With increasing use of containers by DevOps, data-center network administrators need to respond to the distinct demands they place on the network, including scalability, predictable performance, multi-tenancy and security.\nContainers rely on the physical network to communicate with each other and link to other applications, and this article evaluates the data-center networking requirements for private enterprises that manage their own internal IT resources.\u00a0 It excludes the data centers of hyperscale cloud providers as their requirements and resources are radically different than those of typical IT organizations.\n\nWhat are containers?\nContainers are a stand-alone, package of software that provides an operating-system-level\u00a0virtualization\u00a0to deploy distributed applications and provide server virtualization with less overhead than hypervisors. The benefits of containers include improved application performance, great density per server\/core, and elastic scaling. Containers are ideal for DevOps style (micro-services-based) applications and can improve the portability of applications.\nUnlike virtual machines, containers are constantly changing. They may be rapidly spun up and torn down as required by the application. Container orchestration tools, including Kubernetes, Docker and Mesos, are used to deploy and eliminate containers and to keep track of each container\u2019s location and IP address.\nContainer impact on data-center networking\nContainer-based applications have a different architecture than the popular hypervisor-based applications.\u00a0 For example, new container-based applications may have five to 10 or more micro-services all running in individual containers on different servers or cores.\u00a0 The high frequency transactions between these micro-services within a single application may require low latency and significant bandwidth.\u00a0 The sheer number of containers on a single server or core (dozens to 100+) can require network performance upgrades.\nContainer-based micro services can often move their physical location between servers and typically provide less reporting data on their location and status than corresponding hypervisor-based applications.\u00a0 This makes it harder for IT professionals to \u201cfind\u201d them and to resolve network performance issues.\nContainers are used for new, DevOps-style applications and need logical isolation from network complexity.\u00a0 Owners of container-based applications want to develop and scale their environment without the delays of interacting with their data-center networking teams for complex networking or security adjustments such as provisioning vLANs.\nKey challenges for networking containers include:\n\nNetwork performance at scale\nEase of provisioning of networking, compute, and storage resources for new applications\nAbility to rapidly scale up (and down) bandwidth by application\nWork load migration between internal data centers and public cloud\nProviding application isolation to enhance security and support multi-tenancy\n\nContainer technology has its own unique management and control systems.\u00a0 IT organizations will need to integrate container automation and management information into the more comprehensive data center networking management plane \u2013 especially as container deployments become more numerous, complex and strategic.\nLimits of networking in container platforms\nMost leading suppliers of container technologies package networking functionality as part of their offerings.\u00a0 These networking protocols\/technologies include Calico, Flannel and Weave.\u00a0 \u00a0\u00a0And, container suppliers (Docker, Kubernetes, Red Hat, and Canonical) have plans to improve the scale and breadth of their container networking functionality.\nWhile container suppliers provide easy networking for small or pilot container deployments, many customers find severe limitations on the performance and scalability of built-in container networking options. Containers need to be connected in an overall software-defined data-center network (SD-DCN) architecture with networking to and from hypervisor-based applications, among other data center resources.\u00a0\nSuppliers of container software don\u2019t offer good visibility into traffic flows and the software needs to be integrated with existing MANO (management, automation and network orchestration) platforms in the data center. IP addressing for containers can be challenging without the explicit support for vLANs, VXLANs and layer 3 routing.\u00a0\nContainer-networking options\nIT organizations have a number of options when it comes to addressing the networking requirements of their new container deployments. If the deployments are relatively small (less than six pods) and contained to a specific application, then organizations can leverage the networking capabilities built in to their container-orchestration platform such as Docker.\u00a0 If the container-based application needs integration with hypervisor-based applications then IT providers, including Red Hat, VMware, and HPE, offer solutions.\nAs container-based solutions become larger and more numerous, IT organizations will need to integrate them into their overall SD-DCN strategy.\u00a0 The largest data-center networking suppliers (Cisco, HPE\/Aruba, and Arista) all offer container networking solutions. Several independent network software suppliers offer innovative solutions to scale container deployments, including Big Switch and Cumulus.\n(Disclosure: Cisco, Cumulus, HPE, Red Hat, VMware are clients of Doyle Research.)\nRecommendations for IT leaders\nContainers are the hot, new development environment for micro-services-type applications. Many organizations have started their experimentation with container technology to ease deployment challenges and improve application performance. As containers move from pilot to production implementations, the challenges to network them at scale and to integrate them into the SD-DCN increase.\nSoftware networking provides the abstraction to isolate initial container deployments from the complexities of the overall data-center environment.\u00a0\u00a0 Software networking can help container environments scale (network with each other) and provide the abstraction to allow container environments maintain their networking polices without requiring interaction with the data-center-networking team for each change.\nAs container-based applications become mainstream in data-center environments, IT organizations will need to integrate them into their overall strategy for the SD-DCN and its related management\/automation platforms.\u00a0\u00a0 IT professionals can source software-networking technology for containers from a number of large data-center suppliers and networking vendors both large and small.