Downloaded 83 times
![© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Contiv
High-Level Architecture
Host-1
.…
Host Plug-In
Distributed
KV Store
Plug-In Logic
Contiv Host Agent
Host-n
Linux Host Routing/Switching
To Physical Network
ARP/DNS
Responder
Service LB
Route Distribution
[ BGP | RPC ]
Container Runtime
(e.g., Docker)
[ K8s| Swarm | Mesos | Nomad ]
Master-DB
Policy EngineREST Server
IPAM/
Resource-Mgmt
HA Heartbeat
Distributed
KV Store
[ Etcd | Consul ]
REST User I/F (e.g., netctl | contivctl)
API Calls to External
Orchestration Systems
e.g,. ACI, Schedulers
Health Monitoring
Contiv Master Cluster
.……
.…
BRKCLD-2024 11](https://image.slidesharecdn.com/contiv-openshift-rtp-meetup-6-2017-170619154050/75/Triangle-Kubernetes-Meetup-Container-cloud-networking-Contiv-for-K8S-Openshift-11-2048.jpg)
![© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Physical Network (Underlay Integration Options)
Native Connectivity
Infra Policy: [ Bridged | Routed ]
VLAN | IP (BGP) Handoff to Access Node
APP1 APP2APP3 APP4
Host-1 Host-n
.…
Overlay Connectivity
Infra Policy: [ Overlay ] [ Bridge | Routed ]
Overlays for Inter-Container Traffic
APP1 APP2APP3 APP4
Host-1 Host-n
.…
Any Network Topology and Container Visibility Across Physical Network
Use Case:
Private Cloud
Use Case:
Private Cloud
Public Cloud](https://image.slidesharecdn.com/contiv-openshift-rtp-meetup-6-2017-170619154050/75/Triangle-Kubernetes-Meetup-Container-cloud-networking-Contiv-for-K8S-Openshift-12-2048.jpg)
Uploaded bySanjeev Rampal
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Openshift
The document provides an overview of Contiv, an open-source container networking solution by Cisco, designed to manage networking for Kubernetes and OpenShift environments. It discusses the architecture, policy management, integration capabilities with Cisco hardware, and the benefits of using Contiv in cloud environments. Key features include rich policy models, distributed policy enforcement, and support for various container schedulers, aimed at simplifying network management for microservices and applications.
More Related Content
Similar to Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Openshift
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Openshift
- 1. Container Cloud Networking -Contiv for K8S & Openshift Triangle Kubernetes & Openshift Meetup June 2017 Sanjeev Rampal – Cisco
- 2. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public About the speaker • Current • Principal Engineer in Cloud Platforms and Solutions Group • Container platform engineering (Docker, Kubernetes, Openshift) • Contiv container networking development • Previously • Cisco Intercloud architecture and operations • Long time Cisco networking guy (Built hardware routers, ASR9K, 15454) • Twitter: @sr2357
- 3.
- 4. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public 100% Open Source The Most Powerful Container Networking Fabric L2, L3, Overlay or ACI Rich Policy Model DevOps IT Admin Any NetworkingAny Platform Any Infrastructure Application Intent Rich Policy Declarative Simple Install GUI + CLI Containers, VM, BM LDAP/RBAC Introduction to Contiv
- 5. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Contiv: How everything fits together Operational Policy Management Developer Operations Application Scheduler Node 1 Node 2 Node-n Contiv Distributed Policy Layer ... Contiv Elements Contiv UI to manage/ monitor policies/usage Distributed policy enforcement for network Integration with physical infrastructure Integrated with popular container schedulers Contiv Automatically Integrates and Enforces Developer and Operations Policies
- 6. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Contiv Modes: Works with or without Cisco hardware Application-Centric Infrastructure (ACI) • Containers integrated with APIC policies • Physical services integration Nexus Standalone or Any L2/ L3 Network • Overlay or non-overlay modes • VLAN or VxLan handoff • Optional BGP interop (standard routing protocol) Contiv Leverages Underlying Infrastructure Capabilities Requires Cisco ACI hw Does not require Cisco hw (any vendor ok)
- 7. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Introducing Contiv 1.0 What’s New: LDAP+ RBAC All New User Experience and Workflow Kubernetes 1.4 Support Docker 1.12 Support OpenShift Integration Simple Install 1 Commercially Supported Contiv will be announced shortly Cisco Advances Services Cisco Solutions Support 100% Open Source at contiv.github.io
- 8. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Challenges • Encap over encap (over encap) suffers performance • Obscures visibility, makes diagnostics/monitoring difficult • Harder to integrate with HW appliances Networking In The Container World Physical Network HypervisorHypervisor Physical Network Virtual Switching or Overlay Network C1 Cn Overlay Network - VXLAN Overlay Network - VXLAN Physical Network Hypervisor Hypervisor Host 1 Host 2 Host 2Host 1 VM1 C1 Cn Overlay Network - VXLAN VM2 C1 Cn Overlay Network - VXLAN Overlay Network - VXLAN C1 Cn Overlay Network - VXLAN VM1 VM2
