Calico and CoreOS, March 2015

Transcript

1. THE BRAINS OF THE NEW GLOBAL NETWORK
   CALICO ON COREOS - SIMPLE IP
   NETWORKING FOR CLUSTERED
   DOCKER CONTAINERS
   Neil Jerram 10th March 2015
   Metaswitch Networks | Proprietary and confidential | © 2014 | 1
   

   View Slide

2.  Open source (Apache licensed) project
    Networking of workloads in a data
   center / cloud environment
    Sponsored by Metaswitch
   WHAT IS CALICO?
   Metaswitch Networks | Proprietary and confidential | © 2014 | 2
   Simple
   Scale Open
   Thousands of servers,
   100k’s of workloads
   Don’t demand users to
   be networking experts
   Open source and open
   standards
   

   View Slide

3. VIRTUAL NETWORKING FOR CONTAINERS
   Metaswitch Networks | © 2015 | 3
   Kernel
   NAT + Port Mapping
   Linux Bridge
   Container Container
   Container
   Kernel
   NAT + Port Mapping
   Linux Bridge
   Container Container
   Container
   

   View Slide

4. Virtual L2 segments, implemented
   in software by virtual switch
   THE STANDARD VIRTUAL NETWORKING MODEL
   Metaswitch Networks | Proprietary and confidential | © 2014 | 4
   vSwitch vSwitch vSwitch
   Linux Linux Linux
   Encap / de-
   encap
   (& flooding!)
   Outer
   MAC
   Outer
   IP
   Outer
   UDP
   VXLAN
   VM
   MAC
   VM
   IP
   VM
   TCP/UDP
   VM
   Data
   Router
   service
   required to
   hop between
   tenants
   NAT required
   for public
   Internet
   access
   On/off-ramp
   required to
   get to NAS,
   etc.
   Virtual L2 segments, implemented
   in software by virtual switch
   

   View Slide

5. ☹ Unnecessary complexity
   ☹ Low scale limits
   ☹ Performance issues
   ☹ Management overhead
   ☹ Inefficient resource utilization
   ☹ Difficulty troubleshooting
   ☹ Demands placed on
   application developers to be
   networking experts
   THIS LEADS TO…
   Metaswitch Networks | Proprietary and confidential | © 2014 | 5
   ALL solutions that use
   overlay / underlay
   model suffer from
   these effects, however
   they are mitigated.
   These issues become
   critical with
   containers due to the
   higher scale than VMs
   (100s vs 10s per
   server)
   … It doesn’t have to be this way!
   

   View Slide

6. Metaswitch Networks | Proprietary and confidential | © 2014 | 6
   

   View Slide

7. WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET?
   Metaswitch Networks | Proprietary and confidential | © 2014 | 7
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   Router
   Router
   Router
   BGP BGP
   Hosts
   

   View Slide

8. WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET?
   Metaswitch Networks | Proprietary and confidential | © 2014 | 8
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   IP
   App
   BGP BGP Compute Node
   Compute Node
   VMs / LXCs
   Router
   Router
   Router
   VMs / LXCs
   

   View Slide

9. ADVANTAGES OF THE CALICO MODEL
    More scalable
    Based on proven Internet-style
   architecture
    More efficient
    Simplified data path between
   VMs and physical network
    Equal Cost Multi-Path (ECMP)
   enables full utilization of physical
   links
    Easier to troubleshoot
    Eliminates nested IP stacks
   needed for overlay-based
   networking
    More secure
    Applies traffic isolation rules at
   both egress and ingress points
    More interoperable
    Supports direct connectivity between
   VMs, Linux Containers (LXCs) and
   physical devices
    Does not require “On/Off ramps” for
   non-virtualized network elements
    More robust
    Load-balancing and resilience easily
   provided by Anycast
    More straightforward
    1:1 NAT and floating IPs are no
   longer strict requirements
    More distributable
    Supports geographically distributed
   service chains straightforwardly
   Metaswitch Networks | Proprietary and confidential | © 2014 | 9
   

   View Slide

10. DEMO TIME…
    Metaswitch Networks | Proprietary and confidential | © 2014 | 10
    CoreOS Host 1
    Policy Group 1 (“Default”)
    L2
    Policy Group 2 (“Group_A”)
    CoreOS Host 2
    Container C
    192.168.1.3
    Container B
    192.168.1.2
    Container A
    192.168.1.1
    Workloads
    Felix
    BIRD
    Calico
    Control Plane
    (‘node’
    container)
    Container E
    192.168.1.5
    Container D
    192.168.1.4
    Workloads
    Felix
    BIRD
    Calico
    Control Plane
    (‘node’
    container)
    etcd, Powerstrip etcd, Powerstrip
    Plugin.ep
    Plugin.net
    Calico
    Orchestrator
    (‘master’
    container)
    ACL
    Manager
    

    View Slide

11. DEMO TIME…
    Metaswitch Networks | Proprietary and confidential | © 2014 | 11
    CoreOS Host 1
    Policy Group 1 (“Default”)
    L2
    Policy Group 2 (“Group_A”)
    CoreOS Host 2
    Container C
    192.168.1.3
    Container B
    192.168.1.2
    Container A
    192.168.1.1
    Workloads
    Felix
    BIRD
    Calico
    Control Plane
    (‘node’
    container)
    Container E
    192.168.1.5
    Container D
    192.168.1.4
    Workloads
    Felix
    BIRD
    Calico
    Control Plane
    (‘node’
    container)
    etcd, Powerstrip etcd, Powerstrip
    Plugin.ep
    Plugin.net
    Calico
    Orchestrator
    (‘master’
    container)
    ACL
    Manager
    

    View Slide

12. DEMO
    Metaswitch Networks | Proprietary and confidential | © 2014 | 12
    

    View Slide

13. GET INVOLVED
     Main project website:
    www.projectcalico.org
     Github
     https://github.com/Metaswitch/
    calico-docker
     Mailing list:
     http://lists.projectcalico.org/listi
    nfo/calico
     Download & try it out
     We welcome your
    feedback and contributions
    Metaswitch Networks | Proprietary and confidential | © 2014 | 13
    

    View Slide