Kubernetes meetup: Networking for Microservices

Download Kubernetes meetup: Networking for Microservices

Post on 26-Jan-2017

340 views

Category:

Technology

2 download

TRANSCRIPT

Kubernetes Meetup #8 Networking for Microservcies

Kubernetes Meetup #8Networking for MicroservciesSukhesh Halemane @shalemanJoji Mekkat @jojimt

April 21

Container Networking and Storage with Ops PoliciesProvides Northbound Integration: entire policy model exposed nativelyBesides REST interfaces, auto-generated Go/Python clientsOpen Sourced at https://github.com/contiv Contiv - IntroductionContainer ConnectivityPolicies for networking Variety of connectivity optionsWorks with Kubernetes, Docker, Mesos, NomadContiv NetworkingPolicy for volume allocationSnapshots, IOPs rate-limiting, Garbage Collection, etc.Works with DockerContiv StorageNode Discovery, InventoryNode Life-Cycle ManagementComplete Stack, managedWorks for cloud, optimized for Bare-MetalContiv Cluster

Contiv UI

Kubernetes Networking PluginKubernetes provides a very flexible and open plugin interfaceEnables wider datacenter use casesContiv NetworkingMicroservice Aware

Segmentation and policies per MicroserviceService discovery and routingApplication telemetry and visibilityPhysical Network Integration

Pure L3 Routed NetworksClassic L2 and overlay networksCisco SDN solutionsFeaturesFully multi tenantBuilt in IPAMPublic/private cloud deploymentsSingle Forwarding pipeline

High performance Openflow based pipeline in kernelHighly programmable and extensibleIP Routing, security policies, L4 load balancing and telemetry in single switching pipeline

Contiv Networking ArchitectureContiv MasterContiv MasterContiv MasterContiv MasterContiv MasterCollectorHost 1Contiv DatapathContiv AgentHost 2Contiv AgentHost 3Contiv DatapathContiv Datapath

Contiv UIContiv Agent

Microservices == Distributed SystemsProblems of distributed systemsComplex calling patternsRPC mechanisms

How can networking help?Connectivity maps: who is talking to whoHistorical Data for Application Tuning/CharacterizationNo need for code instrumentation or running agentsAlways-on logging can serve as audit trailE.g. who accessed DB tier and if they were authorized accesses

Application TelemetryWhat data to collect?Time-stamped Interactions between containers and servicesFlow level stats (5 or 7 tuple)Per container StatsRx/Tx Bytes and PacketsTCP connection lengths (Syn/Fin correlation)Security Policy violationsBandwidth consumptionChallengesGranularityBetween micro-services, Between containers, Flows (protocol/port), REST callsFrequency and samplingHow to handle transient flows?ScaleAnalyticsProviding a Nicer way to consume it

Demo

Kuber: On demand taxi appAPPDBAPPPassenger DBAPPPassenger APPAPPDBAPPDriver DBAPPDriver APPAPPDBAPPTrips DBAPPTrips APPAPPDBAPPPayments DBAPPPayments APPWebWebWebWebWebWebWebWeb

Thank you

contiv.ioFind us on Githubhttp://github.com/contiv

# 2015 Cisco and/or its affiliates. All rights reserved.