SlideShare a Scribd company logo

Network plugins for kubernetes

inwin stack, profile picture
inwin stack

This document discusses CNI and the Linen CNI plugin. It begins with an introduction to CNI and how it allows plugins to configure network interfaces in containers. It then discusses the Linen CNI plugin, which is designed for overlay networks and uses Open vSwitch. It explains how Linen CNI works with Kubernetes and provides packet processing between nodes. The document also compares Linen CNI to other overlay networking solutions like OVN-Kubernetes.

Technology
1 of 39
Downloaded 169 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Dive into CNI: 
 Network Plugins for Kubernetes 林哲緯, Intern, Linker Networks
Who am I? • Intern, Linker Networks Inc. • github.com/John-Lin • @johnlin__ 2
Outline • CNI • CNI Introduction • How to Build? • How to Use? • Linen CNI • Linen CNI Introduction • Kubernetes & Linen CNI • Distinguish between OVN-Kubernetes and Linen CNI 3
CNI 4
What is CNI? • CNI - the Container Network Interface • A Open Source Project supported by CNCF (Cloud Native Computing Foundation) and it has two main repositories • containernetworking/cni: libraries for writing plugins to configure network interfaces • containernetworking/plugins: additional CNI network plugins • Support rkt, Docker, Kubernetes, OpenShift and Mesos 5
What is CNI? • CNI (Container Network Interface) is an API for writing plugins to configure network interfaces in Linux containers 6
CNI Spec • 3 Commands: ADD, DELETE, and VERSION • Configuration on stdin, results on stdout • Runtime parameters via env. CNI_ARGS & CAP_ARGS 7
How to Build? • parseConf: parses the network configuration from stdin • cmdAdd is called for ADD requests 
 (When pod is created) • cmdDel is called for DELETE requests 
 (When pod is deleted) • Add your code to the cmdAdd and cmdDel functions. • Simple CNI code sample at :
 https://github.com/containernetworking/plugins/tree/master/plugins/sample 8 type PluginConf func parseConfig(stdin []byte) (*PluginConf, error) func cmdAdd(args *skel.CmdArgs) error func cmdDel(args *skel.CmdArgs) error
CNI Quick Start $ cat mybridge.conf { "name": "mynet", "type": "bridge", "ipam": { "type": "host-local", "subnet": "10.15.20.0/24" } } 9
CNI Quick Start $ sudo ip netns add ns1 $ sudo CNI_COMMAND=ADD CNI_CONTAINERID=ns1 CNI_NETNS=/var/run/netns/ns1 CNI_IFNAME=eth2 CNI_PATH=`pwd` ./bridge <mybridge.conf $ sudo docker run --name cnitest --net=none -d busybox Or 10
Bridge 11
CNI Plugins • bridge : Create a bridge adds the host and the container to it • IPAM : IP address allocation • host-local : maintains a local database of allocated IPs • DHCP : Runs a daemon on the host to make DHCP requests on behalf of the container • Flannel: responsible for providing a layer 3 IPv4 network between multiple nodes in a cluster • Huge variety of different types plugins, such as loopback, PTP, IPVLAN, MACVLAN, etc. 12
3rd Party Plugins • Project Calico - a layer 3 virtual network • Weave - a multi-host Docker network • Multus - a Multi plugin • CNI-Genie - generic CNI network plugin • Silk - a CNI plugin designed for Cloud Foundry • Linen - designed for overlay networks and compatible with OpenFlow protocol through Open vSwitch • More than 10 third-party party plugins !! 13
Linen CNI 14
What is Linen CNI? A 3rd party CNI plugins designed for “Overlay Networks” and compatible with “OpenFlow Protocol” through Open vSwitch 15
Overlay Network 16 • Underlay network (built using physical devices and links) • Create a new virtual network topology on top of underlay • GRE tunnel, VxLAN tunnel, MPLS and VPN Underlay Network
Comparison of 
 multi-host networking 17 Comparison of multi-host overlay networking solutions Calico Flannel Weave Docker 
 Overlay Network Network Model Pure Layer-3 Solution VxLAN or 
 UDP Channel VxLAN or UDP 
