K8s Services and Policies
CNI Network Plugins help “bootstrap” a cluster IP network at pod creation]
Multiple CNI plugins to choose from. All provide pod connectivity and most come with function add-ons. Choice of which to use depends on many factors including but not limited desired function, service/policy handling, performance, security, operations and so on.
Traditionally applications have relied on the kernel’s mature TCP/IP stack.
Perfectly fine for dishing out web server traffic.
Evolving high performance apps could encounter a performance bottleneck with kernel networking
Another issues to consider is what happens if the kernel network stack breaks (caused by mis-behaving app or something else)
Other advantages include:
Elevated performance throughput as now the user space CNF can talk directly to the physical network interface card (NIC) with the goal of keeping pace with the speed developments happening in this space.
Accelerated network innovation development and roll-out. CNF developers can go to town and paint their innovations on a large user space canvas. It is THE opportunity to mandate all CNFs run in user space. It just make sense.
Fast recovery. If anything happens to the user space CNF stack (e.g. upgrade, crash, etc.), it DOES NOT bring down the whole node. You just restart it quickly and continue on with your work.
High performance shared memory communications when talking user space - to - user space. Memif for inter-VPP traffic is one example.
Ligato is an open source project that provides a platform and code samples for development of cloud native VNFs. It includes a management/control agent for VPP and a Service Function Chain (SFC) Controller for stitching virtual and physical networking.
5 x NGINX pods are networked together
vxlan tunnel encap is used but other possibilities include SRv6 and MPLS UDP
one in each direction between each set of nodes
forms a full mesh with a unique virtual network interface (VNI)
on the left are the service endpoints are their IP addresses
on the right is a snippet of REST API request returning the VPP-NAT entries in the contiv vSwitch
this enables K8s service traffic to benefits from the VPP-based high performance dataplane
Back to Overview