GP - Fotolia


Software-defined networking products to enable scalable container deployment

Container deployments enable the rapid introduction of new applications, but they can also cause networking problems at scale. Analyst Lee Doyle says software-defined networking products will change that.

Containers -- with their ability to enable the rapid deployment of new applications -- represent one of the hottest trends in the IT developer community. To move to production container deployment, however, IT staff will need SDN technology to enable scalable, manageable and secure communications between distributed micro-applications.

What are containers?

Containers accelerate application portability and allow deployment of microservices by improving hardware utilization. Each container is provisioned only with resources needed for a given application. Unlike virtual machines, containers have no need for embedded operating systems. Rather, they encapsulate discrete components of application logic to enable highly efficient, easily portable applications.

Benefits of container deployment

Containers are designed to support the disaggregation of applications into microservice components. These components can then be distributed across a range of compute resources, including those in the data center or public cloud. Developers can migrate containers between servers or virtual machines (VMs) and make changes to the application without concerns for software and compute dependencies. Containers thereby enable DevOps personnel to rapidly deploy new applications, such as big data analytics.

Networking requirements for container deployment

Modern application design typically consists of numerous sub-applications that need low-latency communications between microservices. These sub-applications may rapidly migrate to separate logical or physical hosts, and the network needs to be able to continuously and automatically deliver connectivity services. Security of the traffic flows between containers can be another key concern.

The current state of built-in container networking is best described as rudimentary (not unlike early OpenStack networking capabilities). In order to scale a container deployment into a production-ready system, additional network functionality is required to automatically provision and manage virtual connectivity between dozens -- or hundreds -- of microservices. For example, in a wide area network where container communications occur between data centers and/or the public cloud, the routing of IP addresses and network address translation can cause concern.

SDN provides flexible networking for containers

These current networking limitations present a major container deployment challenge. The basic capabilities included in software such as Docker are poorly suited to network a large number of rapidly migrating micro-applications. SDN, however, can provide the virtual connections and centralized intelligence to automate provisioning and management as the location or requirements of the container change.

Developers want to abstract the application from the network infrastructure, but need visibility to troubleshoot in the event of a performance slowdown or security breech. SDN products can also provide this visibility, allowing IT to monitor container traffic flows and providing tools for service assurance and resolution of trouble tickets.

SDN and container suppliers

A number of suppliers address the networking concerns of containers and mixed VM and container environments. The two SDN leaders -- Cisco ACI and VMware NSX -- have both incorporated support for container deployment in their SDN products. Other suppliers that support container networking include: Microsoft, Google, Hewlett Packard Enterprise, Juniper, Nokia (Nuage), Pluribus, Big Switch, PLUMgrid and Midokura.

From the container-software side, companies such as Docker, Canonical, Red Hat, CoreOS and others are working on enhancing the networking capabilities of containers.

Recommendations for IT leaders

Containerization is rapidly becoming a critical part of an agile IT strategy and can accelerate the migration to a DevOps style of rapid application development. Like all new technologies, container development is a work in progress and will take time to mature -- much like OpenStack did. Most IT organizations will need to manage applications running on a wide range of operating systems, VMs and containers -- hosted in a hybrid environment with private data centers and public clouds.

Off-the-shelf containers generally provide only lightweight networking capabilities. Network abstraction can accelerate application development. But sophisticated network capabilities are required to manage and secure the communications between large numbers of distributed, container-based microservices. SDN products can provide the virtual connectivity, automated provisioning/management, and visibility to deploy containers at scale. SDN products will also be a key part of providing secure communications between containers.

Next Steps

Where Docker and SDN intersect

Alleviate container networking challenges

Will containers and SDN coexist?

This was last published in April 2016

Dig Deeper on Software-defined networking