SlideShare a Scribd company logo

Metaswitch Project Calico

Andrew Kennedy
Andrew Kennedy

Talk by Peter White from Metaswitch on Project Calico at Edinburgh Docker Meetup on 20 March 2015

Technology
1 of 16
Download to read offline
THE BRAINS OF THE NEW GLOBAL NETWORK CALICO AND CONTAINERS – SIMPLE IP NETWORKING Peter White 19th March 2015
!  A bit about Calico !  what it is !  motivation !  how it works !  what it does !  Containers with Calico AGENDA Metaswitch Networks | Proprietary and confidential | © 2014 | 2
!  Open source (Apache licensed) project !  Networking of workloads in a data center / cloud environment !  Sponsored by Metaswitch WHAT IS CALICO? Metaswitch Networks | Proprietary and confidential | © 2014 | 3 SimpleScale Open Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Open source and open standards
!  You shouldn’t need to know or care! !  (up to a point) !  Networking needs to just work and not get in the way !  But there’s a risk that containers get as hard as VMs !  and that is very very bad indeed WHY SHOULD I CARE ABOUT NETWORKING? Metaswitch Networks | Proprietary and confidential | © 2014 | 4
Virtual L2 segments, implemented in software by virtual switch TRADITIONAL VIRTUALISED NETWORKING MODEL Metaswitch Networks | Proprietary and confidential | © 2014 | 5 vSwitch vSwitch vSwitch Linux Linux Linux Encap / de- encap (& flooding!) Outer MAC Outer IP Outer UDP VXLAN VM MAC VM IP VM TCP/UDP VM Data Router service required to hop between tenants NAT required for public Internet access On/off-ramp required to get to NAS, etc. Virtual L2 segments, implemented in software by virtual switch
☹  Complexity ☹  Scale / performance issues ☹  Operational overhead ☹  Inefficient resource utilization ☹  Difficulty troubleshooting ☹  Demands placed on everybody to be networking experts THIS LEADS TO… Metaswitch Networks | Proprietary and confidential | © 2014 | 6 … It doesn’t have to be this way!
Metaswitch Networks | Proprietary and confidential | © 2014 | 7
WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET? Metaswitch Networks | Proprietary and confidential | © 2014 | 8 IP App IP App IP App IP App IP App IP App IP App IP App Router Router Router BGP BGP Hosts
WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET? Metaswitch Networks | Proprietary and confidential | © 2014 | 9 IP App IP App IP App IP App IP App IP App IP App IP App BGP BGP Compute NodeCompute Node VMs / LXCs Router Router Router VMs / LXCs
ADVANTAGES OF THE CALICO MODEL !  More scalable !  Based on proven Internet-style architecture !  More efficient !  Simplified data path between VMs and physical network !  Equal Cost Multi-Path (ECMP) enables full utilization of physical links !  Easier to troubleshoot !  Eliminates nested IP stacks needed for overlay-based networking !  More secure !  Applies traffic isolation rules at both egress and ingress points !  More interoperable !  Supports direct connectivity between VMs, Linux Containers (LXCs) and physical devices !  Does not require “On/Off ramps” for non-virtualized network elements !  More robust !  Load-balancing and resilience easily provided by Anycast !  More straightforward !  1:1 NAT and floating IPs are no longer strict requirements !  More distributable !  Supports geographically distributed service chains straightforwardly Metaswitch Networks | Proprietary and confidential | © 2014 | 10
!  We did it for OpenStack first !  But the same problems apply in container-land !  Complexity !  Diagnosability !  Scale !  Performance !  Only potentially much worse !  More containers per host (100s, not 10s) !  Shorter lifetimes (hours vs. days) CONTAINERS VS. VMS Metaswitch Networks | Proprietary and confidential | © 2014 | 11
!  Each container gets an IP !  Each container gets a veth interface for that IP !  Routing “just happens” !  Calico components set up rules in the Linux kernel for the interface !  BGP replicates those rules around between hosts !  ACLs are implemented using iptables / ipsets !  For example, disallowing containers in tenant A to access containers in tenant B !  For example, allowing incoming traffic based on source, port, protocol CONTAINERS WITH CALICO Metaswitch Networks | Proprietary and confidential | © 2014 | 12
!  Install some Calico components !  When you create a container, assign an IP address !  We use powerstrip, so ordinary Docker commands just work !  Containers must be assigned to security groups !  Simplified security model for now; underlying code supports more WHAT DOES THIS LOOK LIKE TO AN ORCHESTRATOR? Metaswitch Networks | Proprietary and confidential | © 2014 | 13
!  Your containers each have an IP address !  All of your containers can contact one another !  regardless of whether they are on the same host !  but not containers of other tenants !  more complex security models are supported by Calico WHAT DOES THIS LOOK LIKE TO A TENANT? Metaswitch Networks | Proprietary and confidential | © 2014 | 14
!  Fire up an etcd cluster !  Download the Calico Docker binaries from GitHub !  Set up the hosts !  under the covers, this fires up some Calico containers to do the work !  these automatically download the main Calico code !  Start up containers as usual, with a new “CALICO_IP” argument !  Use a command line tool (or RESTful API) to configure groups and security WHAT DOES THIS LOOK LIKE TO A DEVELOPER? Metaswitch Networks | Proprietary and confidential | © 2014 | 15
RESOURCES !  Main project website: www.projectcalico.org !  Github !  https://github.com/Metaswitch/ calico-docker !  https://github.com/Metaswitch/ calico !  Mailing list: !  http://lists.projectcalico.org/ listinfo/calico !  Download and try it out !  We welcome your feedback and contributions Metaswitch Networks | Proprietary and confidential | © 2014 | 16

