This document summarizes a presentation about Contiv, an open source container networking solution. It introduces Contiv as a way to define and enforce network policies across infrastructure to integrate application intent with operational intent. Key features of Contiv highlighted include providing container networking for schedulers like Kubernetes and Docker, distributed policy enforcement, integration with physical infrastructure, and supporting rich network policies, tenants, and microservices. The presentation concludes with a demo of Contiv's network isolation and policy capabilities.
Introduction to the Container Networking and Security
Semelhante a Microservices and containers networking: Contiv, an industry leading open source solution from Cisco - Luca Relandini - Codemotion Amsterdam 2017
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...NetworkCollaborators
Semelhante a Microservices and containers networking: Contiv, an industry leading open source solution from Cisco - Luca Relandini - Codemotion Amsterdam 2017 (20)
39. Policies are applied to Groups
Finally, we associate the policy with a group (a group is an arbitrary collection of containers,
e.g. a tier for a microservice) and then run some containers that belong to db group
Let’s create two more containers:
The policy db-policy (ports open and closed) is applied to all the 3 containers:
Managing many end points as a single object makes it easy and fast, think about auto-scaling
(especially when integrated with Swarm, Kubernetes, etc.)
40. Contiv is Microservices Ready
• Support for grouping Applications
• Allows scale-out instances of container applications to be grouped together
• Policies specified on a micro-service tier, rather than individual container workloads
• Efficient forwarding between Microservice tiers
• Allows a fixed (DNS published) VIP for a micro-service
• Containers within the micro-services can come and go
• Their IP addresses are mapped to the service IP for east-west traffic
• Eliminates single point of forwarding (proxy) between micro-service tiers
• Application visibility at service levels (across the cluster)
Web
Group
App
Group
DB
Group
Allow grouping of
containers/pods
Specify Policies
between groups or
from outside the
network