With increasing use of containers by DevOps, data-center network administrators need to respond to the distinct demands they place on the network, including scalability, predictable performance, multi-tenancy and security.
Containers rely on the physical network to communicate with each other and link to other applications, and this article evaluates the data-center networking requirements for private enterprises that manage their own internal IT resources. It excludes the data centers of hyperscale cloud providers as their requirements and resources are radically different than those of typical IT organizations.
What are containers?
Containers are a stand-alone, package of software that provides an operating-system-level virtualization to deploy distributed applications and provide server virtualization with less overhead than hypervisors. The benefits of containers include improved application performance, great density per server/core, and elastic scaling. Containers are ideal for DevOps style (micro-services-based) applications and can improve the portability of applications.
Unlike virtual machines, containers are constantly changing. They may be rapidly spun up and torn down as required by the application. Container orchestration tools, including Kubernetes, Docker and Mesos, are used to deploy and eliminate containers and to keep track of each container’s location and IP address.
Container impact on data-center networking
Container-based applications have a different architecture than the popular hypervisor-based applications. For example, new container-based applications may have five to 10 or more micro-services all running in individual containers on different servers or cores. The high frequency transactions between these micro-services within a single application may require low latency and significant bandwidth. The sheer number of containers on a single server or core (dozens to 100+) can require network performance upgrades.
Container-based micro services can often move their physical location between servers and typically provide less reporting data on their location and status than corresponding hypervisor-based applications. This makes it harder for IT professionals to “find” them and to resolve network performance issues.
Containers are used for new, DevOps-style applications and need logical isolation from network complexity. Owners of container-based applications want to develop and scale their environment without the delays of interacting with their data-center networking teams for complex networking or security adjustments such as provisioning vLANs.
Key challenges for networking containers include:
- Network performance at scale
- Ease of provisioning of networking, compute, and storage resources for new applications
- Ability to rapidly scale up (and down) bandwidth by application
- Work load migration between internal data centers and public cloud
- Providing application isolation to enhance security and support multi-tenancy
Container technology has its own unique management and control systems. IT organizations will need to integrate container automation and management information into the more comprehensive data center networking management plane – especially as container deployments become more numerous, complex and strategic.
Limits of networking in container platforms
Most leading suppliers of container technologies package networking functionality as part of their offerings. These networking protocols/technologies include Calico, Flannel and Weave. And, container suppliers (Docker, Kubernetes, Red Hat, and Canonical) have plans to improve the scale and breadth of their container networking functionality.
While container suppliers provide easy networking for small or pilot container deployments, many customers find severe limitations on the performance and scalability of built-in container networking options. Containers need to be connected in an overall software-defined data-center network (SD-DCN) architecture with networking to and from hypervisor-based applications, among other data center resources.
Suppliers of container software don’t offer good visibility into traffic flows and the software needs to be integrated with existing MANO (management, automation and network orchestration) platforms in the data center. IP addressing for containers can be challenging without the explicit support for vLANs, VXLANs and layer 3 routing.
IT organizations have a number of options when it comes to addressing the networking requirements of their new container deployments. If the deployments are relatively small (less than six pods) and contained to a specific application, then organizations can leverage the networking capabilities built in to their container-orchestration platform