Recommended

Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and Docker
Andrew Kennedy
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project Calico
Andrew Kennedy
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Andrew Randall
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Packet
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Emma Gordon
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platform
Packet
 
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Karthik Prabhakar
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about Packet
Packet
 

Recommended

Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and Docker
Andrew Kennedy
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project Calico
Andrew Kennedy
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Andrew Randall
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Packet
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Emma Gordon
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platform
Packet
 
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
Karthik Prabhakar
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about Packet
Packet
 
Introduction to the Container Networking and Security
Introduction to the Container Networking and SecurityIntroduction to the Container Networking and Security
Introduction to the Container Networking and Security
Cloud 66
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
Andrew Randall
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetes
Anirban Sen Chowdhary
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vms
LibbySchulze1
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Sanjeev Rampal
 
Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introduction
Hazzim Anaya
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
Weaveworks
 
20170705 kubernetes with calico
20170705 kubernetes with calico20170705 kubernetes with calico
20170705 kubernetes with calico
Isaac Tseng
 
Calico with docker
Calico with dockerCalico with docker
Calico with docker
D.Rajesh Kumar
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
Ben Hall
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no video
Andrew Randall
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
Cloud Native Day Tel Aviv
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Sanjeev Rampal
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
inwin stack
 
Container Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor SalcedaContainer Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor Salceda
Cloud Native Day Tel Aviv
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of Things
All Things Open
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
Jeremy Schulman
 
The Truth Behind Serverless
The Truth Behind ServerlessThe Truth Behind Serverless
The Truth Behind Serverless
Docker, Inc.
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8S
Yi-Fu Ciou
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
KCDItaly
 
Calico to secure host interfaces
Calico to secure host interfacesCalico to secure host interfaces
Calico to secure host interfaces
D.Rajesh Kumar
 
Getting started with k8
Getting started with k8Getting started with k8
Getting started with k8
Anirban Sen Chowdhary
 

More Related Content

What's hot

Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introduction
Hazzim Anaya
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
KCDItaly
 

What's hot (20)

Introduction to the Container Networking and Security
Introduction to the Container Networking and SecurityIntroduction to the Container Networking and Security
Introduction to the Container Networking and Security
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetes
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vms
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
 
Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introduction
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
20170705 kubernetes with calico
20170705 kubernetes with calico20170705 kubernetes with calico
20170705 kubernetes with calico
 
Calico with docker
Calico with dockerCalico with docker
Calico with docker
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no video
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
 
