northbound connections of vpp for nfv in containers and
play

Northbound Connections of VPP for NFV in Containers and Kubernetes - PowerPoint PPT Presentation

Jan 14, 2024 •148 likes •299 views

Northbound Connections of VPP for NFV in Containers and Kubernetes FastData.io VPP Billy McFall bmcfall@RedHat.com Agenda Ligato Previous Session Multus CNI / Userspace CNI Network Service Mesh Summary Multus CNI

  1. Northbound Connections of VPP for NFV in Containers and Kubernetes FastData.io – VPP Billy McFall bmcfall@RedHat.com

  2. Agenda • Ligato ← Previous Session • Multus CNI / Userspace CNI • Network Service Mesh • Summary

  3. Multus CNI / Userspace CNI What is Multus CNI? • Multus CNI is a reference implementation of the “Kubernetes Network Custom Resource Definition De-facto Standard” put forward by the Kubernetes Network Plumbing Working Group. • Multus CNI is a “meta-plugin” • Kubelet calls its one and only CNI, which in this case is Multus CNI. • Multus, based on CRD (CustomResourceDefinitions) calls multiple CNIs. • Multus returns status of default CNI (for default K8s Network) and logs results for others. • Kubernetes is only aware of Default Network. 1) Default CNI called Kubelet Default NW1 Pod K8s Network net0 Multus CNI 3) CNI 1 Results net1 eth0 CNI 1 NW2 2) Multiple CNIs CNI 2 called CNI n

  4. Multus CNI / Userspace CNI What is Userspace CNI? • Userspace CNI inserts DPDK based interfaces into a container. ● Enables high speed Userspace Interfaces in container. ● Enables L2, L3, Tunneling protocols in container. • Because it is using Multus, Kubernetes is unaware of the additional interfaces and networks. • Currently supports VPP or OvS-DPDK. 1) Default CNI called Kubelet Default NW1 Pod K8s Network net0 Multus CNI 3) CNI 1 Results net1 eth0 Example: Flannel NW2 2) Multiple CNIs Userspace CNI called Userspace CNI

  5. Multus CNI / Userspace CNI Userspace CNI – More Detail Steps: ● Creates Userspace Interface in vSwitch on host. ● Ties interface into local network. – Current: L2 (North-South Traffic) – Future: MPLS/VxLAN/etc. (East-West Traffic) ● Publishes configuration data to Pod for consumption of interface in Pod. Container Container engine engine eth0 net0 net0 eth0 vhost- user or memif vSwitch (OvS-DPDK/VPP)

  6. Network Service Mesh (NSM) What is Network Service Mesh (NSM)? ● NSM is a Service Abstraction that plugs containers into external networks (outside Kubernetes default network). Pod to Pod – Pod to External Network – NSM NW1 Node Node Pod Pod net0 net0 NW2 net1 eth0 eth0 Default K8s Network

  7. Network Service Mesh (NSM) What is Network Service Mesh (NSM)? ● NSM enables: Heterogeneous network configurations – Wide variety of tunneling protocols – On-Demand, dynamic, negotiated connections – Bringing multiple payload types into a container (Ethernet, IP, MPLS, L2TP, etc.) – ● NSM facilitates apps specifically implement network functions. ● NSM allows traditional app developers to configure the networking elements they want while hiding the complexity and “networkiness”.

  8. Network Service Mesh (NSM) ● NSM forces you to think of Networking as a Service – Creates connections with Network Service Clients and Network Service Endpoints ● Networking Payloads are not an afterthought: – Layer 2, Layer 3, MPLS Payloads – Enablement for NFV ● Plays well with Kubernetes – Does not Interfere with Kubernetes Default Networking – Kubernetes handles management and orchestration of pod while NSM handles complex networking.

