Contiv Networking on DockerNYC Docker Meetup

Principal Engineer, Cisco

@sr2357

Sanjeev Rampal

100% Open SourceThe Most Powerful Container Networking Fabric

L2, L3, Overlay or ACIRich Policy Model

DevOps IT Admin

Any NetworkingAny Platform

Any Infrastructure

Application Intent

Rich Policy

Connectivity

ACI integration

Container,VM,BM

LDAP/RBAC

What is Contiv

Contiv Architecture

- Stateless: useful in node failure/restart, upgrade- Implements cluster wide network and policy- Manages Global Resources: IPAM, VLAN/VXLAN Pools

- Container Networking for:. Docker Swarm, Kubernetes

- Multiple networking modes – L2(VLAN), Overlay (VXLAN), L3(BGP), ACI

- Tools to manipulate Contiv objects

Container Host

OVS

TasksC1

Contiv netmaster (HA)

Container Host

OVS

TasksC2

CLI (netctl)/UI

Contiv netplugin

Contiv netplugin

Auth Proxy (HA)

- Authentication, RBAC

Application Groups and Security Policies

Web Group

App Group

DB Group

Micro Service

IsolatedNetwork

Allow grouping of

containers/pods

1- Protocol/Port Specific Rules- From specific group/tier- Directional: inbound vs. outbound- Typical sequence of REST API Calls$ netctl policy create -t TestTenant policyAB

$ netctl policy rule-add -t TestTenant …

$ netctl group create -t TestTenant -p policyAB TestNetepgB

Specify Policies

between groups or

from outside the network

2

Demo