Docker and Software Defined Networks

We have recognised that the current trend of reducing IT expenditure and maximising utilisation of existing infrastructure has driven some of the most interesting innovations seen in the last ten years. The rise of Docker, microservices and cloud has forced the industry to rethink how enterprise infrastructure is built and maintained.

At Excelian, we have been building an internal PAAS called ‘Blueprint’. This sits on top of Docker and container-related technologies. We have been migrating from a VM setup to running applications solely within containers, and as a result have improved utilisation of existing hardware.

While it traditionally takes years for software innovation to reach the enterprise level, Docker follows a different path. Analysts expect that Docker will be the norm in enterprises by 2016, less than two years after its 1.0 release. However, there is still an issue of managing access to microservices. They still require system expertise and extensive networking knowledge to build.

Docker’s Network Challenge
A simple basic Docker installation exists on an isolated network and external access to the containers is disabled by default. Users can only access services through proxies which translate and redirect external service requests to an internal service running in a container. A boundary is defined between services and its consumers and this particular set up covers a common use case where a clear boundary between users and services needs to exist.

The problem however arises with data intensive applications like Cassandra, which broadcast internal details of their topology to client applications. Providing access to these services is a networking problem that requires network engineers and systems administrators to get right.

A typical change is illustrated below:

Image 1. Provide Access to Service XYZ

Any changes to network topology to effect access to microservices requires access to vendor-specific devices and protocols. It is not agile and is expensive to change, requiring engineering expertise at the system and network level. 

Software Defined Networks
A Software Defined Network (SND) is an emerging cloud technology that provides dynamic networking infrastructure through programmatic an application programming interfaces (APIs). This family of software-based network tools provides overlay networks and virtual routing functionality. In the context of Docker and microservices, network access to a Docker service can be configured at deployment time. Within Blueprint we have experimented with a few SDN solutions. For example, how Project Calicos approaches dynamic network configuration.

Project Calico provides AWS-style access control to configure your Docker network and has focused on security from the ground up. A Docker network is defined to allow communication across hosts. Inbound and outbound traffic are enabled on a service level basis with minimal interaction with networking experts. A simple command loading a JavaScript Object Notation (JSON) network settings file will configure inbound network traffic to an application.

Image 2. Provide access for Team A

This means that with just a few commands application can be packaged, deployed and have its network access profile created. The changes can typically happen in just a few seconds. 

The Future
Docker have popularized software containers as basic computational units for application deployment, primarily through its ability to implement microservices across distributed architectures. By solving Docker’s networking challenge, Software Defined Networking provides a path to build networks enabling hybrid cloud environments.

SDNs promise to make networking resources less dependent on physical infrastructure and bring us closer to having cloud-like infrastructure management on premises, and with such programmable infrastructure comes greater control and reduced costs.

We believe that as these networks begin to mature and the increasing using of network configuration (based on APIs), we will see an acceleration in adoption of and greater reliance on hybrid cloud in the financial sector.

Related content

Excelian recently sent a team of developers to attend the Devoxx conference in London. Devoxx is a two day event “by developers for developers” that discusses the latest trends and technologies in the IT world. Along with seminars and programs from l...
Server virtualisation provides many IT infrastructure management benefits, since it can run and manage multiple applications and operating systems on the same physical server. In theory, this allows increased utilisation and improved business continu...