  9. Summary Which is better? Ligato ● Ligato inserts Userspace into the Kubernetes default network ● Large feature set

  10. Summary Which is better? Multus CNI Ligato Userspace CNI ● Ligato inserts ● Userspace CNI inserts Userspace into the Userspace outside the Kubernetes default Kubernetes default network network ● Large feature set ● Separation of Control and Data Traffic ● Early in development

  11. Summary Which is better? Multus CNI Ligato NSM Userspace CNI ● Ligato inserts ● Userspace CNI inserts ● Provides Service Userspace into the Userspace outside the abstraction ● Inserts container Kubernetes default Kubernetes default network network networks outside the ● Large feature set ● Separation of Control Kubernetes default and Data Traffic network ● Early in development ● Could leverage Ligato or Multus if needed ● Early in development

  12. Summary Which is better? Multus CNI Ligato NSM Userspace CNI ● Ligato inserts ● Userspace CNI inserts ● Provides Service Userspace into the Userspace outside the abstraction ● Inserts container Kubernetes default Kubernetes default network network networks outside the ● Large feature set ● Separation of Control Kubernetes default and Data Traffic network ● Early in development ● Could leverage Ligato or Multus if needed ● Early in development Depends on the use-case! But all leverage the high speed and rich features of VPP!

  13. Summary Call to Action! All Projects Need Help: ● Coders ● Architects ● Valid Use Cases How can you HELP?

  14. THANK YOU !

  15. References • Ligato https://ligato.io/ – https://github.com/ligato – • Multus CNI https://github.com/intel/multus-cni – Kubernetes Network Plumbing Working Group – • Userspace CNI https://github.com/intel/userspace-cni-network-plugin – • NSM https://networkservicemesh.io/ – https://github.com/networkservicemesh/networkservicemesh –

Recommend

O c t o b e r 15, 2020 Overview Northbound Strategic Plan Vision Zero Action Plan

O c t o b e r 15, 2020 Overview Northbound Strategic Plan Vision Zero Action Plan

O c t o b e r 15, 2020 Overview Northbound Strategic Plan Vision Zero Action Plan Context Driven Initiatives What is Northbound? Northbound Strategic Plan o The Northbound Ten 5-year plan with 10 Goals o Goals we can work on

313 views • 18 slides
Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
ODOT Region 1 I-205: Johnson Creek Blvd to Glen Jackson Bridge Northbound Auxiliary Lane

ODOT Region 1 I-205: Johnson Creek Blvd to Glen Jackson Bridge Northbound Auxiliary Lane

ODOT Region 1 I-205: Johnson Creek Blvd to Glen Jackson Bridge Northbound Auxiliary Lane SE Powell Blvd to I-84 Northbound and Southbound Active Traffic Management (ATM) Schedule Advance Plans: May 31, 2018 Final

710 views • 32 slides
ODOT Region 1 I-205: Johnson Creek Blvd to Glen Jackson Bridge Northbound Auxiliary Lane

ODOT Region 1 I-205: Johnson Creek Blvd to Glen Jackson Bridge Northbound Auxiliary Lane

ODOT Region 1 I-205: Johnson Creek Blvd to Glen Jackson Bridge Northbound Auxiliary Lane SE Powell Blvd to I-84 Northbound and Southbound Active Traffic Management (ATM) Project Map Schedule Advance Plans: May 31, 2018

163 views • 15 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Securing the SDN Northbound Interface With the aid of Anomaly Detection Jan J. Laan July 2, 2015

Securing the SDN Northbound Interface With the aid of Anomaly Detection Jan J. Laan July 2, 2015

Securing the SDN Northbound Interface With the aid of Anomaly Detection Jan J. Laan July 2, 2015 Introduction Current status Anomaly detection Conclusion Introduction Traditional network Securing the SDN Northbound Interface 1 / 19

482 views • 30 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
SDN controller: Intent-based Northbound Interface realization for extended applications

SDN controller: Intent-based Northbound Interface realization for extended applications

SDN controller: Intent-based Northbound Interface realization for extended applications Introduction 1. SDN Controller 2. Intent-based Northbound Interface (NBI) 3. The Intent framework in ONOS controller 4. The proposed architecture for

440 views • 18 slides
Monitoring Containers with BPF Jonathan Perry, Flowmill Agenda / Claims Agenda / Claims 1.

