The Bad News •All have problems at scale •VLAN tags are limited •GRE has flooding problems •So does VXLAN •L2 broadcast is tricky •Trouble with geographically distributed sites
Project Calico •Majority of cloud workloads only need IP •Of those, almost all don’t care what IP address they have •Use these restrictions to build approach focused on simplicity and scale
Project Calico An (Apache licensed) open source project to enable networking of workloads in a data center / cloud environment Objectives: Simple Scale Open Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Open source and open standards
The Standard Model Virtual L2 segments, implemented in software by virtual switch vSwitch vSwitch vSwitch Linux Linux Linux Encap / de-encap (& flooding!) Outer MAC Outer IP Outer UDP VXLAN VM MAC VM IP VM TCP/UDP VM Data Router service required to hop between tenants NAT required for public Internet access On/off-ramp required to get to NAS, etc. Virtual L2 segments, implemented in software by virtual switch
The Calico Model BGP IP App IP App IP App Compute Node VMs / LXCs Router Host MAC VM IP VM TCP/UDP VM Data IP App IP App IP App Compute Node VMs / LXCs Router Any capable IP transport fabric (L2, L3, RFC1149…) Router BGP BGP
Core Principles •Highly efficient vRouter built on Linux kernel forwarding engine •Propagates reachability via BGP •Includes BGP route reflectors for internet-scale •Policy configured via ACLs
Simple •Packets now accurately reflect source and destination: no encap •No need to flood •Routing decisions are simple •Debugging is easy •No new code on the data path •No NAT •Everything is just IP
Scalable •Built like the Internet •Linux kernel handles many routes and ACLs quickly •Route reflectors allow BGP scale •Distributed routing is fault tolerant •All L3 fault-tolerance tools work
Freebies •IPv6 just works •Even in OpenStack Icehouse(!) •Today. Right now •Yes, really •Works well on any IP transport backbone •Can use known L3 technologies: • ECMP • Anycast
lukasa
takuyay0ne
alexzhukovich
squer
munetoshi
gishi_yama
koic
syossan27
koba04
manfredsteyer
masatoshiitoh
totokit4
hollycummins
davidbonilla
kastner
aki_iinuma
eileencodes
jensimmons
dougneiner
chrislema
lauravandoore
jakevdp
3n
bcantrill
bkeepers