- 9. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Contiv Policy Management System Node 1 Node-nNode 2 Contiv Distributed Policy Enforcement Layer Policy Distribution Policy Manager Manage/Monitor Policies/Usage/Quotas Policy Distribution Framework Integrated with Schedulers Policy Enforcement Points Integration with Cisco Infrastructure (Nexus/ACI/UCS)
- 10. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Micro-services With Contiv Micro-services isolated within the network of a tenant Web Group App Group DB Group Allow grouping of containers/pods 1 Specify policies between groups or from outside the network 2 Ability to Provide Granular Micro-service based Policies in a Scalable Way
- 11. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Contiv High-Level Architecture Host-1 .… Host Plug-In Distributed KV Store Plug-In Logic Contiv Host Agent Host-n Linux Host Routing/Switching To Physical Network ARP/DNS Responder Service LB Route Distribution [ BGP | RPC ] Container Runtime (e.g., Docker) [ K8s| Swarm | Mesos | Nomad ] Master-DB Policy EngineREST Server IPAM/ Resource-Mgmt HA Heartbeat Distributed KV Store [ Etcd | Consul ] REST User I/F (e.g., netctl | contivctl) API Calls to External Orchestration Systems e.g,. ACI, Schedulers Health Monitoring Contiv Master Cluster .…… .… BRKCLD-2024 11
- 12. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Physical Network (Underlay Integration Options) Native Connectivity Infra Policy: [ Bridged | Routed ] VLAN | IP (BGP) Handoff to Access Node APP1 APP2APP3 APP4 Host-1 Host-n .… Overlay Connectivity Infra Policy: [ Overlay ] [ Bridge | Routed ] Overlays for Inter-Container Traffic APP1 APP2APP3 APP4 Host-1 Host-n .… Any Network Topology and Container Visibility Across Physical Network Use Case: Private Cloud Use Case: Private Cloud Public Cloud
- 13. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Access-Aggregation Topology L2+ Configuration: Ease of L2, Benefits of L3: Avoids Flooding Access: N5k/N9k+N2k Optional: VMware DVS L2 Network: Statically Configured with VLAN(s)Contiv Host Networking Agg Layer: e.g., N7k/N9k SVIs Boundary DC Core L2 VPC Network .… Host-n .….… Host-2Host-1 ESX/Hyperversior Layer Contiv Host Plug-Ins
- 14. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Container Networking Options L3 Native Leaf: N3k/N9k Host BGP Peers with Leaf L3 Routing on Host Contiv Host Networking Spine Layer: e.g., N9k DC Core L3 CLOS Network .… Host-n V M V MV M V M .… V M V MV M V M .… Host-2 V M V M Host-1 V M V M Contiv Host Plug-Ins Scalable, Distributed Layer 3 Fabric
- 15. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Application Centric Infrastructure (ACI) External Network App DBWeb QoS Filter QoS Service QoS Filter ACI Fabric APIC APIC
- 16. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Benefits of Integrating Contiv with ACI • Uniform policies for any workload • VMs | Bare-Metal | Container • Policy automation for mix-mode workloads • Scale: IPs, EPGs, Networks • Performance: 40G and 100G optimized fabrics • Telemetry/Diagnostics • Container location aware physical network
- 17. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Contiv ACI Integration Container Management Unified Policy Automation and Enforcement Across BM, VM, and Containers Contiv Master Contiv APIC Gateway OVS Contiv Plugin HYPERVISORHYPERVISORHYPERVISOR Container/Pod Host Bare Metal Services
- 18. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Web Contiv Plugin Host-1 Host-n DB Web DB Container Scheduler Contiv Plugin Application Intent Tenant-1: External à Web:80 à DB:Port Tenant-2: External à Web:80 à DB:Port 2 Launching Apps across Cluster 4 DevOps Intent => ACI Policy Policy Instantiation5 Contiv Tenant/Network Creation1 Physical Network Prep 0 3 Example Workflow Network Admin DevOps Admin Contiv NetMaster
- 19.
- 20. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Host-1 Host-2 Host-n Cloud A Cloud B Demo Physical Topology
- 21. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public C11 (nginx) C12 (nginx) C21 (alpine) C22 (alpine) L7 Load balancer/ web reverse proxy (HAProxy) VM ‘Z’ Containers Cloud ‘A’ Openshift/Kubernetes VMs Cloud ‘B’ Openstack/vSphere Service 1 “default-group” Service 2 “privileged-group” Service 3 E.g. database VM Demo Application
- 22. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Host-1 Host-2 Host-n Cloud A Cloud B Demo Physical Topology
- 23. © 2017 Ciscoand/or its affiliates. All rights reserved. Cisco Public Getting More Information / Getting Started Web: http://contiv.io Live chat: contiv.slack.com
- 24.