Northbound Connections of VPP for NFV in Containers and Kubernetes - - PowerPoint PPT Presentation

northbound connections of vpp for nfv in containers and
SMART_READER_LITE
LIVE PREVIEW

Northbound Connections of VPP for NFV in Containers and Kubernetes - - PowerPoint PPT Presentation

Jan 14, 2024 148 likes •302 views

Northbound Connections of VPP for NFV in Containers and Kubernetes FastData.io VPP Billy McFall bmcfall@RedHat.com Agenda Ligato Previous Session Multus CNI / Userspace CNI Network Service Mesh Summary Multus CNI

slide-1
SLIDE 1

Northbound Connections of VPP for NFV in Containers and Kubernetes

FastData.io – VPP

Billy McFall bmcfall@RedHat.com

slide-2
SLIDE 2

Agenda

  • Ligato ← Previous Session
  • Multus CNI / Userspace CNI
  • Network Service Mesh
  • Summary
slide-3
SLIDE 3

Multus CNI / Userspace CNI

What is Multus CNI?

  • Multus CNI is a reference implementation of the “Kubernetes Network Custom

Resource Definition De-facto Standard” put forward by the Kubernetes Network Plumbing Working Group.

  • Multus CNI is a “meta-plugin”
  • Kubelet calls its one and only CNI, which in this case is Multus CNI.
  • Multus, based on CRD (CustomResourceDefinitions) calls multiple CNIs.
  • Multus returns status of default CNI (for default K8s Network) and logs results for others.
  • Kubernetes is only aware of Default Network.

Pod

eth0 net1 net0

Default K8s Network NW1 NW2

Kubelet Multus CNI CNI 1 CNI 2 CNI n

3) CNI 1 Results 1) Default CNI called 2) Multiple CNIs called

slide-4
SLIDE 4

Multus CNI / Userspace CNI

What is Userspace CNI?

  • Userspace CNI inserts DPDK based interfaces into a container.
  • Enables high speed Userspace Interfaces in container.
  • Enables L2, L3, Tunneling protocols in container.
  • Because it is using Multus, Kubernetes is unaware of the additional

interfaces and networks.

  • Currently supports VPP or OvS-DPDK.

Pod

eth0 net1 net0

Default K8s Network NW1 NW2

Kubelet Multus CNI Example: Flannel Userspace CNI Userspace CNI

3) CNI 1 Results 1) Default CNI called 2) Multiple CNIs called

slide-5
SLIDE 5

Multus CNI / Userspace CNI

Userspace CNI – More Detail

Steps:

  • Creates Userspace Interface in vSwitch on host.
  • Ties interface into local network.

– Current: L2 (North-South Traffic) – Future: MPLS/VxLAN/etc. (East-West Traffic)

  • Publishes configuration data to Pod for consumption of interface in Pod.

Container Container

engine engine vSwitch (OvS-DPDK/VPP) vhost- user

  • r memif

eth0 net0 eth0 net0

slide-6
SLIDE 6

Node Node

Network Service Mesh (NSM)

What is Network Service Mesh (NSM)?

  • NSM is a Service Abstraction that plugs containers into

external networks (outside Kubernetes default network).

Pod to Pod

Pod to External Network

Pod

eth0 net1 net0

NW1 NW2

Pod

eth0 net0

Default K8s Network

NSM

slide-7
SLIDE 7

Network Service Mesh (NSM)

What is Network Service Mesh (NSM)?

  • NSM enables:

Heterogeneous network configurations

Wide variety of tunneling protocols

On-Demand, dynamic, negotiated connections

Bringing multiple payload types into a container (Ethernet, IP, MPLS, L2TP, etc.)

  • NSM facilitates apps specifically implement network functions.
  • NSM allows traditional app developers to configure the

networking elements they want while hiding the complexity and “networkiness”.

slide-8
SLIDE 8

Network Service Mesh (NSM)

  • NSM forces you to think of Networking as a Service

– Creates connections with Network Service Clients and

Network Service Endpoints

  • Networking Payloads are not an afterthought:

– Layer 2, Layer 3, MPLS Payloads – Enablement for NFV

  • Plays well with Kubernetes

– Does not Interfere with Kubernetes Default Networking – Kubernetes handles management and orchestration of pod

while NSM handles complex networking.

slide-9
SLIDE 9

Summary

Which is better?

Ligato

  • Ligato inserts

Userspace into the Kubernetes default network

  • Large feature set
slide-10
SLIDE 10

Summary

Which is better?

Ligato

  • Ligato inserts

Userspace into the Kubernetes default network

  • Large feature set

Multus CNI Userspace CNI

  • Userspace CNI inserts

Userspace outside the Kubernetes default network

  • Separation of Control

and Data Traffic

  • Early in development
slide-11
SLIDE 11

Summary

Which is better?

Ligato

  • Ligato inserts

Userspace into the Kubernetes default network

  • Large feature set

Multus CNI Userspace CNI

  • Userspace CNI inserts

Userspace outside the Kubernetes default network

  • Separation of Control

and Data Traffic

  • Early in development

NSM

  • Provides Service

abstraction

  • Inserts container

networks outside the Kubernetes default network

  • Could leverage Ligato
  • r Multus if needed
  • Early in development
slide-12
SLIDE 12

Summary

Which is better?

Ligato

  • Ligato inserts

Userspace into the Kubernetes default network

  • Large feature set

Multus CNI Userspace CNI

  • Userspace CNI inserts

Userspace outside the Kubernetes default network

  • Separation of Control

and Data Traffic

  • Early in development

NSM

  • Provides Service

abstraction

  • Inserts container

networks outside the Kubernetes default network

  • Could leverage Ligato
  • r Multus if needed
  • Early in development

Depends on the use-case! But all leverage the high speed and rich features of VPP!

slide-13
SLIDE 13

Summary

Call to Action!

All Projects Need Help:

  • Coders
  • Architects
  • Valid Use Cases

How can you HELP?

slide-14
SLIDE 14

THANK YOU !

slide-15
SLIDE 15

References

  • Ligato

https://ligato.io/

https://github.com/ligato

  • Multus CNI

https://github.com/intel/multus-cni

Kubernetes Network Plumbing Working Group

  • Userspace CNI

https://github.com/intel/userspace-cni-network-plugin

  • NSM

https://networkservicemesh.io/

https://github.com/networkservicemesh/networkservicemesh