Virtualization brought significant changes in networking by moving the edge of the network in the server itself. This led to a significant increase of network endpoints and new requirements for the network in terms of provisioning for both speed and flexibility. To a certain extent the ideas of virtualization and cloud gave birth to the whole notion of software defined networking (SDN) since the network needed to keep up with the deployment speeds of virtual machines (VMs).
Docker and microservices are changing the game once more. First, the flexibility and speed of application instantiation introduces new requirements to the network, namely in terms of activation speeds. Whereas virtual machines could launch in several minutes or best case – tens of seconds, Docker containers can be instantiated in sub-seconds. This imposes a requirement on the network infrastructure to react to those speeds. The migration of applications to micro-service-based architectures also increases the number of end-points in the network by an order of magnitude. In several use cases, Docker containers are used as ephemeral components that are instantiated for a specific task and terminated soon thereafter, requiring network connectivity to be as ephemeral by virtue of very fast provisioning and de-provisioning.
The flexibility and simplicity of Docker puts tremendous stress on network control planes because they need to keep up with the life cycle of containers. The initial network technology incorporated with Docker was simplistic and mainly dependent on port translation techniques. Unfortunately, these methods not only introduced tremendous security concerns in enterprise environments but were also very limited compared to the networking capabilities that SDN technologies enabled.
Introducing “libnetwork“. Libnetwork closes this gap by providing an extensible framework for Docker to combine the power of containers with sophisticated SDN technologies that can address both scale as well as policy and compliance requirements of enterprise environments. At Nuage Networks, we are very excited to participate in the ecosystem enabled by libnetwork and to contribute a plug-in that will enable Docker containers to seamlessly utilize the capabilities of the Nuage Networks Virtualized Services Platform (VSP).
One of the game changing aspects of libnetwork is that it allows SDN systems to provide policy enforcement at the container or micro-service level (or if you want, at the process level). This is finer-grain than anything that can be done at the VM or the server level. By focusing on a modular architecture, these technologies allow IT organization to deploy micro services while at the same time, increases the level of control they have in the isolation and security of these services. The combination of fast application deployment with fine-grain policy enforcement reduces the friction between the “Dev” and “Ops” parts of organizations, leading to a true DevOps model.
At Nuage Networks we have embraced the ideas of containers for quite some time. In the last year, we have been working on the interoperability of the Nuage Networks VSP with Docker, using the simple Docker event API to interface into the VSP. With this simple solution we are able to demonstrate the scalability of the platform. In a recent test scenario, we utilized AWS to demonstrate the activation of 100K Docker containers in 500 isolated networks and 200 hosts in less than 10 minutes. The combined Nuage Networks and Docker solution could sustain an activation rate above and beyond anything that has been reported in the industry while at the same time, guaranteeing that any enterprise policies are strictly enforced for every micro-service and container.
We are looking forward to working with the Docker ecosystem to bring these technologies to the network level. Libnetwork is the catalyst we have been looking for.