In this first article of our two-part series on the challenges of container Networking we go after issues related with Network Address Translation (NAT) . The second contribution
then examines the ways to overcome these challenges and mitigate other potential problems. Both articles are not specific to a software container technology, but equally for Linux Containers , Docker , Canonical LXD and other .
The popularity of Infrastructure as a Service (IaaS) based on Virtual Machines (VMs), has changed the networking of data centers in large IT environments. Similarly, the increase in container virtualisation will force the data center engineers to rethink their network infrastructure again. Depending on the environment the lifetime of the VMs is typically measured in days or weeks. Container but be much more volatile. You jump into life when they are needed in any part of the data center. Then, you run a specific task from before disappearing in the ether. The result? The sheer scale of containers in large environments leads to guaranteed that the Center Networking Data will never be the same.
But Container Networking is easy, right? Any developer who has used Docker, can start a software container with the standard NAT configuration with limited knowledge of IP networks. In a development environment such network configurations work without problems. However, the use of software containers the trigger for many network problems, particularly in a large network.
While the NAT protocol translation evoked the historical growth of the Consumer Internet in the late 1990s, the technology has also characteristics that hinder the network scalability. Furthermore, their complexity leads to challenges for network operators. Here are a few reasons why:
NAT prevents the user can use the IP address as a unique identifier for an endpoint. While the clarity of IP-number sequence: filters (for example, 10.0.0.1 or 2001 DB8 :: 1) rather than questioned the Domain Name System (DNS), you should consider the efforts in eliminating causes of errors, the packet capture contains. The package will be changed in flight and then looks depending on the capture point different.
NAT makes logging difficult. Ideally, the logging functionality uses a DNS name, but this is not always the case. A non-unique identifier in the modified via NAT address makes the intuitive understanding of the protocols difficult.
NAT obscures the process of debugging. All Middleware introduced in datapath is another component that may fail in strange ways and it fundamentally violate the end-to-end principle of the Internet. Some groups, such as mobile operators, are very familiar with the NAT Troubleshooting in the relatively closed ecosystem of mobile phones. If the number of containers in your data center approaches the million mark, ask yourself whether the value, the NAT adds complexity compensated adequately.
Port mapping is inelegant. Suppose Dockers EXPOSE keyword in the Docker configuration file that a Layer 4 port of the hosts maps to a container port. If multiple software containers run on a Web server on a well-known port, such as 80 or 443, then you need a reverse proxy. Do you want to manage another software package in the data path? The port number is limited to a maximum of 65535! Although one must here admit that you really need a massive number of containers per host to exploit these 16-bit port area.
In the next article we will explore further questions about difficulties with the container virtualization. This also concerns the problems associated with increasing MAC addresses and the degradation of network performance when using virtual Ethernet interfaces.
Follow SearchNetworking.de on Twitter, Google+ and Facebook !
<- itemregion, www.searchnetworking.de, generated at 1:42:53 mon 31 august, 2015, by vappma20.techtarget.com ->
The article was last updated in August 2015
Disclaimer:
Our tip-sharing is a forum where you can share technical advice and expertise with your peers, as well as to learn from other IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. Anyway, we can not guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Experts ?? the ?? Service, as well as your trust of any questions, answers, information or other materials received from this website on your own risk running.
No comments:
Post a Comment