Handling the complexity of containers – a chance for software defined networking to shine?
Tue 27 May 2014
With the rise of Docker and its open source approach to containers an old concept has gained a new momentum and Chris Swan believes it could also push SDN into new areas and even push IPv6 adoption.
The concept of virtualisation at the operating system level – or containers – is not a new thing. Containers have been around for ages in the form of logical partitions (LPARs) on IBM kit, zones on Solaris, and hosting platforms like OpenVZ. They’re a hot topic at the moment though, mainly due to the staggering rise of Docker over the past year. With cloud service providers like Amazon and Google announcing support for Docker, along with huge open source projects like OpenStack, it’s clearly hit prime time.
Docker’s networking capabilities are pretty basic. A container is usually attached to a bridge connected to the host network, though since the latest version, direct use of the host network is also possible. Port mapping from the host to container is also part of business as usual. Containers can be linked together, which is achieved by passing address and port information for services in one container on to another.
Those basic capabilities are fine when working with a handful of containers on a single host, but things get challenging when working with many containers across multiple hosts. This is where software defined networking (SDN) will come into play.
Container networking looks very much like a scaled version of the cloud networking challenge. With cloud the issue has been dealing with networking many virtual machines (VMs) together. Containers add another level of expansion and complexity, since a single physical machine can have many VMs, which in turn can have many containers. All of that additional complexity needs to be managed in software, because only the physical machine has any physical network connectivity.
When Amazon started moving users to virtual private cloud (VPC) by default the joke was that they were running out of addresses in the 10.0.0.0/8 network used for EC2 Classic – around 16.8 million addresses. But the joke has a ring of truth to it – with Amazon spending in the region of $1Bn a quarter on infrastructure that turns into 100,000s of servers and potentially millions of VMs. Containers are disruptive because they can move the decimal again – requiring hundreds of millions of addresses. One approach to dealing with this is to continuously reuse address ranges, as happens with VPC; but that leads to problems when trying to connect networks together later (such as with the recently launched VPC peering capability). The other solution is to switch to IPv6.
Virtual private server (VPS) providers are increasingly offering IPv6 connectivity, as at low price points an IPv4 address can become a significant cost contributor. Scarcity of IPv4 addresses is likely to drive similar behaviour as services based on Docker containers become more popular. This could mean some bumpy roads ahead as we mix traditional IPv4 environments with new services that are IPv6 native. It might also be the jolt that’s needed to finally get IPv6 adoption moving forward.
Chris Swan is the CTO of cloud networking specialist CohesiveFT