Container Networking Challenges for the Enterprise
Containers may be the next big thing for enterprise data centers, but the networking challenges are significant.
The enterprise seems anxious to push containers into production environments, but networking issues keep getting in the way. The challenge is to deploy containers in a way that provides the isolation they need to function as their own self-contained data environments while still maintaining effective connectivity. A proper networking interface should take care of this problem and speed up the deployment process as well, but the work is proceeding slowly, and not always in the most well-coordinated fashion.
Container networking solutions, and the issues they address
Weaveworks, for example, recently released a new version of Weave Net, a plug-in for the Kubernetes Container Networking Interface (CNI). This is significant because until now Weaveworks has focused largely on native Docker network monitoring. Since Kubernetes is a Google architecture, it is a strong signal that while Docker will likely dominate the development of the container itself, integrating it with the wider data center and cloud universe will take place elsewhere on the stack. Weave Net 1.5 is aimed particularly at multicasting container-based microservices, which by their nature require a highly integrated networking environment that allows them to be mixed and matched in unique and innovative ways, most likely in a fully automated or even autonomous setting.
This need for speed and flexibility on the network layer is driving a number of efforts within the container umbrella. One of these is Project Calico, which aims to leverage the Border Gateway Protocol to enable a high degree of container orchestration. At the moment, according to Christopher Liljenstolpe, director of solutions architecture at Metaswitch, one of the main contributors to Project Calico, the process of deploying containers on virtual switches and network overlays is too long and too complicated for containers, many of which will function for only a few hours at best. Project Calico aims to implement the Kubernetes CNI and other solutions directly on the BGP so developers, not network managers, can provision the correct network resources and apply the appropriate policies without having to reconstruct network architectures from the ground up.
Establishing connectivity between containers in a network fabric is one challenge; coordinating their activities is yet another. According to Computer Weekly’s Adrian Bridgwater, a key issue is predictability, which is largely a function of the enterprise’s ability to inspect, certify and synchronize container contents. A start-up called Anchore Inc. targets this process through a common portal that application developers can use to select verified containers from established registries. In this way, they receive containers that have been pre-screened for compatibility, vulnerability and other aspects that are crucial for deploying tightly orchestrated container environments quickly and easily.
But even as development continues to make containers more functional within enterprise networks, so too are containers being leveraged to improve the flexibility of emerging network architectures. A company called ThousandEyes has tapped Docker containers to house its agent-based solution for intelligent network monitoring and visibility. Users will be able to deploy the company’s Enterprise Agent within the Docker container to provide for automated deployment across local and even wide area networks, providing deep-dive, fine-grained visibility into even the most dynamic of data environments. In this way, they can quickly build automated compute clusters across multiple locations that can be used to support both containerized and non-containerized applications and services, including VoIP and UC.
Networking has long been the most complicated aspect of the application deployment process. Storage and processing resources generally know what to do with data once it gets there, but networking requires a coordinated dance among hardware, software, protocols and standards that can turn even the best solution into a headache if not conducted properly.
Containers add an entirely new aspect to this dilemma, but they provide the means to address connectivity issues as well. It won’t happen overnight, but we will get there.
Arthur Cole covers networking and the data center for IT Business Edge. He has served as editor of numerous publications covering everything from audio/video production and distribution, multimedia and the Internet to video gaming.