Presentation + demo at Triangle Kubernetes and Openshift Meetup June 2017. Architecture overview and live demo of Contiv open container networking project working with Red Hat Openshift Container platform.

1. Container Cloud Networking
- Contiv for K8S & Openshift
Triangle Kubernetes & Openshift Meetup
June 2017
Sanjeev Rampal – Cisco

2. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
About the speaker
• Current
• Principal Engineer in Cloud Platforms and Solutions Group
• Container platform engineering (Docker, Kubernetes, Openshift)
• Contiv container networking development
• Previously
• Cisco Intercloud architecture and operations
• Long time Cisco networking guy (Built hardware routers, ASR9K, 15454)
• Twitter: @sr2357

3. Contiv Overview &
Architecture

4. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
100% Open Source
The Most Powerful Container Networking Fabric
L2, L3, Overlay or ACI
Rich Policy Model
DevOps IT Admin
Any NetworkingAny Platform
Any Infrastructure
Application
Intent
Rich Policy
Declarative
Simple Install
GUI + CLI
Containers, VM, BM
LDAP/RBAC
Introduction to Contiv

5. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contiv: How everything fits together
Operational Policy Management
Developer Operations
Application
Scheduler
Node 1 Node 2 Node-n
Contiv Distributed Policy Layer
...
Contiv Elements
Contiv UI to manage/
monitor policies/usage
Distributed policy enforcement for
network
Integration with physical
infrastructure
Integrated with popular
container schedulers
Contiv Automatically Integrates and Enforces Developer and Operations Policies

6. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contiv Modes: Works with or without Cisco hardware
Application-Centric Infrastructure (ACI)
• Containers integrated with APIC policies
• Physical services integration
Nexus Standalone or Any L2/ L3 Network
• Overlay or non-overlay modes
• VLAN or VxLan handoff
• Optional BGP interop (standard routing protocol)
Contiv Leverages Underlying Infrastructure Capabilities
Requires Cisco
ACI hw
Does not require
Cisco hw
(any vendor ok)

7. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Introducing Contiv 1.0
What’s New:
LDAP+
RBAC
All New User
Experience
and Workflow
Kubernetes
1.4 Support
Docker 1.12
Support
OpenShift
Integration
Simple Install
1
Commercially
Supported Contiv
will be announced shortly
Cisco Advances
Services
Cisco Solutions
Support
100% Open Source at contiv.github.io

8. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Challenges
• Encap over encap (over encap) suffers performance
• Obscures visibility, makes diagnostics/monitoring difficult
• Harder to integrate with HW appliances
Networking In The Container World
Physical Network
HypervisorHypervisor
Physical Network
Virtual Switching or
Overlay Network
C1 Cn
Overlay Network
- VXLAN
Overlay Network - VXLAN
Physical Network
Hypervisor Hypervisor
Host 1 Host 2
Host 2Host 1
VM1
C1 Cn
Overlay Network
- VXLAN
VM2
C1 Cn
Overlay Network
- VXLAN
Overlay Network - VXLAN
C1 Cn
Overlay Network
- VXLAN
VM1 VM2

9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contiv Policy Management System
Node 1 Node-nNode 2
Contiv Distributed Policy Enforcement Layer
Policy
Distribution
Policy Manager
Manage/Monitor
Policies/Usage/Quotas
Policy Distribution Framework
Integrated with Schedulers
Policy Enforcement Points
Integration with Cisco
Infrastructure (Nexus/ACI/UCS)

10. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Micro-services With Contiv
Micro-services isolated within
the network of a tenant
Web
Group
App
Group
DB
Group
Allow grouping of
containers/pods
1
Specify policies between
groups or from outside the
network
2
Ability to Provide Granular Micro-service based Policies in a Scalable Way

11. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contiv
High-Level Architecture
Host-1
.…
Host Plug-In
Distributed
KV Store
Plug-In Logic
Contiv Host Agent
Host-n
Linux Host Routing/Switching
To Physical Network
ARP/DNS
Responder
Service LB
Route Distribution
[ BGP | RPC ]
Container Runtime
(e.g., Docker)
[ K8s| Swarm | Mesos | Nomad ]
Master-DB
Policy EngineREST Server
IPAM/
Resource-Mgmt
HA Heartbeat
Distributed
KV Store
[ Etcd | Consul ]
REST User I/F (e.g., netctl | contivctl)
API Calls to External
Orchestration Systems
e.g,. ACI, Schedulers
Health Monitoring
Contiv Master Cluster
.……
.…
BRKCLD-2024 11

12. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Physical Network (Underlay Integration Options)
Native Connectivity
Infra Policy: [ Bridged | Routed ]
VLAN | IP (BGP) Handoff to Access Node
APP1 APP2APP3 APP4
Host-1 Host-n
.…
Overlay Connectivity
Infra Policy: [ Overlay ] [ Bridge | Routed ]
Overlays for Inter-Container Traffic
APP1 APP2APP3 APP4
Host-1 Host-n
.…
Any Network Topology and Container Visibility Across Physical Network
Use Case:
Private Cloud
Use Case:
Private Cloud
Public Cloud

13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Access-Aggregation Topology
L2+
Configuration: Ease of L2, Benefits of L3: Avoids Flooding
Access: N5k/N9k+N2k
Optional: VMware DVS
L2 Network:
Statically Configured
with VLAN(s)Contiv Host Networking
Agg Layer: e.g., N7k/N9k SVIs Boundary
DC Core
L2 VPC Network
.…
Host-n
.….…
Host-2Host-1
ESX/Hyperversior Layer
Contiv Host Plug-Ins

14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Container Networking Options
L3 Native
Leaf: N3k/N9k
Host BGP Peers
with Leaf
L3 Routing on Host
Contiv Host Networking
Spine Layer: e.g., N9k
DC Core
L3 CLOS Network
.…
Host-n
V M V MV M V M
.…
V M V MV M V M
.…
Host-2
V M V M
Host-1
V M V M
Contiv Host Plug-Ins
Scalable, Distributed Layer 3 Fabric

15. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Centric Infrastructure (ACI)
External
Network
App DBWeb
QoS
Filter
QoS
Service
QoS
Filter
ACI Fabric
APIC
APIC

16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Benefits of Integrating Contiv with ACI
• Uniform policies for any workload
• VMs | Bare-Metal | Container
• Policy automation for mix-mode workloads
• Scale: IPs, EPGs, Networks
• Performance: 40G and 100G optimized fabrics
• Telemetry/Diagnostics
• Container location aware physical network

17. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contiv ACI Integration
Container
Management
Unified Policy Automation and Enforcement Across BM, VM, and Containers
Contiv Master
Contiv APIC Gateway
OVS Contiv Plugin
HYPERVISORHYPERVISORHYPERVISOR
Container/Pod Host
Bare
Metal
Services

18. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Web
Contiv Plugin
Host-1 Host-n
DB Web DB
Container
Scheduler
Contiv Plugin
Application Intent
Tenant-1:
External à Web:80 à
DB:Port
Tenant-2:
External à Web:80 à
DB:Port
2
Launching Apps
across Cluster
4
DevOps Intent => ACI Policy
Policy Instantiation5
Contiv Tenant/Network Creation1
Physical Network
Prep
0
3
Example Workflow
Network
Admin
DevOps Admin
Contiv
NetMaster

19. Demo

20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host-1 Host-2 Host-n
Cloud A
Cloud B
Demo Physical Topology

21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
C11 (nginx) C12 (nginx)
C21 (alpine) C22 (alpine)
L7 Load balancer/
web reverse proxy
(HAProxy)
VM ‘Z’
Containers Cloud ‘A’
Openshift/Kubernetes
VMs Cloud ‘B’
Openstack/vSphere
Service 1
“default-group”
Service 2
“privileged-group”
Service 3
E.g. database VM
Demo Application

22. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Host-1 Host-2 Host-n
Cloud A
Cloud B
Demo Physical Topology

23. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting More Information / Getting Started
Web: http://contiv.io
Live chat: contiv.slack.com

24. Thank you