• United States

Efficient container use requires data-center software networking

Aug 14, 20185 mins
Data Center

In software-defined data centers, software networking can help container environments talk to each other and maintain network policies without needing admins to respond to each change.

With increasing use of containers by DevOps, data-center network administrators need to respond to the distinct demands they place on the network, including scalability, predictable performance, multi-tenancy and security.

Containers rely on the physical network to communicate with each other and link to other applications, and this article evaluates the data-center networking requirements for private enterprises that manage their own internal IT resources.  It excludes the data centers of hyperscale cloud providers as their requirements and resources are radically different than those of typical IT organizations.

What are containers?

Containers are a stand-alone, package of software that provides an operating-system-level virtualization to deploy distributed applications and provide server virtualization with less overhead than hypervisors. The benefits of containers include improved application performance, great density per server/core, and elastic scaling. Containers are ideal for DevOps style (micro-services-based) applications and can improve the portability of applications.

Unlike virtual machines, containers are constantly changing. They may be rapidly spun up and torn down as required by the application. Container orchestration tools, including Kubernetes, Docker and Mesos, are used to deploy and eliminate containers and to keep track of each container’s location and IP address.

Container impact on data-center networking

Container-based applications have a different architecture than the popular hypervisor-based applications.  For example, new container-based applications may have five to 10 or more micro-services all running in individual containers on different servers or cores.  The high frequency transactions between these micro-services within a single application may require low latency and significant bandwidth.  The sheer number of containers on a single server or core (dozens to 100+) can require network performance upgrades.

Container-based micro services can often move their physical location between servers and typically provide less reporting data on their location and status than corresponding hypervisor-based applications.  This makes it harder for IT professionals to “find” them and to resolve network performance issues.

Containers are used for new, DevOps-style applications and need logical isolation from network complexity.  Owners of container-based applications want to develop and scale their environment without the delays of interacting with their data-center networking teams for complex networking or security adjustments such as provisioning vLANs.

Key challenges for networking containers include:

  • Network performance at scale
  • Ease of provisioning of networking, compute, and storage resources for new applications
  • Ability to rapidly scale up (and down) bandwidth by application
  • Work load migration between internal data centers and public cloud
  • Providing application isolation to enhance security and support multi-tenancy

Container technology has its own unique management and control systems.  IT organizations will need to integrate container automation and management information into the more comprehensive data center networking management plane – especially as container deployments become more numerous, complex and strategic.

Limits of networking in container platforms

Most leading suppliers of container technologies package networking functionality as part of their offerings.  These networking protocols/technologies include Calico, Flannel and Weave.    And, container suppliers (Docker, Kubernetes, Red Hat, and Canonical) have plans to improve the scale and breadth of their container networking functionality.

While container suppliers provide easy networking for small or pilot container deployments, many customers find severe limitations on the performance and scalability of built-in container networking options. Containers need to be connected in an overall software-defined data-center network (SD-DCN) architecture with networking to and from hypervisor-based applications, among other data center resources. 

Suppliers of container software don’t offer good visibility into traffic flows and the software needs to be integrated with existing MANO (management, automation and network orchestration) platforms in the data center. IP addressing for containers can be challenging without the explicit support for vLANs, VXLANs and layer 3 routing. 

Container-networking options

IT organizations have a number of options when it comes to addressing the networking requirements of their new container deployments. If the deployments are relatively small (less than six pods) and contained to a specific application, then organizations can leverage the networking capabilities built in to their container-orchestration platform such as Docker.  If the container-based application needs integration with hypervisor-based applications then IT providers, including Red Hat, VMware, and HPE, offer solutions.

As container-based solutions become larger and more numerous, IT organizations will need to integrate them into their overall SD-DCN strategy.  The largest data-center networking suppliers (Cisco, HPE/Aruba, and Arista) all offer container networking solutions. Several independent network software suppliers offer innovative solutions to scale container deployments, including Big Switch and Cumulus.

(Disclosure: Cisco, Cumulus, HPE, Red Hat, VMware are clients of Doyle Research.)

Recommendations for IT leaders

Containers are the hot, new development environment for micro-services-type applications. Many organizations have started their experimentation with container technology to ease deployment challenges and improve application performance. As containers move from pilot to production implementations, the challenges to network them at scale and to integrate them into the SD-DCN increase.

Software networking provides the abstraction to isolate initial container deployments from the complexities of the overall data-center environment.   Software networking can help container environments scale (network with each other) and provide the abstraction to allow container environments maintain their networking polices without requiring interaction with the data-center-networking team for each change.

As container-based applications become mainstream in data-center environments, IT organizations will need to integrate them into their overall strategy for the SD-DCN and its related management/automation platforms.   IT professionals can source software-networking technology for containers from a number of large data-center suppliers and networking vendors both large and small.

lee doyle

Lee Doyle is principal analyst at Doyle Research, providing client-focused targeted analysis on the evolution of intelligent networks. He has over 25 years’ experience analyzing the IT, network, and telecom markets. Lee has written extensively on such topics as SDN, SD-WAN, NFV, enterprise adoption of networking technologies, and IT-Telecom convergence. Before founding Doyle Research, Lee was group vice president for network, telecom, and security research at IDC. Lee holds a B.A. in economics from Williams College.

More from this author