SlideShare uma empresa Scribd logo

Microservices and containers networking: Contiv, an industry leading open source solution from Cisco - Luca Relandini - Codemotion Amsterdam 2017

Codemotion
Codemotion

This document summarizes a presentation about Contiv, an open source container networking solution. It introduces Contiv as a way to define and enforce network policies across infrastructure to integrate application intent with operational intent. Key features of Contiv highlighted include providing container networking for schedulers like Kubernetes and Docker, distributed policy enforcement, integration with physical infrastructure, and supporting rich network policies, tenants, and microservices. The presentation concludes with a demo of Contiv's network isolation and policy capabilities.

Tecnologia
1 de 44
Baixar para ler offline
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco Contiv: Network Policies for Microservices Luca Relandini @lucarelandini AMSTERDAM 16 - 17 MAY 2017
• Containers and Microservices in production • Introduction – Why Contiv? • What is Contiv? • Demo • Summary Agenda
Introduction: Microservices and Containers... Though you already know them
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Key Use Cases for Containers and Microservices Cloud Microservices Cloud Migration Hybrid Cloud Multi-Cloud Containerization Microservices App Modernization DevOps CI/CD Self Service DevOps
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Containers and Microservices container Your code Your startup scripts Code dependencies Should deploy with exactly the same behavior on any host/VM that can run containers Orders Wishlist Payment
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Cloud Native FROM TO Microservices - Impact on IT Operations DevOps Shared Responsibility Common Incentives, Tools, Process and Culture Not My Problem Separate Tools, Varied Incentives, Opaque Process Continuous Delivery Release Early and Often Higher Quality of Code Release Once Every 6 Months More Bugs in Production Microservices Loosely Coupled Components Automated Deploy Without Waiting on Individual Components Tightly Coupled Components Slow Deployment Cycles Waiting on Integrated Tests Teams Traditional IT
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Containers Help to Achieve Agile App Development Stage/ Production TestDevelopment Version Control SysAdmin QA/QEDeveloper Different players in the game
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 But... There are Concerns in Containers Adoption What slows an organization’s use of containers? 75% 71% 64% 62% 61% Security Networking Performance Integration Management Source: n= 124 to-date, IDC custom survey, study commissioned by Cisco Need for production-grade infrastructure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public HW Integration Can not leverage performance and security by natively integrating with HW Networking In The New Container World Physical Network HypervisorHypervisor Physical Network Virtual Switching or Overlay Network C1 Cn Guest OS - Bridged Overlay Network - VXLAN Physical Network Hypervisor Hypervisor Host 1 Host 2 Host 2Host 1 VM1 C1 Cn Guest OS - Bridged VM2 C1 Cn Guest OS - Bridged Overlay Network - VXLAN C1 Cn Guest OS - Bridged Connectivity Network services, e.g. Load balancer, Firewall Performance Encap over encap over encap affects performance VM1 VM2 Bare Metal VM Containers in VM
BINS/LIBS APP APP APP APP APP APP APP APP APPAPP APP Container Challenges Tasks per Node and at Scale Server Settings Distributed Data Paths Multi-Tenancy Scalability Management Backup Connectivity External Storage Access Predictable? Efficient? Simple? Reliable? Additional Work Host OS Host OS Host OS Host OS Host OS Docker Engine Docker Engine Docker Engine Docker Engine Docker Engine BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS
Container Networking Abstractions: only 3 slides J
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public VM or BM Basics of Container Networking Minimally it provides: - IP Connectivity in Container’s Network Namespace - IPAM, and Network Device Creation (eth0) - Route Advertisement or Host NAT for external connectivity Container eth0 Container eth0 Physical Network Linux/Windows OS Networking ensp0
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Container Network Model (CNM) Docker Container Endpoint Network Sandbox Green Network Docker Container Endpoint Network Sandbox Blue Network • Proposed by Docker to provide networking abstractions/API for container networking • Sandbox contains configuration of a container's network stack (Linux network namespace) • An endpoint is a container's interface into a network (veth pair) • A network is collection of arbitrary endpoints that can communicate with each other • A container can belong to multiple endpoints (and therefore multiple networks) CNM provides Driver APIs for IPAM and Endpoint creation/deletion IPAM Driver APIs: - Create/Delete Pool, - Allocate/Free IP Address Network Driver APIs: - Network Create/Delete, - Endpoint Create/Delete/Join/Leave eth0 eth1
