Scalable Network Primitives for Containers
Blake Matheny, Facebook
As modern datacenters move more towards a container-centric world, there are a number of open issues to be explored with respect to networking. In this talk I’ll cover many of the approaches being taken or explored at Facebook with respect to container networking. This includes transport security, network virtualization (with and without encapsulation), overlay networking, container-address allocation, utilizing features of IPv6 to simplify management and deployment, address (and job) migration, and resource isolation. One of the current open issues being worked on is how to provide resource isolation for ingress network traffic. That is, resource controls for network traffic arriving at the host supporting a container. While there are a number of approaches for providing resource controls for egress traffic, providing similar controls for ingress traffic has both been less explored and currently has no widely adopted best practices. In this talk I will additionally discuss the topic of resource controls for ingress traffic and about how we are working on improving cgroups and TCP in the Linux kernel at Facebook to address this specific issue. This talk will be interesting to people who are deploying or thinking about deploying large container-based environments.
Blake Matheny is an Engineering Director at Facebook where he is responsible for systems including the Linux kernel as well as Tupperware, the Facebook cluster and job management infrastructure. Blake has been working on large scale distributed systems for more than 10 years, and is currently enamored with C++11, approaches to asynchronous computation, and scheduling algorithms. Although formerly from NYC, Blake currently lives in California with a cat that hates him, his wife, and their collection of books. You can follow Blake at http://fb.me/blake.r.matheny or @bmatheny.
title = {Scalable Network Primitives for Containers},
year = {2015},
address = {Washington, D.C.},
publisher = {USENIX Association},
month = nov
}
connect with us