 Channel VxLAN Protocol Support TCP, UDP, ICMP & ICMPv6 ALL ALL ALL Reference from Battlefield: Calico, Flannel, Weave and Docker Overlay Network
Why Open vSwitch? 18 • Multi-host overlay networking • Provide flexible network management • Boosts packet processing, performance and throughput
Multi-host Overlay Networking 19 • All containers can communicate with all other containers • All nodes can communicate with all containers (and vice-versa)
Network Management 20 • Support SDN controller to manage flow control to the switches
Performance 21 • Open vSwitch with the Data Plane Development Kit (OvS-DPDK) • Intel DPDK accelerated switching and packet processing
Linen CNI Overview 22 Linen CNI is • designed to meet the requirements of overlay networks and compatible with OpenFlow protocol • inspired by the document from Kubernetes OVS networking • a chained plugin and it depends on bridge plugin
Linen CNI Usage 23 On Host1: $ ip netns add ns1 $ ip netns exec ns1 ip link 1: lo: <LOOPBACK> ... $ CNI_PATH=`pwd` NETCONFPATH=/root ./cnitool add mynet /var/run/netns/ns1 $ ip netns exec ns1 ip link 1: lo: <LOOPBACK> ... 3: eth0@if97: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 ...
24
Linen CNI Usage 25 On Host2: $ ip netns add ns2 $ ip netns exec ns2 ip link 1: lo: <LOOPBACK> ... $ CNI_PATH=`pwd` NETCONFPATH=/root ./cnitool add mynet /var/run/netns/ns2 $ ip netns exec ns2 ip link 1: lo: <LOOPBACK> ... 3: eth0@if100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 …
26
Linen CNI Usage 27 # ON HOST 1 $ ip netns exec ns1 ip address 3: eth0@if97: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 ... ... inet 10.244.1.17/16 scope global eth0 ... # ON HOST 2 $ ip netns exec ns2 ping 10.244.1.17 PING 10.244.1.17 (10.244.1.17) 56(84) bytes of data. 64 bytes from 10.244.1.17: icmp_seq=1 ttl=64 time=0.089 ms 64 bytes from 10.244.1.17: icmp_seq=2 ttl=64 time=0.037 ms ping to verify network connectivity
Kubernetes & 
 Linen CNI 28
Kubernetes & Linen CNI 29 • Management Workflow • Packet Processing
Management Workflow 30 • linen-cni: Executed by the container runtime and set up the network stack for containers • flax daemon: DaemonSet. Runs on each host in order to discover new nodes joining and manipulate ovsdb
Packet Processing 31 • The docker bridge is replaced with linux bridge (kbr0) • OVS bridge is created (obr0) and added as a port to the kbr0 bridge • All OVS bridges across all nodes are linked with VxLAN tunnels
Installation on K8S 32 • The Open vSwitch is required • kubelet setting kubelet ... --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin
Installation on K8S 33 • Create a configuration list file in /etc/cni/net.d and file name must be name with linen.conflist • Make sure linen, bridge and host-local binaries are in /opt/cni/bin • (Optional) Apply a Daemon Set flaxd.yaml to discover new node joining
Network configuration reference 34 • ovsBridge: name of the ovs bridge to use/create • vtepIPs: list of the VxLAN tunnel end point IP addresses • controller: sets SDN controller, assigns an IP address, port number { "name":"mynet", "cniVersion": "0.3.1", "plugins":[ { //… bridge configurations }, { "type":"linen", "runtimeConfig":{ "ovs":{ "ovsBridge":"br0", "vtepIPs":[ "172.120.71.50" ], "controller":"192.168.2.100:6653" } } } ] }
Distinguish between OVN-Kubernetes and Linen CNI 35
Linen CNI 36
OVN-Kubernetes Overlay 37 • K8S Switches (1 per node): In node networking • K8S Router: Cross-node networking • Join Switch • External Router: access external network (NAT) • External Switch
Network Models 38 Comparison of multi-host overlay networking solutions Calico OVN-Kubernetes Flannel Linen Network 
 Model Layer-3 Solution Layer-3 Solution VxLAN or 
 UDP Channel VxLAN Performance High High Medium Medium Complexity High High Low Low
Takeaway 39 More network virtualization projects https://github.com/John-Lin/linen-cni @johnlin__ SDN-DS.TW: https://www.facebook.com/groups/sdnds.tw/ Contact me https://github.com/John-Lin/tinynet 39

