Sashkin - Fotolia

Manage Learn to apply best practices and optimize your operations.

SDN is viable approach to networking containers

SDN and other software-based approaches could be key requirements for networking containers, especially when it comes to providing scalability and visibility.

Container-based platforms enable the development of microservices and are rapidly gaining adoption in many organizations....

But developing applications on container platforms creates new networking challenges for organizations. IT leaders have the option of deploying network-specific software to ease the process of networking containers and implementation, or they can rely on open source network capabilities paired with container software.

A container is a lightweight, stand-alone software package that provides an operating-system level of virtualization to deploy distributed applications. Containers provide server virtualization and application portability without the overhead, or processor resources, associated with a hypervisor. The benefits of containers include improved application performance, greater density per server and dynamic application capacity. Containers are ideal for microservices-based applications and can enable application migration between local and cloud-based platforms.

Requirements for networking containers

Software-based networking is a critical component of container adoption. New network capabilities are needed to support the sheer number of individual containers on a server, application portability and changing traffic patterns. Distributed microservices running at scale can create a tremendous volume of network traffic between individual containers.

Most organizations will find that SDN capabilities from network or IT suppliers will make it easier to integrate containers into their existing network environments.

A leading concern for container networking is the potential increase in east-west traffic in the data center and even between container-based applications within a single server. Key challenges for networking containers include networking performance, automated provisioning of appropriate network resources, and visibility and network management.

Network security is also a concern for containers. Containers may address some security concerns through container isolation but may create other unknown vulnerabilities. Some current security technologies, like secure web gateways and VPNs, will easily support the migration to containers, while others may not.

What about the network?

Like the introduction of virtual machines, containers require new capabilities that are not typically supported by existing networks. Containers provide less information about their physical location, which makes it harder to connect them and to resolve any network issues like slowdowns. For example, new architectures may have more than five microservices on different containers in different locations -- all with high-frequency interactions. Networking professionals will need visibility into data flows to and from containers to tune their interactions with the physical network.

While many container software platforms offer connectivity, they often fail to provide the scalability, performance assurance and reliability required by production software systems. For example, most container platforms do not support Layer 3 routing, IPv6, flexible IP addressing or virtual LANs -- all important networking features delivered by SDN. In addition, micro applications may need to provide or receive information and data from noncontainerized applications on premises or in the cloud.

As container-based applications scale and become production-ready, the network must be able to deliver the following services and features:

  • Predictable performance at scale
  • Low latency
  • Multi-tenancy
  • Data flows between hypervisor and legacy apps
  • Security

Large organizations planning to implement containers will need to evaluate how provisioning for networking containers fits within their existing management, orchestration and automation architecture. For example, how will containers interact with existing OpenStack and VMware management and orchestration platforms?

Suppliers to consider for container networking

Networking capabilities can be built into container software or provided by third-party network software. Container suppliers and standards groups have developed a number of technologies that link containers to the physical network, including Istio, Weave Net, Project Calico and Flannel. Docker, Kubernetes, Canonical and CoreOS are all working to improve the networking capabilities of their existing container offerings.

Other suppliers to consider include:

  • IT software providers like VMware, Hewlett Packard Enterprise, Red Hat and others;
  • Network suppliers like Cisco, Aruba, Dell Technologies, Arista and Nokia's Nuage Networks;
  • application delivery controller specialists like F5, Citrix and A10; and
  • SDN specialists like Big Switch Networks and Cumulus Networks.

Many other networking suppliers will improve their support for containers over the next 12 months.

Recommendations for networking containers

Early implementations have proven that the benefits of containers are real, especially for new microservices applications. Containers improve performance and provide enhanced application portability. Most organizations, with the notable exception of the hyperscale cloud providers, are in the early stages of container implementation. Networking containers in the lab or a controlled proof of concept is relatively easy. Providing networking at scale with appropriate quality of service for containers remains challenging, however.

IT professionals need to evaluate how container-based applications will fit into their overall orchestration and automation plans in conjunction with hypervisors and nonvirtualized applications. Most organizations will find that SDN capabilities from network or IT suppliers will make it easier to integrate containers into their existing network environments.

This was last published in December 2017

Dig Deeper on Software-defined networking