go/Python clients
• Open Sourced at https://github.com/contiv
Contiv - Introduction
Container Connectivity Policies for networking Variety of connectivity options Works with Kubernetes, Docker,
Mesos, Nomad
Contiv Networking
Policy for volume allocation Snapshots, IOPs rate-limiting,
Garbage Collection, etc. Works with Docker
Contiv Storage
Node Discovery, Inventory Node Life-Cycle Management Complete Stack, managed Works for cloud, optimized for
Bare-Metal
Contiv Cluster
Contiv UI
• Kubernetes Networking Plugin• Kubernetes provides a very flexible and open plugin interface
• Enables wider datacenter use cases
Contiv Networking
Microservice Aware
• Segmentation and policies per Microservice
• Service discovery and routing
• Application telemetry and visibility
Physical Network Integration
• Pure L3 Routed Networks• Classic L2 and overlay
networks• Cisco SDN solutions• Features
• Fully multi tenant• Built in IPAM• Public/private cloud
deployments
Single Forwarding pipeline
• High performance Openflow based pipeline in kernel
• Highly programmable and extensible
• IP Routing, security policies, L4 load balancing and telemetry in single switching pipeline
Contiv Networking Architecture
Contiv MasterContiv Master
Contiv MasterContiv Master
Contiv MasterCollector
Host 1
Contiv Datapath
Contiv Agent
Host 2
Contiv Agent
Host 3
Contiv Datapath
Contiv Datapath
Contiv UI
Contiv Agent
Microservices == Distributed Systems
• Problems of distributed systems– Complex calling patterns– RPC mechanisms
• How can networking help?• Connectivity maps: who is talking to who• Historical Data for Application
Tuning/Characterization• No need for code instrumentation or running
agents• Always-on logging can serve as audit trail
• E.g. who accessed DB tier and if they were authorized accesses
Application Telemetry
• What data to collect?• Time-stamped Interactions between containers and services
• Flow level stats (5 or 7 tuple)
• Per container Stats• Rx/Tx Bytes and Packets
• TCP connection lengths (Syn/Fin correlation)• Security Policy violations• Bandwidth consumption
• Challenges• Granularity
• Between micro-services, Between containers, Flows (protocol/port), REST calls• Frequency and sampling
• How to handle transient flows?• Scale• Analytics• Providing a Nicer way to consume it
DEMO
Kuber: On demand taxi app
APP DBAPP Passenger
DBAPPPassenger APP
APP DBAPP Driver DB
APPDriver APP
APP DBAPP Trips DB
APPTrips APP
APP DBAPP Payments
DBAPPPayments APP
WebWeb
WebWeb
WebWeb
WebWeb
9© 2015 Cisco and/or its affiliates. All rights reserved.
Thank you
contiv.ioFind us on Github
http://github.com/contiv