More Related Content

What's hot (20)

PDF
Kubernetes Webinar - Using ConfigMaps & Secrets
Janakiram MSV
 
PDF
Improve Monitoring and Observability for Kubernetes with OSS tools
Nilesh Gule
 
PDF
OpenStack Tutorial
Bret Piatt
 
PPTX
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
PDF
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
PPTX
Kubernetes Introduction
Martin Danielsson
 
PDF
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
PDF
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
PPTX
Ansible presentation
Suresh Kumar
 
PDF
Getting Started with Kubernetes
VMware Tanzu
 
PDF
Introduction to Red Hat OpenShift 4
HngNguyn748044
 
PDF
What Is Helm
AMELIAOLIVIA2
 
PPTX
Kubernetes introduction
Dongwon Kim
 
PDF
Open shift 4 infra deep dive
Winton Winton
 
PDF
Ansible
Vishal Yadav
 
PDF
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
PPTX
Apache Camel K - Copenhagen v2
Claus Ibsen
 
PDF
Introduction to Docker Compose
Ajeet Singh Raina
 
PPTX
Hands on ansible
sumit23kumar
 
PPTX
Enhance your multi-cloud application performance using Redis Enterprise P2
Ashnikbiz
 
Kubernetes Webinar - Using ConfigMaps & Secrets
Janakiram MSV
 
Improve Monitoring and Observability for Kubernetes with OSS tools
Nilesh Gule
 
OpenStack Tutorial
Bret Piatt
 
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
Implementing Flux for Scale with Soft Multi-tenancy
Weaveworks
 
Kubernetes Introduction
Martin Danielsson
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
Microservices, Kubernetes and Istio - A Great Fit!
Animesh Singh
 
Ansible presentation
Suresh Kumar
 
Getting Started with Kubernetes
VMware Tanzu
 
Introduction to Red Hat OpenShift 4
HngNguyn748044
 
What Is Helm
AMELIAOLIVIA2
 
Kubernetes introduction
Dongwon Kim
 
Open shift 4 infra deep dive
Winton Winton
 
Ansible
Vishal Yadav
 
GitOps is the best modern practice for CD with Kubernetes
Volodymyr Shynkar
 
Apache Camel K - Copenhagen v2
Claus Ibsen
 
Introduction to Docker Compose
Ajeet Singh Raina
 
Hands on ansible
sumit23kumar
 
Enhance your multi-cloud application performance using Redis Enterprise P2
Ashnikbiz
 

Similar to Network plugins for kubernetes (20)

PDF
Writing the Container Network Interface(CNI) plugin in golang
HungWei Chiu
 
PPTX
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
PDF
99cloud Docker Training module 2
Liang Bo
 
PDF
How to build a Kubernetes networking solution from scratch
All Things Open
 
PPTX
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
PPTX
Comparison of existing cni plugins for kubernetes
Adam Hamsik
 
PPTX
Introduction to the Container Network Interface (CNI)
Weaveworks
 
PDF
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
PDF
"One network to rule them all" - OpenStack Summit Austin 2016
Phil Estes
 
PPTX
Container world hybridnetworking_rev2
Prem Sankar Gopannan
 
PPTX
KuberNETes - meetup
Nathan Ness
 
PPTX
DockerCon SF 2015: Networking Breakout
Docker, Inc.
 
PPTX
Docker Networking : 0 to 60mph slides
Docker, Inc.
 
PDF
DockerCon SF 2015: Networking Breakout
Docker, Inc.
 
PPTX
Kubernetes networks
Che-Chia Chang
 
PDF
Docker Online Meetup #22: Docker Networking
Docker, Inc.
 
PPTX
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
Guillaume Morini
 
PDF
Kubernetes networking - basics
Juraj Hantak
 
PPTX
Open stackaustinmeetupsept21
Brent Doncaster
 
PDF
Kubernetes Networking 101 kubecon EU 2022
ssuser1490e8
 
Writing the Container Network Interface(CNI) plugin in golang
HungWei Chiu
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
99cloud Docker Training module 2
Liang Bo
 
How to build a Kubernetes networking solution from scratch
All Things Open
 
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Comparison of existing cni plugins for kubernetes
Adam Hamsik
 
Introduction to the Container Network Interface (CNI)
Weaveworks
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
"One network to rule them all" - OpenStack Summit Austin 2016
Phil Estes
 
Container world hybridnetworking_rev2
Prem Sankar Gopannan
 
KuberNETes - meetup
Nathan Ness
 
DockerCon SF 2015: Networking Breakout
Docker, Inc.
 