Container Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor SalcedaContainer Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor Salceda
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of Things
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
 
The Truth Behind Serverless
The Truth Behind ServerlessThe Truth Behind Serverless
The Truth Behind Serverless
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8S
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
 

Viewers also liked

Viewers also liked (8)

Calico to secure host interfaces
Calico to secure host interfacesCalico to secure host interfaces
Calico to secure host interfaces
 
Getting started with k8
Getting started with k8Getting started with k8
Getting started with k8
 
Getting started with k8 part2
Getting started with k8 part2Getting started with k8 part2
Getting started with k8 part2
 
Calico in networking mode
Calico in networking modeCalico in networking mode
Calico in networking mode
 
Deploying calico on docker
Deploying calico on dockerDeploying calico on docker
Deploying calico on docker
 
Getting started with project calico
Getting started with project calicoGetting started with project calico
Getting started with project calico
 
Calico architecture
Calico architectureCalico architecture
Calico architecture
 
Drive into calico architecture
Drive into calico architectureDrive into calico architecture
Drive into calico architecture
 

Similar to Metaswitch Project Calico

The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
buildacloud
 
(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC
(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC
(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC
Amazon Web Services
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
Eric Zhaohui Ji
 

Similar to Metaswitch Project Calico (20)

Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
 
How (and why!) we built Packet
How (and why!) we built Packet How (and why!) we built Packet
How (and why!) we built Packet
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
 
Vbrownbag container networking for real workloads
Vbrownbag container networking for real workloadsVbrownbag container networking for real workloads
Vbrownbag container networking for real workloads
 
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationDocker cloud hybridation & orchestration
Docker cloud hybridation & orchestration
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 
(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC
(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC
(NET409) How Twilio Migrated Its Services from EC2-Classic to EC2-VPC
 
Connecting Docker for Cloud IaaS (Speech at CSDN-Oct18
Connecting Docker for Cloud IaaS (Speech at CSDN-Oct18Connecting Docker for Cloud IaaS (Speech at CSDN-Oct18
Connecting Docker for Cloud IaaS (Speech at CSDN-Oct18
 
ENSA_Module_8.pptx
ENSA_Module_8.pptxENSA_Module_8.pptx
ENSA_Module_8.pptx
 
CA Performance Manager Agility by using Docker Containers for Network Manag...
CA Performance Manager Agility by using Docker Containers for Network Manag...CA Performance Manager Agility by using Docker Containers for Network Manag...
CA Performance Manager Agility by using Docker Containers for Network Manag...
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
 
Simplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoSimplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project Calico
 
Cloud Foundry Marketplace
Cloud Foundry MarketplaceCloud Foundry Marketplace
Cloud Foundry Marketplace
 
Docker Seattle Meetup, May 2017
Docker Seattle Meetup, May 2017Docker Seattle Meetup, May 2017
Docker Seattle Meetup, May 2017
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centre
 
HiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integrationHiveMQ + Kafka: The ideal solution for IoT MQTT data integration
HiveMQ + Kafka: The ideal solution for IoT MQTT data integration
 
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014
 
Achieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStackAchieving Network Deployment Flexibility with Mirantis OpenStack
Achieving Network Deployment Flexibility with Mirantis OpenStack
 
Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
 

More from Andrew Kennedy

More from Andrew Kennedy (20)

Hyperledger Lightning Talk
Hyperledger Lightning TalkHyperledger Lightning Talk
Hyperledger Lightning Talk
 
Orchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using ContainersOrchestraing the Blockchain Using Containers
Orchestraing the Blockchain Using Containers
 
Multi-Container Applications Spanning Docker, Mesos and OpenStack
Multi-Container Applications Spanning Docker, Mesos and OpenStackMulti-Container Applications Spanning Docker, Mesos and OpenStack
Multi-Container Applications Spanning Docker, Mesos and OpenStack
 
Containers: Beyond the Basics
Containers: Beyond the BasicsContainers: Beyond the Basics
Containers: Beyond the Basics
 
Running Docker in Production
Running Docker in ProductionRunning Docker in Production
Running Docker in Production
 