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Container Network Interface (CNI) • Proposed by CoreOS as part of appc specification, used also by Kubernetes • Common interface between container run time and network plugin • Gives driver freedom to manipulate network namespace • Network described by JSON config • Plugins support two commands: - Add Container to Network - Remove Container from Network Container Network namespace Driver plumbing Differences (from CNM): - Gives Driver freedom to manipulate network namespace - Provides Container Id, Params to drivers - Just 2 API: - Add Container to Network, - Delete Container from Network
Introduction – Why Contiv?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Today’s Infrastructure Needs Mike, IT AdminSally, Dev/Test 1. Develop and test fast 2. Agility and Elasticity 3. Does not care about other users 1. Manage infrastructure 2. Stability and Security 3. Isolation and Compliance Challenge: Conflicting goals and priorities
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 How can we achieve these goals? Key: Policy-based Container Networking Declarative Tags (simpler) Manage Groups instead of single objects (faster)
What is Contiv?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Containerized Apps on Shared Infrastructure Application Intent Compute Compute Operational Intent Contiv Is an Open Source Solution to Define and Enforce Distributed Policies Across Infrastructure NETWORK Compute
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Intent with Operation Intent PLACEHOLDER version: '2' services: web: build: . label: - tier: web volumes: - .:/code networks: - front-tier - back-tier db: image: mysql App Intent PLACEHOLDER web: environment: prod networks: security: - allow ports: 5000, 443 bandwidth: 5gbps lb selector: - tier: web db: networks: security: allow ports: 3306 from web Ops Intent (e.g. Contiv Intent*) Operation Intent Provides Operational Requirements and Policies for Applications * Shown in yaml for better visualization
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv: How everything fits together Operational Policy Management Developer Operations Application Scheduler Node 1 Node 2 Node-n Contiv Distributed Policy Layer ... Contiv Elements Contiv UI/CLI/API to manage and monitor policies/usage Distributed policy enforcement for network Integration with physical infrastructure Integrated with popular container schedulers Contiv Automatically Integrates and Enforces Developer and Operations Policies
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 100% Open Source The Most Powerful Container Networking Fabric L2, L3, Overlay or ACI Rich Policies DevOps IT Admin Any NetworkingAny Platform Any Infrastructure Application Intent Rich Policy Model Declarative Simple Install GUI + CLI LDAP/RBAC Contiv – an industry leading (open source) project
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Integration with Underlying DC Infrastructure Application-Centric Infrastructure (ACI) • Containers integrated with APIC policies • Physical services integration Nexus Standalone or Any Network • VLAN handoff • BGP interop (standard routing protocol) Contiv Leverages Underlying Infrastructure Capabilities
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Introducing Contiv 1.0 What’s New: LDAP+ RBAC All New User Experience and Workflow Kubernetes 1.4 Support Docker 1.12 Support OpenShift Integration Simple Install 1 Commercially Supported Contiv will be announced shortly Cisco Advances Services Cisco Solutions Support 100% Open Source at contiv.github.io
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv’s Approach to Containers Scale Route and Policy Distribution Speed Automated Scale-Out Layer of Network Flat Networks High Performance Application-Centric Integrated with App Blueprint Shared Resources Policies for Resource Acquisition Hybrid Cloud Consistent Policies Security Tenant Isolation Security Policies Telemetry/Diagnostics Application Statistics Data Export
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Features Contiv CLI/UI Node 1 Contiv Agent ...Node 2 Contiv Agent Node-n Contiv Agent Container networking for: • Kubernetes, Mesos, Nomad, and Swam Route distribution using BGP or JSON RPC Custom OpenFlow pipeline for host networking • Allows implementing various features (details later) Exports data about: App connectivity, stats, peer Distributed, cluster-wide function Stateless: Useful in node failure/restart, upgrade Implements cluster-wide network and policy Manage global resources: IPAM, VLAN/VXLAN pools Tools to manipulate Contiv objects Implements CRUD using REST I/F Expected to be used by infra/ops teams RBAC
