05-19, 14:20–14:50 (UTC), Sidebar
In this presentation we will explain why and how container networking is moving from the kernel into user space through projects such as the Contiv-VPP CNI plug-in (which leverages the Linux Foundation's fd.io project).
Existing container networking solutions rely on Linux Kernel networking (using iptables, eBPF, Open vSwitch etc.) . This constrains both performance and flexibility.
User-Space networking offers better performance (especially when combined with technologies such as vector-based forwarding such as d.io VPP) and enables new features to be developed and deployed without requiring changes to the Linux kernel.
Contiv-VPP is a CNI plugin for Kubernetes that leverages fd.io VPP and which provides a full implementation of Kubernetes network policy and of Kubernetes services (usually implemented by kube-proxy, which programs Linux kernel netfilter rules).
We will provide a detailed description, and live demos of Contiv-VPP, and will discuss the challenges we encountered in our implementation.
Finally we will show how user space networking enables Cloud-native Network Functions such as firewalls and VPN gateways.
Giles Heron is a Principal Engineer at Cisco Systems, and is based in London. His current focus is on high-performance container-networking solutions. Before joining Cisco Giles was Principal Network Architect at BT, and was responsible for the end-to-end architecture of BT's 21st Century Network.
Giles has over 25 years' experience in the networking arena, having started as a software engineer coding X.25, SNA and IP protocol stacks, and then having made the transition into network architecture. Giles is the co-inventor of the MPLS pseudowire technology, and served as co-chair of the IETF L2VPN Working Group.