Docker Networking : 0 to 60mph slides
Docker, Inc.
 
DockerCon SF 2015: Networking Breakout
Docker, Inc.
 
Kubernetes networks
Che-Chia Chang
 
Docker Online Meetup #22: Docker Networking
Docker, Inc.
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
Guillaume Morini
 
Kubernetes networking - basics
Juraj Hantak
 
Open stackaustinmeetupsept21
Brent Doncaster
 
Kubernetes Networking 101 kubecon EU 2022
ssuser1490e8
 
Ad

More from inwin stack (20)

PDF
Migrating to Cloud Native Solutions
inwin stack
 
PDF
Cloud Native 下的應用網路設計
inwin stack
 
PDF
當電子發票遇見 Google Cloud Function
inwin stack
 
PDF
運用高效、敏捷全新平台極速落實雲原生開發
inwin stack
 
PDF
The last mile of digital transformation AI大眾化:數位轉型的最後一哩
inwin stack
 
PDF
整合Cloud Foundry 和 Kubernetes 技術打造企業級雲應用平台解決方案
inwin stack
 
PDF
An Open, Open source way to enable your Cloud Native Journey
inwin stack
 
PDF
維運Kubernetes的兩三事
inwin stack
 
PDF
Serverless framework on kubernetes
inwin stack
 
PDF
Train.IO 【第六期-OpenStack 二三事】
inwin stack
 
PDF
Web後端技術的演變
inwin stack
 
PDF
以 Kubernetes 部屬 Spark 大數據計算環境
inwin stack
 
PDF
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
PDF
基於 K8S 開發的 FaaS 專案 - riff
inwin stack
 
PPTX
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
PDF
Extend the Kubernetes API with CRD and Custom API Server
inwin stack
 
PDF
利用K8S實現高可靠應用
inwin stack
 
PPTX
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
inwin stack
 
PPTX
Distributed tensorflow on kubernetes
inwin stack
 
PDF
Build your own kubernetes apiserver and resource type
inwin stack
 
Migrating to Cloud Native Solutions
inwin stack
 
Cloud Native 下的應用網路設計
inwin stack
 
當電子發票遇見 Google Cloud Function
inwin stack
 
運用高效、敏捷全新平台極速落實雲原生開發
inwin stack
 
The last mile of digital transformation AI大眾化:數位轉型的最後一哩
inwin stack
 
整合Cloud Foundry 和 Kubernetes 技術打造企業級雲應用平台解決方案
inwin stack
 
An Open, Open source way to enable your Cloud Native Journey
inwin stack
 
維運Kubernetes的兩三事
inwin stack
 
Serverless framework on kubernetes
inwin stack
 
Train.IO 【第六期-OpenStack 二三事】
inwin stack
 
Web後端技術的演變
inwin stack
 
以 Kubernetes 部屬 Spark 大數據計算環境
inwin stack
 
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
基於 K8S 開發的 FaaS 專案 - riff
inwin stack
 
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
Extend the Kubernetes API with CRD and Custom API Server
inwin stack
 
利用K8S實現高可靠應用
inwin stack
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
inwin stack
 
Distributed tensorflow on kubernetes
inwin stack
 
Build your own kubernetes apiserver and resource type
inwin stack
 
Ad

Recently uploaded (20)

PPTX
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
Market Insight : ETH Dominance Returns
CIFDAQ
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PPTX
Simple and concise overview about Quantum computing..pptx
mughal641
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
Per Axbom: The spectacular lies of maps
Nexer Digital
 
PPTX
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
PPTX
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
Generative AI vs Predictive AI-The Ultimate Comparison Guide
Lily Clark
 
PDF
Researching The Best Chat SDK Providers in 2025
Ray Fields
 
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Market Insight : ETH Dominance Returns
CIFDAQ
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
Simple and concise overview about Quantum computing..pptx
mughal641
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
Per Axbom: The spectacular lies of maps
Nexer Digital
 