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Architecture High-Level Architecture Host-1 .… Host Plug-In Distributed KV Store Plug-In Logic Contiv Host Agent Host-n Linux Host Routing/Switching To Physical Network ARP/DNS Responder Service LB Route Distribution [ BGP | RPC ] Container Runtime (e.g., Docker) [ K8s| Swarm | Mesos | Nomad ] Master-DBPolicy EngineREST Server IPAM/ Res-Mgmt HA Heartbeat Distributed KV Store [ Etcd | Consul ] REST client (e.g. netctl) API Calls to External Orchestration Systems e.g,. ACI, Schedulers Health Monitoring Contiv Master Cluster .…… .…
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Network To Physical Network Input Table VLAN Table Dest Group Policy IP Table MAC Dest 1 2 3 4 5 6 User Space Container’s Network Namespace Application1 Socket Lib/Syscalls Kernel TCP/IP Stack eth0 Kernel TCP/IP Stack eth0 Application2 Socket Lib/Syscalls Host’s Network Namespace Kernel Space Container-1 Container-n eth0 (host’s) Contiv Host DataPath Host Forwarding – Plumbing Details 28
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Network Deployment Options Cloud L2+ L3 Native Cisco ACI IP Address Requirements #Hosts #Containers #Containers #Containers Multi-Destination Traffic No Yes No/Maybe Yes Performance (Throughput) Not Good Very Good Very Good Very Good (VLAN EPG) Automated Multi-Tenancy Yes No No Yes Ease of External Access Not Good Good Good Good Greenfield Deployment No difference As per Scale Very Good Recommended Scale (#Nodes) Good Agg Device Very Good Very Good Favorable Physical Topology All Look Same Access/Agg. L3 CLOS ACI Choices 29
Demo
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Tutorial on Docker and Contiv - do it yourself ;-) A normal docker network (without Contiv) looks like it: It’s online at http://contiv.github.io
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public How Docker sees a Contiv network Let’s attach a new container to the new network:
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Networks are isolated Let’s create one more container on contiv-net: We have many containers now (contiv-c1 and contiv-c5 are on the same network): Ping works here (same if the container is on a different host/VM) Ping does not work here
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Tenants in Contiv Two different networks (with same name), they don’t communicate Tenants are isolated worlds, to avoid conflicts. They have separate namespaces for resources.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Tenants in Contiv Two different networks (with same name), they don’t communicate Tenants are isolated worlds, to avoid conflicts. They have separate namespaces for resources.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38Presentation ID Applying policies between containers with Contiv Contiv provide a way to apply isolation policies between containers groups (regardless of the tenants, eventually within the tenants). For this, we create a simple policy called db-policy, and add some rules to it to define which ports are allowed.
Policies are applied to Groups Finally, we associate the policy with a group (a group is an arbitrary collection of containers, e.g. a tier for a microservice) and then run some containers that belong to db group Let’s create two more containers: The policy db-policy (ports open and closed) is applied to all the 3 containers: Managing many end points as a single object makes it easy and fast, think about auto-scaling (especially when integrated with Swarm, Kubernetes, etc.)
Contiv is Microservices Ready • Support for grouping Applications • Allows scale-out instances of container applications to be grouped together • Policies specified on a micro-service tier, rather than individual container workloads • Efficient forwarding between Microservice tiers • Allows a fixed (DNS published) VIP for a micro-service • Containers within the micro-services can come and go • Their IP addresses are mapped to the service IP for east-west traffic • Eliminates single point of forwarding (proxy) between micro-service tiers • Application visibility at service levels (across the cluster) Web Group App Group DB Group Allow grouping of containers/pods Specify Policies between groups or from outside the network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Elements of Contiv Networking Cluster-wide Connectivity Truly Multi-tenant Network Isolation Traffic Prioritization App-Composers Integrated Network Monitoring Scalable Physical Network Integration: ACI | Nexus Standalone Micro Services Ready Leverages NIC IPAM, Service Discovery Contiv Networking High Throughput
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Value Proposition
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Integration
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Go and test it (easy!): http://contiv.github.io Contiv releases - github.com/contiv/install/releases Documents - contiv.github.io Join Contiv Slack - contiv.herokuapp.com Contiv Blogs - blogs.cisco.com/tag/contiv Recorded demo - https://www.youtube.com/watch?v=55s4wAVbTM4 Cisco DevNet community - https://developer.cisco.com/site/contiv/videos/index.gsp Contiv on Docker Store - https://store.docker.com/plugins/803eecee-0780-401a-a454-e9523ccf86b3?tab=description

