Power Up Your Kubernetes Networking with SDN and Kernel Bypass

Kubernetes is certainly the most popular container-orchestration framework developed under the umbrella of the Cloud Native Compute Foundation. It helps IT DevOps engineers build, scale and manage state-of-the-art applications throughout their entire lifecycles. Kubernetes future-proofs application development and infrastructure management on-premises or in the cloud, without vendor or cloud-provider lock-in.

Kubernetes uses a very clear networking model where every POD (group of containers) is assigned to a unique IP address from a predefined pool. A third party network plugin has to ensure both IP address management and connectivity between these PODs, while Kube-proxy takes care of network address translation of service IPs and load balancing. Even though many networking plugins were introduced in the recent years, they all missed to apply the two most important networking innovation of the past decade: Software Defined Networking and kernel bypass. Majority of the currently available network plugins uses a simple Linux Bridge to connect the PODs to the host network, and while this is an easy and straightforward solution it lacks of proper mechanism to realize more complex networking scenarios than Layer-2 switching. Moreover, Kube-proxy is built over standard Linux kernel tools such as IPtables and Connection Track which were also not designed to use in such extensive scenarios. These tools by itself limit the capabilities of any current Kubernetes networking solution.

Introducing the Dunlin Kubernetes Plugin

Our Kubernetes network plugin is based on Open vSwitch since it was designed to work in high-speed and complex network scenarios. Our SDN controller watches the Kubernetes API for changes in the cluster regarding PODs, services, nodes and security policies. Then, for every atomic change in the cluster it installs the proper networking rule using the OpenFlow protocol.

This architecture has the following two fundamental benefits:

  • Firstly, using the OpenFlow protocol we are able to monitor the networking state of the Kubernetes cluster including the topology, traffic of individual PODs, traffic between nodes, load balancing ratios between service endpoints, etc. We are using Prometheus, the cloud native monitoring standard to achieve deeper network visibility.
  • Secondly, using the Open vSwitch in DPDK mode can achieve data rates which is impossible with other network plugins, thus using 25G or 40G interface cards at full speed. Since our plugin installs OpenFlow rules that redeem the functions of Kube-Proxy, we do not rely on any Linux Kernel networking, hence we can integrate kernel bypass methodology using DPDK.

Try It Out Now

We have released the code as 100% open source at GitHub. Give it a try and tell us your experience with the Dunlin Plugin!