Calico and CoreOS, March 2015

Transcript

1. THE BRAINS OF THE NEW GLOBAL NETWORK CALICO ON COREOS

   - SIMPLE IP NETWORKING FOR CLUSTERED DOCKER CONTAINERS Neil Jerram 10th March 2015 Metaswitch Networks | Proprietary and confidential | © 2014 | 1

2.  Open source (Apache licensed) project  Networking of workloads

   in a data center / cloud environment  Sponsored by Metaswitch WHAT IS CALICO? Metaswitch Networks | Proprietary and confidential | © 2014 | 2 Simple Scale Open Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Open source and open standards

3. VIRTUAL NETWORKING FOR CONTAINERS Metaswitch Networks | © 2015 |

   3 Kernel NAT + Port Mapping Linux Bridge Container Container Container Kernel NAT + Port Mapping Linux Bridge Container Container Container

4. Virtual L2 segments, implemented in software by virtual switch THE

   STANDARD VIRTUAL NETWORKING MODEL Metaswitch Networks | Proprietary and confidential | © 2014 | 4 vSwitch vSwitch vSwitch Linux Linux Linux Encap / de- encap (& flooding!) Outer MAC Outer IP Outer UDP VXLAN VM MAC VM IP VM TCP/UDP VM Data Router service required to hop between tenants NAT required for public Internet access On/off-ramp required to get to NAS, etc. Virtual L2 segments, implemented in software by virtual switch

5. ☹ Unnecessary complexity ☹ Low scale limits ☹ Performance issues

   ☹ Management overhead ☹ Inefficient resource utilization ☹ Difficulty troubleshooting ☹ Demands placed on application developers to be networking experts THIS LEADS TO… Metaswitch Networks | Proprietary and confidential | © 2014 | 5 ALL solutions that use overlay / underlay model suffer from these effects, however they are mitigated. These issues become critical with containers due to the higher scale than VMs (100s vs 10s per server) … It doesn’t have to be this way!

6. Metaswitch Networks | Proprietary and confidential | © 2014 |

   6

7. WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET?

   Metaswitch Networks | Proprietary and confidential | © 2014 | 7 IP App IP App IP App IP App IP App IP App IP App IP App Router Router Router BGP BGP Hosts

8. WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET?

   Metaswitch Networks | Proprietary and confidential | © 2014 | 8 IP App IP App IP App IP App IP App IP App IP App IP App BGP BGP Compute Node Compute Node VMs / LXCs Router Router Router VMs / LXCs

9. ADVANTAGES OF THE CALICO MODEL  More scalable  Based

   on proven Internet-style architecture  More efficient  Simplified data path between VMs and physical network  Equal Cost Multi-Path (ECMP) enables full utilization of physical links  Easier to troubleshoot  Eliminates nested IP stacks needed for overlay-based networking  More secure  Applies traffic isolation rules at both egress and ingress points  More interoperable  Supports direct connectivity between VMs, Linux Containers (LXCs) and physical devices  Does not require “On/Off ramps” for non-virtualized network elements  More robust  Load-balancing and resilience easily provided by Anycast  More straightforward  1:1 NAT and floating IPs are no longer strict requirements  More distributable  Supports geographically distributed service chains straightforwardly Metaswitch Networks | Proprietary and confidential | © 2014 | 9

10. DEMO TIME… Metaswitch Networks | Proprietary and confidential | ©

    2014 | 10 CoreOS Host 1 Policy Group 1 (“Default”) L2 Policy Group 2 (“Group_A”) CoreOS Host 2 Container C 192.168.1.3 Container B 192.168.1.2 Container A 192.168.1.1 Workloads Felix BIRD Calico Control Plane (‘node’ container) Container E 192.168.1.5 Container D 192.168.1.4 Workloads Felix BIRD Calico Control Plane (‘node’ container) etcd, Powerstrip etcd, Powerstrip Plugin.ep Plugin.net Calico Orchestrator (‘master’ container) ACL Manager

11. DEMO TIME… Metaswitch Networks | Proprietary and confidential | ©

    2014 | 11 CoreOS Host 1 Policy Group 1 (“Default”) L2 Policy Group 2 (“Group_A”) CoreOS Host 2 Container C 192.168.1.3 Container B 192.168.1.2 Container A 192.168.1.1 Workloads Felix BIRD Calico Control Plane (‘node’ container) Container E 192.168.1.5 Container D 192.168.1.4 Workloads Felix BIRD Calico Control Plane (‘node’ container) etcd, Powerstrip etcd, Powerstrip Plugin.ep Plugin.net Calico Orchestrator (‘master’ container) ACL Manager

12. DEMO Metaswitch Networks | Proprietary and confidential | © 2014

    | 12

13. GET INVOLVED  Main project website: www.projectcalico.org  Github 

    https://github.com/Metaswitch/ calico-docker  Mailing list:  http://lists.projectcalico.org/listi nfo/calico  Download & try it out  We welcome your feedback and contributions Metaswitch Networks | Proprietary and confidential | © 2014 | 13