SlideShare a Scribd company logo

Network services on Kubernetes on premise

Download as ODP, PDF
Hans Duedal
Hans Duedal

Deep dive into Kubernetes Networking and presentation of a usecase of running network services like DNS on a bare metal Kubernetes cluster for a major Danish e-sport event.

1 of 21
Downloaded 12 times
Network Services on Kubernetes on-premise Hans Duedal Network Services Engineer @ NPF CTO @ Visma e-conomic
Networking in Kubernetes Kubernetes assumes that pods can communicate with other pods, regardless of which host they land on. Every pod gets its own IP address. Fundamental requirements 1. all containers can communicate with all other containers without NAT 2. all nodes can communicate with all containers (and vice-versa) without NAT 3. the IP that a container sees itself as is the same IP that others see it as
Container Network Interface ● Originated at CoreOS as part of rkt ● Cloud Native project ● Many container runtimes, ie. kubernetes, rkt, mesos ● If your network solution adheres to the CNI Spec, the runtimes can use it ● Sometimes the choice of CNI plugins are (almost) made for you, ie. on public clouds ● For an on-premise project, choosing the right CNI solution is critical to success
Kubernetes Network Solutions
Project Calico ● IP-in-IP with option for BGP Based ● Independent of Kubernetes (ships with it’s own etcd cluster) ● Backbone of Github.com’s metal cloud https://thenewstack.io/github-goes-kubernetes-tells/ ● Policy based access control ● Fully featured for Datacenter Level Kubernetes Networking ● Doesn’t make much sense to use without BGP
Kube-router Three components 1. IPVS/LVS (Part of Linux kernel since 1999) 2. GoBGP 3. Kuberouter itself ● BGP Based https://cloudnativelabs.github.io/post/2017-05-22-kube-pod-networking/ ● Heavy lifting by IPVS/LVS (in-kernel load balancer) and the routing tables ● Kubernetes specific ● Small and lightweight, with excellent community on slack ● Network Policies (but not as advanced as Calico)
flannel ● Full userspace software based solution, no hardware or kernel involved ● IP-in-IP based ● Often the goto/default choice for on-premise deployments ● Only network, no policy ● Networking: “Developer Edition” ● CoreOS project, but plays extremely well with Kubernetes ● The reference plugin for CNI
How Rancher does it ● Magically network nodes in AWS with GCE or on-premise ● It’s all an illusion, it sets up a full mesh of IPSec (VPN) tunnels between each node ● High overhead of IPSec stack and encryption ● Easy to use, and most of the time “just works”
That’s all fine, but you said something about e-sports?
Network services on Kubernetes on premise
NPF in Numbers ● 3600 Amps of mains, 3 phase power ● Almost 14 kilometers of network cables (2.4 km fiber, 11.5 km copper) ● 400+ volunteers ● 300+ network switches ● Built up in five days, 47 hour event, and then torn down in two days ● Almost 6000 gamers with their computers ● Internet consumption the size of Aalborg, so internet wise we become the fourth largest “city” in Denmark for a weekend
Network at NPF
Distribution Network ● Layer 3 Distribution ● Approx. 1100 Participants pr ring ● OSPF Routing
Rings
Network “Services”? ● DHCP ● DNS ● Prometheus Monitoring ● Grafana ● SNMP Polling (Blackbox exporter) ● SNMP Traps (ELK Cluster)
Network services on Kubernetes on premise
Network services on Kubernetes on premise
Kube-router in NPF Key learnings ● Think in terms of ToR (top-of-rack) design ● Often it’s not the new fancy kubernetes network that fails ● Kube-router toolbox is essential ○ You just kubectl exec -it into the kube-router box Why kube-router ● We tried calico and got overwhelmed ● Very low overhead, must of it is done in-kernel ● Minimal code base, easily understood ● We run full kube-router, so no kubenet or kubeproxy on the nodes
DHCP Server Troubles Modern DHCP server Kea failed, so we had to go with isc-dhcpd ISC DHCPd needs to know the IP of all availability peers on startup - ISC DHCPd can take a hostname rather than the IP - Headless Services expose the pod ip to kube-dns - Kubernetes DNS resolution to the rescue! - Stateful Sets could be a possible non-hacky solution, but not sure ISC DHCPd will play nice with stateful sets.
So how did it go?
e-conomic.com/joinus npf.dk/om-npf-crew/
Ad

Recommended

Advanced Scheduling in Kubernetes
Advanced Scheduling in KubernetesAdvanced Scheduling in Kubernetes
Advanced Scheduling in Kubernetes
Kublr
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
Kublr
 
Lessons learned with kubernetes in production at PlayPass
Lessons learned with kubernetes in production at PlayPassLessons learned with kubernetes in production at PlayPass
Lessons learned with kubernetes in production at PlayPass
Peter Vandenabeele
 
Setting up CI/CD pipeline with Kubernetes and Kublr step-by-step
Setting up CI/CD pipeline with Kubernetes and Kublr step-by-stepSetting up CI/CD pipeline with Kubernetes and Kublr step-by-step
Setting up CI/CD pipeline with Kubernetes and Kublr step-by-step
Oleg Chunikhin
 
Implement Advanced Scheduling Techniques in Kubernetes
Implement Advanced Scheduling Techniques in Kubernetes Implement Advanced Scheduling Techniques in Kubernetes
Implement Advanced Scheduling Techniques in Kubernetes
Kublr
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
Ingress overview
Ingress overviewIngress overview
Ingress overview
Harshal Shah
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliability
Oleg Chunikhin
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
KubeAcademy
 
Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
Gianluca Arbezzano
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
Docker, Inc.
 
Demystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes ArchitectureDemystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes Architecture
Ajeet Singh Raina
 
Kubernetes & the 12 factor cloud apps
Kubernetes & the 12 factor cloud appsKubernetes & the 12 factor cloud apps
Kubernetes & the 12 factor cloud apps
Ana-Maria Mihalceanu
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Orchestrating Microservices with Kubernetes
Orchestrating Microservices with Kubernetes Orchestrating Microservices with Kubernetes
Orchestrating Microservices with Kubernetes
Weaveworks
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
Cloud Native Day Tel Aviv
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
Igor Sfiligoi
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINX
Aine Long
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
Cloud Technology Experts
 
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianCNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
HanLing Shen
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
 
Kubernetes intro public - kubernetes user group 4-21-2015
Kubernetes intro public - kubernetes user group 4-21-2015Kubernetes intro public - kubernetes user group 4-21-2015
Kubernetes intro public - kubernetes user group 4-21-2015
reallavalamp
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
Kublr
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
Adam Hamsik
 
Ad

More Related Content

What's hot (20)

KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
KubeAcademy
 
Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
Gianluca Arbezzano
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
Docker, Inc.
 
Demystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes ArchitectureDemystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes Architecture
Ajeet Singh Raina
 
Kubernetes & the 12 factor cloud apps
Kubernetes & the 12 factor cloud appsKubernetes & the 12 factor cloud apps
Kubernetes & the 12 factor cloud apps
Ana-Maria Mihalceanu
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Orchestrating Microservices with Kubernetes
Orchestrating Microservices with Kubernetes Orchestrating Microservices with Kubernetes
Orchestrating Microservices with Kubernetes
Weaveworks
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
Cloud Native Day Tel Aviv
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
Igor Sfiligoi
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINX
Aine Long
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
Cloud Technology Experts
 
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianCNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
HanLing Shen
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
 
Kubernetes intro public - kubernetes user group 4-21-2015
Kubernetes intro public - kubernetes user group 4-21-2015Kubernetes intro public - kubernetes user group 4-21-2015
Kubernetes intro public - kubernetes user group 4-21-2015
reallavalamp
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
Kublr
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
KubeAcademy
 
Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
Gianluca Arbezzano
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
Docker, Inc.
 
Demystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes ArchitectureDemystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes Architecture
Ajeet Singh Raina
 
Kubernetes & the 12 factor cloud apps
Kubernetes & the 12 factor cloud appsKubernetes & the 12 factor cloud apps
Kubernetes & the 12 factor cloud apps
Ana-Maria Mihalceanu
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Orchestrating Microservices with Kubernetes
Orchestrating Microservices with Kubernetes Orchestrating Microservices with Kubernetes
Orchestrating Microservices with Kubernetes
Weaveworks
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
Cloud Native Day Tel Aviv
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
Igor Sfiligoi
 
Load Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINXLoad Balancing Applications on Kubernetes with NGINX
Load Balancing Applications on Kubernetes with NGINX
Aine Long
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
Cloud Technology Experts
 
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - RuianCNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
HanLing Shen
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
 
Kubernetes intro public - kubernetes user group 4-21-2015
Kubernetes intro public - kubernetes user group 4-21-2015Kubernetes intro public - kubernetes user group 4-21-2015
Kubernetes intro public - kubernetes user group 4-21-2015
reallavalamp
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
Kublr
 

Similar to Network services on Kubernetes on premise (20)

4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
Adam Hamsik
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
Cumulus Networks
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
Kernel TLV
 
Container network security
Container network securityContainer network security
Container network security
Daisuke Nakajima
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
Thomas Graf
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
Akihiro Suda
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet Processing
Kernel TLV
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
Introducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 SupercomputerIntroducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 Supercomputer
Akihiro Nomura
 
Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with Kubernetes
Bart Spaans
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
byonggon chun
 
Kubernetes lessons learned
Kubernetes lessons learnedKubernetes lessons learned
Kubernetes lessons learned
Paul Guth
 
Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin
Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor BorodinDive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin
Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin
Provectus
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
oholiab
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
CloudOps2005
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
Jim St. Leger
 
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS FabricNFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
ozkan01
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
Adam Hamsik
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
Cumulus Networks
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
Kernel TLV
 
Container network security
Container network securityContainer network security
Container network security
Daisuke Nakajima
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
Thomas Graf
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
Akihiro Suda
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet Processing
Kernel TLV
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
Introducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 SupercomputerIntroducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 Supercomputer
Akihiro Nomura
 
Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with Kubernetes
Bart Spaans
 
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV ClusterMethod of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Cluster
byonggon chun
 
Kubernetes lessons learned
Kubernetes lessons learnedKubernetes lessons learned
Kubernetes lessons learned
Paul Guth
 
Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin
Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor BorodinDive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin
Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin
Provectus
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon
 
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFA Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
oholiab
 
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremTo Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
To Russia with Love: Deploying Kubernetes in Exotic Locations On Prem
CloudOps2005
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
Jim St. Leger
 
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS FabricNFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
ozkan01
 
Ad

Recently uploaded (20)

Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New VersionF-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
saimabibi60507
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Ad

Network services on Kubernetes on premise

  • 1. Network Services on Kubernetes on-premise Hans Duedal Network Services Engineer @ NPF CTO @ Visma e-conomic
  • 2. Networking in Kubernetes Kubernetes assumes that pods can communicate with other pods, regardless of which host they land on. Every pod gets its own IP address. Fundamental requirements 1. all containers can communicate with all other containers without NAT 2. all nodes can communicate with all containers (and vice-versa) without NAT 3. the IP that a container sees itself as is the same IP that others see it as
  • 3. Container Network Interface ● Originated at CoreOS as part of rkt ● Cloud Native project ● Many container runtimes, ie. kubernetes, rkt, mesos ● If your network solution adheres to the CNI Spec, the runtimes can use it ● Sometimes the choice of CNI plugins are (almost) made for you, ie. on public clouds ● For an on-premise project, choosing the right CNI solution is critical to success
  • 5. Project Calico ● IP-in-IP with option for BGP Based ● Independent of Kubernetes (ships with it’s own etcd cluster) ● Backbone of Github.com’s metal cloud https://thenewstack.io/github-goes-kubernetes-tells/ ● Policy based access control ● Fully featured for Datacenter Level Kubernetes Networking ● Doesn’t make much sense to use without BGP
  • 6. Kube-router Three components 1. IPVS/LVS (Part of Linux kernel since 1999) 2. GoBGP 3. Kuberouter itself ● BGP Based https://cloudnativelabs.github.io/post/2017-05-22-kube-pod-networking/ ● Heavy lifting by IPVS/LVS (in-kernel load balancer) and the routing tables ● Kubernetes specific ● Small and lightweight, with excellent community on slack ● Network Policies (but not as advanced as Calico)
  • 7. flannel ● Full userspace software based solution, no hardware or kernel involved ● IP-in-IP based ● Often the goto/default choice for on-premise deployments ● Only network, no policy ● Networking: “Developer Edition” ● CoreOS project, but plays extremely well with Kubernetes ● The reference plugin for CNI
  • 8. How Rancher does it ● Magically network nodes in AWS with GCE or on-premise ● It’s all an illusion, it sets up a full mesh of IPSec (VPN) tunnels between each node ● High overhead of IPSec stack and encryption ● Easy to use, and most of the time “just works”
  • 9. That’s all fine, but you said something about e-sports?
  • 11. NPF in Numbers ● 3600 Amps of mains, 3 phase power ● Almost 14 kilometers of network cables (2.4 km fiber, 11.5 km copper) ● 400+ volunteers ● 300+ network switches ● Built up in five days, 47 hour event, and then torn down in two days ● Almost 6000 gamers with their computers ● Internet consumption the size of Aalborg, so internet wise we become the fourth largest “city” in Denmark for a weekend
  • 13. Distribution Network ● Layer 3 Distribution ● Approx. 1100 Participants pr ring ● OSPF Routing
  • 14. Rings
  • 15. Network “Services”? ● DHCP ● DNS ● Prometheus Monitoring ● Grafana ● SNMP Polling (Blackbox exporter) ● SNMP Traps (ELK Cluster)
  • 18. Kube-router in NPF Key learnings ● Think in terms of ToR (top-of-rack) design ● Often it’s not the new fancy kubernetes network that fails ● Kube-router toolbox is essential ○ You just kubectl exec -it into the kube-router box Why kube-router ● We tried calico and got overwhelmed ● Very low overhead, must of it is done in-kernel ● Minimal code base, easily understood ● We run full kube-router, so no kubenet or kubeproxy on the nodes
  • 19. DHCP Server Troubles Modern DHCP server Kea failed, so we had to go with isc-dhcpd ISC DHCPd needs to know the IP of all availability peers on startup - ISC DHCPd can take a hostname rather than the IP - Headless Services expose the pod ip to kube-dns - Kubernetes DNS resolution to the rescue! - Stateful Sets could be a possible non-hacky solution, but not sure ISC DHCPd will play nice with stateful sets.
  • 20. So how did it go?

Editor's Notes

  • #19: Kubeproxy disadvantages arcane implementation of load balancer, hard to troubleshoot anything with out understanding the how Kube-proxy uses iptables to implement load balancer not a true load balancer but a simple round robin forwarder no load balancing mechanisms iptable performance degrades as number of services increases. More number of services means long list of iptable rules in a chain to match a packet against in the data path, and latency in insert/delete rules in control path