Monitoring Containers with BPF Jonathan Perry, Flowmill Agenda / Claims Agenda / Claims 1.

Monitoring Containers with BPF Jonathan Perry, Flowmill Agenda / Claims Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. Agenda / Claims 1. Visibility into connections between services facilitates

1.43k views • 118 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
ODL neutron northbound boron planning feature gaps in ODL and openstack Isaku Yamahata

ODL neutron northbound boron planning feature gaps in ODL and openstack Isaku Yamahata

ODL neutron northbound boron planning feature gaps in ODL and openstack Isaku Yamahata OpenDaylight Developer Design Forum Feb 29, 2016 https://wiki.opendaylight.org/view/NeutronNorthbound:Main

366 views • 20 slides
Age genda da 1 Comments from July 2018 Public Meeting 2 Northbound Meadowbrook Entrance Ramp

Age genda da 1 Comments from July 2018 Public Meeting 2 Northbound Meadowbrook Entrance Ramp

F ORT W ORTH D ISTRICT District 95 Town Hall, Southeast Connector Update Photo by Liam Frederick I-20, I-820 & US 287 November 8, 2018 Age genda da 1 Comments from July 2018 Public Meeting 2 Northbound Meadowbrook Entrance Ramp

617 views • 44 slides
The proposed containers are "Flat-pack" type. Disassembled and reduced as

The proposed containers are "Flat-pack" type. Disassembled and reduced as

CON-IMEX CONTAINERS 2009 AKAR Logistics 70 Beecham Court Owings Mills, MD 21117 USA Sophia Akar Tel: + 410-961-7232 / + 410-961-0327 Fax: + 410-356-8267 sophia@akarlogistics.com 1 / 20 GENERAL The proposed containers are

313 views • 20 slides
Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk Introductions David Porter Fairport Containers Director Steve Collinson Managing Director Fairport Containers Ltd Tam Unsworth Recycling Banks

552 views • 28 slides
Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt Innsbruck Innsbruck Nov 2018 Overview Preliminaries Why containers Understanding Containers vs. Virtual Machines Comparison of

482 views • 37 slides
Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende Globo.com About me Software Engineer at Globo.com/Tsuru @guilhermebr (GitHub) in/guilhermebr (LinkedIn) @gbrezende (Twitter) Agenda Cloud Native

636 views • 45 slides
PROJECT BRIEF October 12, 2016 VIA EDSA (FROM MAKATI) Take EDSA heading Northbound Stay on the

PROJECT BRIEF October 12, 2016 VIA EDSA (FROM MAKATI) Take EDSA heading Northbound Stay on the

PROJECT BRIEF October 12, 2016 VIA EDSA (FROM MAKATI) Take EDSA heading Northbound Stay on the right side as you approach Cloverleaf interchange Turn right to Cloverleaf Interchange via To Manila ramp Exit towards A. Bonifacio Avenue

754 views • 46 slides
NORTHBOUND NORTHWESTERN HWY SERVICE DRIVE ROAD REHABILITATION SOUTHFIELD RD TO LAHSER RD March

NORTHBOUND NORTHWESTERN HWY SERVICE DRIVE ROAD REHABILITATION SOUTHFIELD RD TO LAHSER RD March

NORTHBOUND NORTHWESTERN HWY SERVICE DRIVE ROAD REHABILITATION SOUTHFIELD RD TO LAHSER RD March 26, 2018 PROJECT LIMITS EAST OF LAHSER RD WEST OF SOUTHIELD RD NB NORTHWESTERN HWY SERVICE DRIVE Overview Concrete patching with asphalt

524 views • 7 slides
Linear connections on Lie groups The affine space of linear connections on a compact Lie group G

Linear connections on Lie groups The affine space of linear connections on a compact Lie group G

Linear connections on Lie groups The affine space of linear connections on a compact Lie group G contains a distinguished line segment with endpoints the connections L and R which make left (resp. right) invariant vector fields parallel.

240 views • 20 slides

More recommend