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Generative AI vs Predictive AI-The Ultimate Comparison Guide
Lily Clark
 
Researching The Best Chat SDK Providers in 2025
Ray Fields
 

Network plugins for kubernetes

  • 1. Dive into CNI: 
 Network Plugins for Kubernetes 林哲緯, Intern, Linker Networks
  • 2. Who am I? • Intern, Linker Networks Inc. • github.com/John-Lin • @johnlin__ 2
  • 3. Outline • CNI • CNI Introduction • How to Build? • How to Use? • Linen CNI • Linen CNI Introduction • Kubernetes & Linen CNI • Distinguish between OVN-Kubernetes and Linen CNI 3
  • 5. What is CNI? • CNI - the Container Network Interface • A Open Source Project supported by CNCF (Cloud Native Computing Foundation) and it has two main repositories • containernetworking/cni: libraries for writing plugins to configure network interfaces • containernetworking/plugins: additional CNI network plugins • Support rkt, Docker, Kubernetes, OpenShift and Mesos 5
  • 6. What is CNI? • CNI (Container Network Interface) is an API for writing plugins to configure network interfaces in Linux containers 6
  • 7. CNI Spec • 3 Commands: ADD, DELETE, and VERSION • Configuration on stdin, results on stdout • Runtime parameters via env. CNI_ARGS & CAP_ARGS 7
  • 8. How to Build? • parseConf: parses the network configuration from stdin • cmdAdd is called for ADD requests 
 (When pod is created) • cmdDel is called for DELETE requests 
 (When pod is deleted) • Add your code to the cmdAdd and cmdDel functions. • Simple CNI code sample at :
 https://github.com/containernetworking/plugins/tree/master/plugins/sample 8 type PluginConf func parseConfig(stdin []byte) (*PluginConf, error) func cmdAdd(args *skel.CmdArgs) error func cmdDel(args *skel.CmdArgs) error
  • 9. CNI Quick Start $ cat mybridge.conf { "name": "mynet", "type": "bridge", "ipam": { "type": "host-local", "subnet": "10.15.20.0/24" } } 9
  • 10. CNI Quick Start $ sudo ip netns add ns1 $ sudo CNI_COMMAND=ADD CNI_CONTAINERID=ns1 CNI_NETNS=/var/run/netns/ns1 CNI_IFNAME=eth2 CNI_PATH=`pwd` ./bridge <mybridge.conf $ sudo docker run --name cnitest --net=none -d busybox Or 10
  • 12. CNI Plugins • bridge : Create a bridge adds the host and the container to it • IPAM : IP address allocation • host-local : maintains a local database of allocated IPs • DHCP : Runs a daemon on the host to make DHCP requests on behalf of the container • Flannel: responsible for providing a layer 3 IPv4 network between multiple nodes in a cluster • Huge variety of different types plugins, such as loopback, PTP, IPVLAN, MACVLAN, etc. 12
  • 13. 3rd Party Plugins • Project Calico - a layer 3 virtual network • Weave - a multi-host Docker network • Multus - a Multi plugin • CNI-Genie - generic CNI network plugin • Silk - a CNI plugin designed for Cloud Foundry • Linen - designed for overlay networks and compatible with OpenFlow protocol through Open vSwitch • More than 10 third-party party plugins !! 13
  • 15. What is Linen CNI? A 3rd party CNI plugins designed for “Overlay Networks” and compatible with “OpenFlow Protocol” through Open vSwitch 15
  • 16. Overlay Network 16 • Underlay network (built using physical devices and links) • Create a new virtual network topology on top of underlay • GRE tunnel, VxLAN tunnel, MPLS and VPN Underlay Network
  • 17. Comparison of 
 multi-host networking 17 Comparison of multi-host overlay networking solutions Calico Flannel Weave Docker 
 Overlay Network Network Model Pure Layer-3 Solution VxLAN or 
 UDP Channel VxLAN or UDP 
 Channel VxLAN Protocol Support TCP, UDP, ICMP & ICMPv6 ALL ALL ALL Reference from Battlefield: Calico, Flannel, Weave and Docker Overlay Network
  • 18. Why Open vSwitch? 18 • Multi-host overlay networking • Provide flexible network management • Boosts packet processing, performance and throughput