Recomendados

Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256
Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256
Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256Mark Church
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Sanjeev Rampal
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerSanjeev Rampal
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
 
Kubecon US 2019: Kubernetes Multitenancy WG Deep Dive
Kubecon US 2019: Kubernetes Multitenancy WG Deep DiveKubecon US 2019: Kubernetes Multitenancy WG Deep Dive
Kubecon US 2019: Kubernetes Multitenancy WG Deep DiveSanjeev Rampal
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
 

Recomendados

Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256
Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256
Docker Enterprise Networking and Cisco Contiv - Cisco Live 2017 BRKSDN-2256Mark Church
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Sanjeev Rampal
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerSanjeev Rampal
 
Container security within Cisco Container Platform
Container security within Cisco Container PlatformContainer security within Cisco Container Platform
Container security within Cisco Container PlatformSanjeev Rampal
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
 
Kubecon US 2019: Kubernetes Multitenancy WG Deep Dive
Kubecon US 2019: Kubernetes Multitenancy WG Deep DiveKubecon US 2019: Kubernetes Multitenancy WG Deep Dive
Kubecon US 2019: Kubernetes Multitenancy WG Deep DiveSanjeev Rampal
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
 
DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationHank Preston
 
NetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsNetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsHank Preston
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Kubernetes Multitenancy - KubeSec Enterprise Security Summit
Kubernetes Multitenancy - KubeSec Enterprise Security SummitKubernetes Multitenancy - KubeSec Enterprise Security Summit
Kubernetes Multitenancy - KubeSec Enterprise Security SummitSanjeev Rampal
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Kubernetes and lastminute.com: our course towards better scalability and proc...
Kubernetes and lastminute.com: our course towards better scalability and proc...Kubernetes and lastminute.com: our course towards better scalability and proc...
Kubernetes and lastminute.com: our course towards better scalability and proc...Michele Orsi
 
Admission controllers - PSP, OPA, Kyverno and more!
Admission controllers - PSP, OPA, Kyverno and more!Admission controllers - PSP, OPA, Kyverno and more!
Admission controllers - PSP, OPA, Kyverno and more!SebastienSEYMARC
 
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...Vietnam Open Infrastructure User Group
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
Simplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoSimplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoAndrew Randall
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in ProductionGianluca Arbezzano
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project CalicoAndrew Kennedy
 
Why Automate the Network?
Why Automate the Network?Why Automate the Network?
Why Automate the Network?Hank Preston
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and DockerAndrew Kennedy
 
Metaswitch Project Calico
Metaswitch Project CalicoMetaswitch Project Calico
Metaswitch Project CalicoAndrew Kennedy
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Andrew Randall
 
Introduction to the Container Networking and Security
Introduction to the Container Networking and SecurityIntroduction to the Container Networking and Security
Introduction to the Container Networking and SecurityCloud 66
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Brkaci 1090
Brkaci 1090Brkaci 1090
Brkaci 1090almaz tt
 

Mais conteúdo relacionado

Mais procurados

DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationHank Preston
 
NetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsNetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsHank Preston
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Kubernetes Multitenancy - KubeSec Enterprise Security Summit
Kubernetes Multitenancy - KubeSec Enterprise Security SummitKubernetes Multitenancy - KubeSec Enterprise Security Summit
Kubernetes Multitenancy - KubeSec Enterprise Security SummitSanjeev Rampal
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Kubernetes and lastminute.com: our course towards better scalability and proc...
Kubernetes and lastminute.com: our course towards better scalability and proc...Kubernetes and lastminute.com: our course towards better scalability and proc...
Kubernetes and lastminute.com: our course towards better scalability and proc...Michele Orsi
 
Admission controllers - PSP, OPA, Kyverno and more!
Admission controllers - PSP, OPA, Kyverno and more!Admission controllers - PSP, OPA, Kyverno and more!
Admission controllers - PSP, OPA, Kyverno and more!SebastienSEYMARC
 
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...Vietnam Open Infrastructure User Group
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
Simplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoSimplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoAndrew Randall
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in ProductionGianluca Arbezzano
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project CalicoAndrew Kennedy
 
Why Automate the Network?
Why Automate the Network?Why Automate the Network?
Why Automate the Network?Hank Preston
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and DockerAndrew Kennedy
 
Metaswitch Project Calico
Metaswitch Project CalicoMetaswitch Project Calico
Metaswitch Project CalicoAndrew Kennedy
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Andrew Randall
 
Introduction to the Container Networking and Security
Introduction to the Container Networking and SecurityIntroduction to the Container Networking and Security
Introduction to the Container Networking and SecurityCloud 66
 

