Kubernetes Meetup #8Networking for Microservcies

Sukhesh Halemane @shalemanJoji Mekkat @jojimt

April 21

• Container Networking and Storage with Ops Policies• Provides Northbound Integration: entire policy model

exposed natively– Besides REST interfaces, auto-generated Go/Python clients

• Open Sourced at https://github.com/contiv

Contiv - Introduction

Container Connectivity Policies for networking Variety of connectivity options Works with Kubernetes, Docker,

Mesos, Nomad

Contiv Networking

Policy for volume allocation Snapshots, IOPs rate-limiting,

Garbage Collection, etc. Works with Docker

Contiv Storage

Node Discovery, Inventory Node Life-Cycle Management Complete Stack, managed Works for cloud, optimized for

Bare-Metal

Contiv Cluster

Contiv UI

• Kubernetes Networking Plugin• Kubernetes provides a very flexible and open plugin interface

• Enables wider datacenter use cases

Contiv Networking

Microservice Aware

• Segmentation and policies per Microservice

• Service discovery and routing

• Application telemetry and visibility

Physical Network Integration

• Pure L3 Routed Networks• Classic L2 and overlay

networks• Cisco SDN solutions• Features

• Fully multi tenant• Built in IPAM• Public/private cloud

deployments

Single Forwarding pipeline

• High performance Openflow based pipeline in kernel

• Highly programmable and extensible

• IP Routing, security policies, L4 load balancing and telemetry in single switching pipeline

Contiv Networking Architecture

Contiv MasterContiv Master

Contiv MasterContiv Master

Contiv MasterCollector

Host 1

Contiv Datapath

Contiv Agent

Host 2

Contiv Agent

Host 3

Contiv Datapath

Contiv Datapath

Contiv UI

Contiv Agent

Microservices == Distributed Systems

• Problems of distributed systems– Complex calling patterns– RPC mechanisms

• How can networking help?• Connectivity maps: who is talking to who• Historical Data for Application

Tuning/Characterization• No need for code instrumentation or running

agents• Always-on logging can serve as audit trail

• E.g. who accessed DB tier and if they were authorized accesses

Application Telemetry

• What data to collect?• Time-stamped Interactions between containers and services

• Flow level stats (5 or 7 tuple)

• Per container Stats• Rx/Tx Bytes and Packets

• TCP connection lengths (Syn/Fin correlation)• Security Policy violations• Bandwidth consumption

• Challenges• Granularity

• Between micro-services, Between containers, Flows (protocol/port), REST calls• Frequency and sampling

• How to handle transient flows?• Scale• Analytics• Providing a Nicer way to consume it

DEMO

Kuber: On demand taxi app

APP DBAPP Passenger

DBAPPPassenger APP

APP DBAPP Driver DB

APPDriver APP

APP DBAPP Trips DB

APPTrips APP

APP DBAPP Payments

DBAPPPayments APP

WebWeb

WebWeb

WebWeb

WebWeb

9© 2015 Cisco and/or its affiliates. All rights reserved.

Thank you

contiv.ioFind us on Github

http://github.com/contiv