Using Clocker with Project Calico - Running Production Workloads in the Cloud
Using Clocker with Project Calico - Running Production Workloads in the CloudUsing Clocker with Project Calico - Running Production Workloads in the Cloud
Using Clocker with Project Calico - Running Production Workloads in the Cloud
 
Clocker Now and Next
Clocker Now and NextClocker Now and Next
Clocker Now and Next
 
Introducing the Open Container Project
Introducing the Open Container ProjectIntroducing the Open Container Project
Introducing the Open Container Project
 
Clocker 1.0.0 Preview
Clocker 1.0.0 PreviewClocker 1.0.0 Preview
Clocker 1.0.0 Preview
 
Bringing Docker to the Cloud
Bringing Docker to the CloudBringing Docker to the Cloud
Bringing Docker to the Cloud
 
Simulating Production with Clocker
Simulating Production with ClockerSimulating Production with Clocker
Simulating Production with Clocker
 
Clocker - How to Train your Docker Cloud
Clocker - How to Train your Docker CloudClocker - How to Train your Docker Cloud
Clocker - How to Train your Docker Cloud
 
Clocker - The Docker Cloud Maker
Clocker - The Docker Cloud MakerClocker - The Docker Cloud Maker
Clocker - The Docker Cloud Maker
 
Docker Networking with Clocker and Weave
Docker Networking with Clocker and WeaveDocker Networking with Clocker and Weave
Docker Networking with Clocker and Weave
 
Deploying Complex Applications on Docker using Apache Brooklyn
Deploying Complex Applications on Docker using Apache BrooklynDeploying Complex Applications on Docker using Apache Brooklyn
Deploying Complex Applications on Docker using Apache Brooklyn
 
Deploying Complex Applications on Docker using Apache Brooklyn
Deploying Complex Applications on Docker using Apache BrooklynDeploying Complex Applications on Docker using Apache Brooklyn
Deploying Complex Applications on Docker using Apache Brooklyn
 
Clocker Evolution
Clocker EvolutionClocker Evolution
Clocker Evolution
 
Clocker: Docker in the Cloud
Clocker: Docker in the CloudClocker: Docker in the Cloud
Clocker: Docker in the Cloud
 
Clocker and OpenStack
Clocker and OpenStackClocker and OpenStack
Clocker and OpenStack
 
Introducing Clocker
Introducing ClockerIntroducing Clocker
Introducing Clocker
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Metaswitch Project Calico