Mais procurados (20)

DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes Integration
 
NetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO ConfigurationsNetBox as the Source of Truth for Cisco NSO Configurations
NetBox as the Source of Truth for Cisco NSO Configurations
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platform
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
Kubernetes Multitenancy - KubeSec Enterprise Security Summit
Kubernetes Multitenancy - KubeSec Enterprise Security SummitKubernetes Multitenancy - KubeSec Enterprise Security Summit
Kubernetes Multitenancy - KubeSec Enterprise Security Summit
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project Calico
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
 
Kubernetes and lastminute.com: our course towards better scalability and proc...
Kubernetes and lastminute.com: our course towards better scalability and proc...Kubernetes and lastminute.com: our course towards better scalability and proc...
Kubernetes and lastminute.com: our course towards better scalability and proc...
 
Admission controllers - PSP, OPA, Kyverno and more!
Admission controllers - PSP, OPA, Kyverno and more!Admission controllers - PSP, OPA, Kyverno and more!
Admission controllers - PSP, OPA, Kyverno and more!
 
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
 
Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about Packet
 
Simplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project CalicoSimplifying and Securing your OpenShift Network with Project Calico
Simplifying and Securing your OpenShift Network with Project Calico
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project Calico
 
Why Automate the Network?
Why Automate the Network?Why Automate the Network?
Why Automate the Network?
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and Docker
 
Metaswitch Project Calico
Metaswitch Project CalicoMetaswitch Project Calico
Metaswitch Project Calico
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
 
Introduction to the Container Networking and Security
Introduction to the Container Networking and SecurityIntroduction to the Container Networking and Security
Introduction to the Container Networking and Security
 

Semelhante a Microservices and containers networking: Contiv, an industry leading open source solution from Cisco - Luca Relandini - Codemotion Amsterdam 2017

Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Brkaci 1090
Brkaci 1090Brkaci 1090
Brkaci 1090almaz tt
 
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Codemotion
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewCisco DevNet
 
Welcome to the Multi-cloud world
Welcome to the Multi-cloud worldWelcome to the Multi-cloud world
Welcome to the Multi-cloud worldLew Tucker
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco Canada
 
4. Kubernetes - Application centric infrastructure kubernetes, contiv
4. Kubernetes - Application centric infrastructure kubernetes, contiv4. Kubernetes - Application centric infrastructure kubernetes, contiv
4. Kubernetes - Application centric infrastructure kubernetes, contivJuraj Hantak
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Docker, Inc.
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMitchell Pronschinske
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...NetworkCollaborators
 
Cisco Live: Containers on Enterprise Compute and Networks
Cisco Live: Containers on Enterprise Compute and NetworksCisco Live: Containers on Enterprise Compute and Networks
Cisco Live: Containers on Enterprise Compute and NetworksMichael Duarte
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
 
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ... Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...NetworkCollaborators
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationNetworkCollaborators
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...Nur Shiqim Chok
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...Nur Shiqim Chok
 
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...NetworkCollaborators
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...NetworkCollaborators
 

Semelhante a Microservices and containers networking: Contiv, an industry leading open source solution from Cisco - Luca Relandini - Codemotion Amsterdam 2017 (20)

Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
 
Brkaci 1090
Brkaci 1090Brkaci 1090
Brkaci 1090
 
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
 
Welcome to the Multi-cloud world
Welcome to the Multi-cloud worldWelcome to the Multi-cloud world
Welcome to the Multi-cloud world
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
4. Kubernetes - Application centric infrastructure kubernetes, contiv
4. Kubernetes - Application centric infrastructure kubernetes, contiv4. Kubernetes - Application centric infrastructure kubernetes, contiv
4. Kubernetes - Application centric infrastructure kubernetes, contiv
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
 
ACI Hands-on Lab
ACI Hands-on LabACI Hands-on Lab
ACI Hands-on Lab
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
 
Cisco Live: Containers on Enterprise Compute and Networks
Cisco Live: Containers on Enterprise Compute and NetworksCisco Live: Containers on Enterprise Compute and Networks
Cisco Live: Containers on Enterprise Compute and Networks
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centre
 
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ... Cisco Connect 2018 Philippines - software-defined access-a transformational ...
Cisco Connect 2018 Philippines - software-defined access-a transformational ...
 
