Data Center Container Network Technology

Container technology is very popular and often mentioned, especially the open source container tool Docker, which has been widely used in many data centers. Containers are mainly standardized packaging of software and its dependent environments, isolating applications from each other and running on many mainstream operating systems. In this way, container and virtual machine technology are very similar. Containers are isolation at the APP level, while virtualization is isolation at the physical resource level. Containers solve many pain points of virtual technology. In many cases, containers can be used together with virtual machines, which is also the mainstream practice in data centers. The arrival of containers has brought some new challenges to data center networks. In order to adapt to containers, the network part also needs to be adjusted accordingly, so many different network solutions have been generated around containers. This article mainly introduces several container network solution technologies.

[[260951]]

Callico

The biggest difference between Callico container network and other virtual networks is that it does not use overlay network for message forwarding, but provides a pure three-layer network model. The three-layer communication model means that each container communicates directly through IP, and finds each other through routing forwarding in the middle. The node where the container is located is similar to a traditional router, which provides a routing search function. For routing to work properly, the host node where each container is located must have some way to know the routing information of the entire cluster. Callico uses the BGP routing protocol, which is the full name of Border Gateway Protocol.

Through BGP, all nodes and network devices in the entire network record the routes of the entire network. It can be seen that this method will generate a lot of invalid routes, and the routing specifications of network devices are relatively high. There cannot be any devices with low routing specifications in the entire network. BGP is a mature network routing protocol that is widely used in traditional networks. In this way, the network part can naturally support Callico, but the network routing specifications are required to be higher. In addition, Callico implements the process from the source container through the source host, through the data center routing, and then to the destination host, and finally distributed to the destination container. The whole process is always routed and forwarded according to the BGP protocol, and there is no packet encapsulation and decompression process, so the forwarding efficiency will be much faster. Therefore, the simpler the technology, the more efficient the execution efficiency. This is the technical advantage of the Callico container network.

Flannel

Flannel is a network solution proposed by CoreOS to solve the cross-host communication of container clusters. Flannel is essentially an overlay network, which means that TCP data is packaged in another network packet for routing, forwarding and communication. It currently supports data forwarding methods such as UDP, VXLAN, AWS VPC, and GCE routing. Among them, VXLAN technology is the most popular. When considering introducing containers, many data centers also consider switching the network to Flannel's VXLAN network.

Flannel allocates a subnet to each host, and containers allocate IPs from this subnet. These IPs can be routed between hosts, and containers can communicate across hosts without NAT and port mapping. Flannel allows different node hosts in the cluster to have unique virtual IP addresses for the entire cluster when creating containers, and connect to the host node network. Flannel can re-plan the IP address usage rules for all nodes in the cluster, so that containers on different nodes can obtain "the same intranet" and "non-duplicate" IP addresses, allowing containers on different nodes to communicate directly through the intranet IP, and the network encapsulation part is invisible to the container. The source host service encapsulates the original data content in UDP and delivers it to the destination node according to its own routing table. After the data arrives, it is unpacked and directly enters the destination node virtual network card, and then directly reaches the destination host container virtual network card to achieve the purpose of network communication. Although Flannel has high requirements for the network, it needs to introduce encapsulation technology, and the forwarding efficiency is also affected, but it can smoothly transition to the SDN network. VXLAN technology can be well combined with SDN, which is worthy of the entire network to achieve automated deployment, intelligent operation and management, which is also the direction of network technology development. Therefore, Flannel abandons the traditional network and builds a completely new overlay network to support containers, which is more suitable for new data center network deployment.

Weave

Weave is essentially an overlay network. Weave can virtualize the network that connects containers on different hosts into a network similar to a local network. Different hosts use their own private IP addresses. When containers are distributed on multiple hosts, Weave can simplify the communication between these containers. Containers in the Weave network use standard ports to provide services (such as MySQL uses 3306 by default), and managing microservices is very direct and simple. Each container can communicate with other containers through domain names, or directly without using NAT, port mapping or complex connections. The biggest advantage of deploying a Weave container network is that you don't need to modify your application code.

Weave starts a virtual router on each host in the container cluster, uses the host as a router, forms an interconnected network topology, and on this basis, realizes cross-host communication of containers. To deploy Weave, you need to ensure that the host Linux kernel version is above 3.8 and Docker is above 1.10. If there is a firewall for access between hosts, the firewall must allow TCP 6783 and UDP 6783/6784 ports to pass to each other. These are Weave control and data ports. The host names cannot be the same. Weave identifies subnets by host names. The Weave network is similar to the host Overlay technology. It encapsulates the message traffic directly on the host, thereby realizing host-to-host cross-underlay three-layer network mutual access. This is the biggest difference from the Flannel network. Flannel is a network Overlay solution.

The three container network solutions are suitable for different application scenarios. It depends on how the data center chooses. In terms of difficulty, Callico is the simplest, followed by Flannel, and Weave is the most complex. From the perspective of network technology, Weave and Flannel are both network encapsulation technologies, the difference is that the encapsulation location is on the network device or on the host. The following figure lists the characteristics of the following three container network solutions:

From physical machines to virtual machines, and then to containers, this is the inevitable trend of the development of server virtualization technology. Containers solve the usage limitations of virtual machines, but they also introduce more complex networks. Data center networks must adapt to this change and adapt to containers. That is why there are so many container network solutions. These solutions are all born for containers. Adapting containers from the network level is necessary for the evolution of data centers to containers.