Container networking made simple with OpenContrail and Kubernetes

This blog is co-authored by Gokul Chandra Purnachandra Reddy and Yuvaraja Mariappan from Juniper Networks.

We have recently announced the latest enhancements done to OpenContrail where one of the features that stood out is containerizing the contrail controller services to enable ease of deployment and operation.

Additionally, OpenContrail will be available as a network plugin for CNI enabling contrail to provide networking services for containers in frameworks such as Kubernetes, OpenShift and Mesos.

In any Kubernetes deployment, OpenContrail offers the following capabilities – pod addressing, network isolation, policy based security, gateway services, snat, ecmp load balancing in services and ingress load balancing

The following are some of the key advantages of the Opencontrail networking solution for K8s.

  • Load Balancing: A non-proxy load balancing capability based on ECMP paths without the need for any additional hops. This is implemented as a distributed construct in vRouters for the virtual IP addresses used in K8s service objects. This also eliminates the need for kube-proxy which is a drag on the performance due to its constant reconfiguration of iptables NAT rules.
  • Network Policy: OpenContrail implements the Kubernetes network policy objects applied to pods.  This framework enables tenant and network isolation with constructs for micro-segmentation using custom security groups. It also provides capabilities to insert transparent network services such as firewalls, DPI etc.
  • Ingress Controller: Stock Kubernetes solution does not provide an implementation to support ingress load balancing for services. With OpenContrail this implementation comes standard which provides a solution with HAProxy.

The following video provides a view into how these features work with OpenContrail.