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformationCisco Connect 2018 Malaysia - SDNNFV telco data center transformation
Cisco Connect 2018 Malaysia - SDNNFV telco data center transformation
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
 
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
Cisco Connect 2018 Vietnam - Software-defined access-a transformational appro...
 
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
Cisco Connect 2018 Malaysia - software-defined access-a transformational appr...
 

Mais de Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaCodemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserCodemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
 

Mais de Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 

Último

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Microservices and containers networking: Contiv, an industry leading open source solution from Cisco - Luca Relandini - Codemotion Amsterdam 2017

  • 1. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco Contiv: Network Policies for Microservices Luca Relandini @lucarelandini AMSTERDAM 16 - 17 MAY 2017
  • 2. • Containers and Microservices in production • Introduction – Why Contiv? • What is Contiv? • Demo • Summary Agenda
  • 4. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Key Use Cases for Containers and Microservices Cloud Microservices Cloud Migration Hybrid Cloud Multi-Cloud Containerization Microservices App Modernization DevOps CI/CD Self Service DevOps
  • 5. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Containers and Microservices container Your code Your startup scripts Code dependencies Should deploy with exactly the same behavior on any host/VM that can run containers Orders Wishlist Payment
  • 6. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Cloud Native FROM TO Microservices - Impact on IT Operations DevOps Shared Responsibility Common Incentives, Tools, Process and Culture Not My Problem Separate Tools, Varied Incentives, Opaque Process Continuous Delivery Release Early and Often Higher Quality of Code Release Once Every 6 Months More Bugs in Production Microservices Loosely Coupled Components Automated Deploy Without Waiting on Individual Components Tightly Coupled Components Slow Deployment Cycles Waiting on Integrated Tests Teams Traditional IT
  • 7. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Containers Help to Achieve Agile App Development Stage/ Production TestDevelopment Version Control SysAdmin QA/QEDeveloper Different players in the game
  • 8. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 But... There are Concerns in Containers Adoption What slows an organization’s use of containers? 75% 71% 64% 62% 61% Security Networking Performance Integration Management Source: n= 124 to-date, IDC custom survey, study commissioned by Cisco Need for production-grade infrastructure
  • 9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public HW Integration Can not leverage performance and security by natively integrating with HW Networking In The New Container World Physical Network HypervisorHypervisor Physical Network Virtual Switching or Overlay Network C1 Cn Guest OS - Bridged Overlay Network - VXLAN Physical Network Hypervisor Hypervisor Host 1 Host 2 Host 2Host 1 VM1 C1 Cn Guest OS - Bridged VM2 C1 Cn Guest OS - Bridged Overlay Network - VXLAN C1 Cn Guest OS - Bridged Connectivity Network services, e.g. Load balancer, Firewall Performance Encap over encap over encap affects performance VM1 VM2 Bare Metal VM Containers in VM
  • 10. BINS/LIBS APP APP APP APP APP APP APP APP APPAPP APP Container Challenges Tasks per Node and at Scale Server Settings Distributed Data Paths Multi-Tenancy Scalability Management Backup Connectivity External Storage Access Predictable? Efficient? Simple? Reliable? Additional Work Host OS Host OS Host OS Host OS Host OS Docker Engine Docker Engine Docker Engine Docker Engine Docker Engine BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS BINS/LIBS
  • 12. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public VM or BM Basics of Container Networking Minimally it provides: - IP Connectivity in Container’s Network Namespace - IPAM, and Network Device Creation (eth0) - Route Advertisement or Host NAT for external connectivity Container eth0 Container eth0 Physical Network Linux/Windows OS Networking ensp0
  • 13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Container Network Model (CNM) Docker Container Endpoint Network Sandbox Green Network Docker Container Endpoint Network Sandbox Blue Network • Proposed by Docker to provide networking abstractions/API for container networking • Sandbox contains configuration of a container's network stack (Linux network namespace) • An endpoint is a container's interface into a network (veth pair) • A network is collection of arbitrary endpoints that can communicate with each other • A container can belong to multiple endpoints (and therefore multiple networks) CNM provides Driver APIs for IPAM and Endpoint creation/deletion IPAM Driver APIs: - Create/Delete Pool, - Allocate/Free IP Address Network Driver APIs: - Network Create/Delete, - Endpoint Create/Delete/Join/Leave eth0 eth1