  • 19. Multi-host Overlay Networking 19 • All containers can communicate with all other containers • All nodes can communicate with all containers (and vice-versa)
  • 20. Network Management 20 • Support SDN controller to manage flow control to the switches
  • 21. Performance 21 • Open vSwitch with the Data Plane Development Kit (OvS-DPDK) • Intel DPDK accelerated switching and packet processing
  • 22. Linen CNI Overview 22 Linen CNI is • designed to meet the requirements of overlay networks and compatible with OpenFlow protocol • inspired by the document from Kubernetes OVS networking • a chained plugin and it depends on bridge plugin
  • 23. Linen CNI Usage 23 On Host1: $ ip netns add ns1 $ ip netns exec ns1 ip link 1: lo: <LOOPBACK> ... $ CNI_PATH=`pwd` NETCONFPATH=/root ./cnitool add mynet /var/run/netns/ns1 $ ip netns exec ns1 ip link 1: lo: <LOOPBACK> ... 3: eth0@if97: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 ...
  • 24. 24
  • 25. Linen CNI Usage 25 On Host2: $ ip netns add ns2 $ ip netns exec ns2 ip link 1: lo: <LOOPBACK> ... $ CNI_PATH=`pwd` NETCONFPATH=/root ./cnitool add mynet /var/run/netns/ns2 $ ip netns exec ns2 ip link 1: lo: <LOOPBACK> ... 3: eth0@if100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 …
  • 26. 26
  • 27. Linen CNI Usage 27 # ON HOST 1 $ ip netns exec ns1 ip address 3: eth0@if97: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 ... ... inet 10.244.1.17/16 scope global eth0 ... # ON HOST 2 $ ip netns exec ns2 ping 10.244.1.17 PING 10.244.1.17 (10.244.1.17) 56(84) bytes of data. 64 bytes from 10.244.1.17: icmp_seq=1 ttl=64 time=0.089 ms 64 bytes from 10.244.1.17: icmp_seq=2 ttl=64 time=0.037 ms ping to verify network connectivity
  • 29. Kubernetes & Linen CNI 29 • Management Workflow • Packet Processing
  • 30. Management Workflow 30 • linen-cni: Executed by the container runtime and set up the network stack for containers • flax daemon: DaemonSet. Runs on each host in order to discover new nodes joining and manipulate ovsdb
  • 31. Packet Processing 31 • The docker bridge is replaced with linux bridge (kbr0) • OVS bridge is created (obr0) and added as a port to the kbr0 bridge • All OVS bridges across all nodes are linked with VxLAN tunnels
  • 32. Installation on K8S 32 • The Open vSwitch is required • kubelet setting kubelet ... --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin
  • 33. Installation on K8S 33 • Create a configuration list file in /etc/cni/net.d and file name must be name with linen.conflist • Make sure linen, bridge and host-local binaries are in /opt/cni/bin • (Optional) Apply a Daemon Set flaxd.yaml to discover new node joining
  • 34. Network configuration reference 34 • ovsBridge: name of the ovs bridge to use/create • vtepIPs: list of the VxLAN tunnel end point IP addresses • controller: sets SDN controller, assigns an IP address, port number { "name":"mynet", "cniVersion": "0.3.1", "plugins":[ { //… bridge configurations }, { "type":"linen", "runtimeConfig":{ "ovs":{ "ovsBridge":"br0", "vtepIPs":[ "172.120.71.50" ], "controller":"192.168.2.100:6653" } } } ] }
  • 37. OVN-Kubernetes Overlay 37 • K8S Switches (1 per node): In node networking • K8S Router: Cross-node networking • Join Switch • External Router: access external network (NAT) • External Switch
  • 38. Network Models 38 Comparison of multi-host overlay networking solutions Calico OVN-Kubernetes Flannel Linen Network 
 Model Layer-3 Solution Layer-3 Solution VxLAN or 
 UDP Channel VxLAN Performance High High Medium Medium Complexity High High Low Low
  • 39. Takeaway 39 More network virtualization projects https://github.com/John-Lin/linen-cni @johnlin__ SDN-DS.TW: https://www.facebook.com/groups/sdnds.tw/ Contact me https://github.com/John-Lin/tinynet 39