  • 1. THE BRAINS OF THE NEW GLOBAL NETWORK CALICO AND CONTAINERS – SIMPLE IP NETWORKING Peter White 19th March 2015
  • 2. !  A bit about Calico !  what it is !  motivation !  how it works !  what it does !  Containers with Calico AGENDA Metaswitch Networks | Proprietary and confidential | © 2014 | 2
  • 3. !  Open source (Apache licensed) project !  Networking of workloads in a data center / cloud environment !  Sponsored by Metaswitch WHAT IS CALICO? Metaswitch Networks | Proprietary and confidential | © 2014 | 3 SimpleScale Open Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Open source and open standards
  • 4. !  You shouldn’t need to know or care! !  (up to a point) !  Networking needs to just work and not get in the way !  But there’s a risk that containers get as hard as VMs !  and that is very very bad indeed WHY SHOULD I CARE ABOUT NETWORKING? Metaswitch Networks | Proprietary and confidential | © 2014 | 4
  • 5. Virtual L2 segments, implemented in software by virtual switch TRADITIONAL VIRTUALISED NETWORKING MODEL Metaswitch Networks | Proprietary and confidential | © 2014 | 5 vSwitch vSwitch vSwitch Linux Linux Linux Encap / de- encap (& flooding!) Outer MAC Outer IP Outer UDP VXLAN VM MAC VM IP VM TCP/UDP VM Data Router service required to hop between tenants NAT required for public Internet access On/off-ramp required to get to NAS, etc. Virtual L2 segments, implemented in software by virtual switch
  • 6. ☹  Complexity ☹  Scale / performance issues ☹  Operational overhead ☹  Inefficient resource utilization ☹  Difficulty troubleshooting ☹  Demands placed on everybody to be networking experts THIS LEADS TO… Metaswitch Networks | Proprietary and confidential | © 2014 | 6 … It doesn’t have to be this way!
  • 7. Metaswitch Networks | Proprietary and confidential | © 2014 | 7
  • 8. WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET? Metaswitch Networks | Proprietary and confidential | © 2014 | 8 IP App IP App IP App IP App IP App IP App IP App IP App Router Router Router BGP BGP Hosts
  • 9. WHAT IF WE BUILT A DATA CENTER LIKE THE INTERNET? Metaswitch Networks | Proprietary and confidential | © 2014 | 9 IP App IP App IP App IP App IP App IP App IP App IP App BGP BGP Compute NodeCompute Node VMs / LXCs Router Router Router VMs / LXCs
  • 10. ADVANTAGES OF THE CALICO MODEL !  More scalable !  Based on proven Internet-style architecture !  More efficient !  Simplified data path between VMs and physical network !  Equal Cost Multi-Path (ECMP) enables full utilization of physical links !  Easier to troubleshoot !  Eliminates nested IP stacks needed for overlay-based networking !  More secure !  Applies traffic isolation rules at both egress and ingress points !  More interoperable !  Supports direct connectivity between VMs, Linux Containers (LXCs) and physical devices !  Does not require “On/Off ramps” for non-virtualized network elements !  More robust !  Load-balancing and resilience easily provided by Anycast !  More straightforward !  1:1 NAT and floating IPs are no longer strict requirements !  More distributable !  Supports geographically distributed service chains straightforwardly Metaswitch Networks | Proprietary and confidential | © 2014 | 10
  • 11. !  We did it for OpenStack first !  But the same problems apply in container-land !  Complexity !  Diagnosability !  Scale !  Performance !  Only potentially much worse !  More containers per host (100s, not 10s) !  Shorter lifetimes (hours vs. days) CONTAINERS VS. VMS Metaswitch Networks | Proprietary and confidential | © 2014 | 11
  • 12. !  Each container gets an IP !  Each container gets a veth interface for that IP !  Routing “just happens” !  Calico components set up rules in the Linux kernel for the interface !  BGP replicates those rules around between hosts !  ACLs are implemented using iptables / ipsets !  For example, disallowing containers in tenant A to access containers in tenant B !  For example, allowing incoming traffic based on source, port, protocol CONTAINERS WITH CALICO Metaswitch Networks | Proprietary and confidential | © 2014 | 12
  • 13. !  Install some Calico components !  When you create a container, assign an IP address !  We use powerstrip, so ordinary Docker commands just work !  Containers must be assigned to security groups !  Simplified security model for now; underlying code supports more WHAT DOES THIS LOOK LIKE TO AN ORCHESTRATOR? Metaswitch Networks | Proprietary and confidential | © 2014 | 13
  • 14. !  Your containers each have an IP address !  All of your containers can contact one another !  regardless of whether they are on the same host !  but not containers of other tenants !  more complex security models are supported by Calico WHAT DOES THIS LOOK LIKE TO A TENANT? Metaswitch Networks | Proprietary and confidential | © 2014 | 14
  • 15. !  Fire up an etcd cluster !  Download the Calico Docker binaries from GitHub !  Set up the hosts !  under the covers, this fires up some Calico containers to do the work !  these automatically download the main Calico code !  Start up containers as usual, with a new “CALICO_IP” argument !  Use a command line tool (or RESTful API) to configure groups and security WHAT DOES THIS LOOK LIKE TO A DEVELOPER? Metaswitch Networks | Proprietary and confidential | © 2014 | 15
  • 16. RESOURCES !  Main project website: www.projectcalico.org !  Github !  https://github.com/Metaswitch/ calico-docker !  https://github.com/Metaswitch/ calico !  Mailing list: !  http://lists.projectcalico.org/ listinfo/calico !  Download and try it out !  We welcome your feedback and contributions Metaswitch Networks | Proprietary and confidential | © 2014 | 16