  • 14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Container Network Interface (CNI) • Proposed by CoreOS as part of appc specification, used also by Kubernetes • Common interface between container run time and network plugin • Gives driver freedom to manipulate network namespace • Network described by JSON config • Plugins support two commands: - Add Container to Network - Remove Container from Network Container Network namespace Driver plumbing Differences (from CNM): - Gives Driver freedom to manipulate network namespace - Provides Container Id, Params to drivers - Just 2 API: - Add Container to Network, - Delete Container from Network
  • 16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Today’s Infrastructure Needs Mike, IT AdminSally, Dev/Test 1. Develop and test fast 2. Agility and Elasticity 3. Does not care about other users 1. Manage infrastructure 2. Stability and Security 3. Isolation and Compliance Challenge: Conflicting goals and priorities
  • 17. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 How can we achieve these goals? Key: Policy-based Container Networking Declarative Tags (simpler) Manage Groups instead of single objects (faster)
  • 19. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Containerized Apps on Shared Infrastructure Application Intent Compute Compute Operational Intent Contiv Is an Open Source Solution to Define and Enforce Distributed Policies Across Infrastructure NETWORK Compute
  • 20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Application Intent with Operation Intent PLACEHOLDER version: '2' services: web: build: . label: - tier: web volumes: - .:/code networks: - front-tier - back-tier db: image: mysql App Intent PLACEHOLDER web: environment: prod networks: security: - allow ports: 5000, 443 bandwidth: 5gbps lb selector: - tier: web db: networks: security: allow ports: 3306 from web Ops Intent (e.g. Contiv Intent*) Operation Intent Provides Operational Requirements and Policies for Applications * Shown in yaml for better visualization
  • 21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv: How everything fits together Operational Policy Management Developer Operations Application Scheduler Node 1 Node 2 Node-n Contiv Distributed Policy Layer ... Contiv Elements Contiv UI/CLI/API to manage and monitor policies/usage Distributed policy enforcement for network Integration with physical infrastructure Integrated with popular container schedulers Contiv Automatically Integrates and Enforces Developer and Operations Policies
  • 22. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 100% Open Source The Most Powerful Container Networking Fabric L2, L3, Overlay or ACI Rich Policies DevOps IT Admin Any NetworkingAny Platform Any Infrastructure Application Intent Rich Policy Model Declarative Simple Install GUI + CLI LDAP/RBAC Contiv – an industry leading (open source) project
  • 23. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Integration with Underlying DC Infrastructure Application-Centric Infrastructure (ACI) • Containers integrated with APIC policies • Physical services integration Nexus Standalone or Any Network • VLAN handoff • BGP interop (standard routing protocol) Contiv Leverages Underlying Infrastructure Capabilities
  • 24. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Introducing Contiv 1.0 What’s New: LDAP+ RBAC All New User Experience and Workflow Kubernetes 1.4 Support Docker 1.12 Support OpenShift Integration Simple Install 1 Commercially Supported Contiv will be announced shortly Cisco Advances Services Cisco Solutions Support 100% Open Source at contiv.github.io
  • 25. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv’s Approach to Containers Scale Route and Policy Distribution Speed Automated Scale-Out Layer of Network Flat Networks High Performance Application-Centric Integrated with App Blueprint Shared Resources Policies for Resource Acquisition Hybrid Cloud Consistent Policies Security Tenant Isolation Security Policies Telemetry/Diagnostics Application Statistics Data Export
  • 26. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Features Contiv CLI/UI Node 1 Contiv Agent ...Node 2 Contiv Agent Node-n Contiv Agent Container networking for: • Kubernetes, Mesos, Nomad, and Swam Route distribution using BGP or JSON RPC Custom OpenFlow pipeline for host networking • Allows implementing various features (details later) Exports data about: App connectivity, stats, peer Distributed, cluster-wide function Stateless: Useful in node failure/restart, upgrade Implements cluster-wide network and policy Manage global resources: IPAM, VLAN/VXLAN pools Tools to manipulate Contiv objects Implements CRUD using REST I/F Expected to be used by infra/ops teams RBAC
  • 27. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Architecture High-Level Architecture Host-1 .… Host Plug-In Distributed KV Store Plug-In Logic Contiv Host Agent Host-n Linux Host Routing/Switching To Physical Network ARP/DNS Responder Service LB Route Distribution [ BGP | RPC ] Container Runtime (e.g., Docker) [ K8s| Swarm | Mesos | Nomad ] Master-DBPolicy EngineREST Server IPAM/ Res-Mgmt HA Heartbeat Distributed KV Store [ Etcd | Consul ] REST client (e.g. netctl) API Calls to External Orchestration Systems e.g,. ACI, Schedulers Health Monitoring Contiv Master Cluster .…… .…
