Red Hat OpenShift Container Platform with OpenContrail Networking

Red Hat OpenShift is the industry’s most secure and comprehensive enterprise-grade container platform. It is a Platform-as-a-Service (PaaS) based on Google’s Kubernetes, that allows developers to quickly develop, host, and scale applications in a cloud environment.

OpenContrail, is the leading SDN automation solution for the cloud. From network virtualization to integrated cloud management, OpenContrail delivers freedom of choice, intelligent automation, and always-on reliability for cloud, software-defined WAN (SD-WAN), and Network Functions Virtualization (NFV) environments.

Today, enterprises know that to be competitive, they must build, deploy, and scale applications faster. Slowly, the industry is moving away from monolithic architecture (which are difficult to scale, resource intensive and increase the time to market) to a microservice architecture, to speed up continuous deployment and delivery.

As the industry embraces the microservices model, cloud platforms (public and private) will start hosting the container platforms. With thousands of containers, VMs and bare-metals in an enterprise environment, managing workloads becomes a painful task and most importantly networking becomes complex. Since multiple overlay networks are involved, our customers want a single solution to stitch and manage their next-gen and legacy workloads. To solve this networking problem, we came up with a solution which supports all the leading Container orchestration platforms (Google’s Kubernetes, Red Hat OpenShift Container Platform and Apache Mesos). With the latest OpenContrail release, we can now manage a whole spectrum of workloads, be it containers, virtual-machines and bare-metal. Along with this, OpenContrail provides certain features which other Container networking solutions don’t (Eg. namespace isolation). Due to the rich feature-set and flexibility of OpenContrail, enterprises can now seamlessly migrate to a microservices model, and manage various workloads using a single solution.

The below demo shows OpenContrail’s integration with Red Hat OpenShift Container Platform and walk you through key features such as,

 

NAMESPACE ISOLATION

Isolate pods/services in different OpenShift projects from talking to each other

SOURCE NAT (EGRESS)

Allow pods/services to talk to the outside world (Internet)

By default, we restrict the pods/services from communicating with the outside world. This provides granular control over the OpenShift cluster

INGRESS

  • Single Service Ingress

Expose a single service to the outside world

1:1 mapping between ingress and service

test.contrail.com -> 178.91.123.132 ->  / dev   service-dev:80

  • Simple Fanout Ingress

Expose multiple services to the outside world

1:many mapping between ingress and services. Uses HAPROXY load-balancer in OpenContrail’s vRouter agent container to route the traffic to different backend services

test.contrail.com -> 178.91.123.132 -> / dev    service-dev:80

                                                                                        / qa      service-qa:80

  • Name Based Virtual Hosting

Expose multiple services to the outside world through multiple hostnames

1:many mapping between ingress and services through hostnames. Uses the HTTP header information and HAPROXY load-balancer in OpenContrail’s vRouter agent container to route the traffic to different backend services

dev.contrail.com –|                       |-> service-dev:80

                                                                                     | 178.91.123.132  |

qa.contrail.com   –|                       |-> service-qa:80

 

 There’s also a couple of other interesting demos that are lined up, so keep watching this space for latest updates.