  • 28. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Network To Physical Network Input Table VLAN Table Dest Group Policy IP Table MAC Dest 1 2 3 4 5 6 User Space Container’s Network Namespace Application1 Socket Lib/Syscalls Kernel TCP/IP Stack eth0 Kernel TCP/IP Stack eth0 Application2 Socket Lib/Syscalls Host’s Network Namespace Kernel Space Container-1 Container-n eth0 (host’s) Contiv Host DataPath Host Forwarding – Plumbing Details 28
  • 29. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Network Deployment Options Cloud L2+ L3 Native Cisco ACI IP Address Requirements #Hosts #Containers #Containers #Containers Multi-Destination Traffic No Yes No/Maybe Yes Performance (Throughput) Not Good Very Good Very Good Very Good (VLAN EPG) Automated Multi-Tenancy Yes No No Yes Ease of External Access Not Good Good Good Good Greenfield Deployment No difference As per Scale Very Good Recommended Scale (#Nodes) Good Agg Device Very Good Very Good Favorable Physical Topology All Look Same Access/Agg. L3 CLOS ACI Choices 29
  • 30. Demo
  • 31. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Tutorial on Docker and Contiv - do it yourself ;-) A normal docker network (without Contiv) looks like it: It’s online at http://contiv.github.io
  • 32. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  • 33. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public How Docker sees a Contiv network Let’s attach a new container to the new network:
  • 35. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Networks are isolated Let’s create one more container on contiv-net: We have many containers now (contiv-c1 and contiv-c5 are on the same network): Ping works here (same if the container is on a different host/VM) Ping does not work here
  • 36. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Tenants in Contiv Two different networks (with same name), they don’t communicate Tenants are isolated worlds, to avoid conflicts. They have separate namespaces for resources.
  • 37. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Tenants in Contiv Two different networks (with same name), they don’t communicate Tenants are isolated worlds, to avoid conflicts. They have separate namespaces for resources.
  • 38. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38Presentation ID Applying policies between containers with Contiv Contiv provide a way to apply isolation policies between containers groups (regardless of the tenants, eventually within the tenants). For this, we create a simple policy called db-policy, and add some rules to it to define which ports are allowed.
  • 39. Policies are applied to Groups Finally, we associate the policy with a group (a group is an arbitrary collection of containers, e.g. a tier for a microservice) and then run some containers that belong to db group Let’s create two more containers: The policy db-policy (ports open and closed) is applied to all the 3 containers: Managing many end points as a single object makes it easy and fast, think about auto-scaling (especially when integrated with Swarm, Kubernetes, etc.)
  • 40. Contiv is Microservices Ready • Support for grouping Applications • Allows scale-out instances of container applications to be grouped together • Policies specified on a micro-service tier, rather than individual container workloads • Efficient forwarding between Microservice tiers • Allows a fixed (DNS published) VIP for a micro-service • Containers within the micro-services can come and go • Their IP addresses are mapped to the service IP for east-west traffic • Eliminates single point of forwarding (proxy) between micro-service tiers • Application visibility at service levels (across the cluster) Web Group App Group DB Group Allow grouping of containers/pods Specify Policies between groups or from outside the network
  • 41. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Elements of Contiv Networking Cluster-wide Connectivity Truly Multi-tenant Network Isolation Traffic Prioritization App-Composers Integrated Network Monitoring Scalable Physical Network Integration: ACI | Nexus Standalone Micro Services Ready Leverages NIC IPAM, Service Discovery Contiv Networking High Throughput
  • 42. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Value Proposition
  • 43. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Contiv Integration
  • 44. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Go and test it (easy!): http://contiv.github.io Contiv releases - github.com/contiv/install/releases Documents - contiv.github.io Join Contiv Slack - contiv.herokuapp.com Contiv Blogs - blogs.cisco.com/tag/contiv Recorded demo - https://www.youtube.com/watch?v=55s4wAVbTM4 Cisco DevNet community - https://developer.cisco.com/site/contiv/videos/index.gsp Contiv on Docker Store - https://store.docker.com/plugins/803eecee-0780-401a-a454-e9523ccf86b3?tab=description