preload
Jun 08

Construction Containers (source: Hans).

Originally published on June 1st, 2017 by Brian Anderson of O’Reilly

I recently sat down with Lee Calcote, head of technology strategy at SolarWinds, to talk about the benefits of container networks. Here are some highlights from our chat.

What is container networking? How are people deploying container networks?

Much of what container networking is today revolves around core Linux network technologies, whether that be iptables for port-forwarding, firewalling and network address translation, or ipvs for load-balancing and service abstraction (virtual IP addressing). These battle-tested technologies are old friends of systems engineers, who have leveraged these kernel capabilities as they’ve built container engines and orchestrators.

To date, container networking has largely been focused on simple network services like connectivity, IP addressing (IPAM), (domain) name services, and load-balancing. Beyond connectivity, most higher-level network services—like quality of service (QoS), virtual private networking, security policy (complex and dynamic firewalling), and topology optimization—are still emerging. So far, connectivity has largely equated to use of Linux bridges and network overlays, with VXLAN being a popular protocol. These common choices are in the face of a style of networking that’s arguably more straightforward in its approach: layer 3 networking.

Continue reading »

Tagged with:
May 01

Being an Austinite, I enjoyed having DockerCon local and co-authored a guide to visiting Austin in the hopes that attendees would enjoy having DockerCon in Austin as well. During this installment of Dockercon, a few major announcements were made, including the Moby Project. So, what is the Moby Project? It’s a framework to assemble specialized container systems without reinventing the wheel.

The Moby Project is to Docker what Fedora is to Red Hat Enterprise Linux.
– Solomon Hykes, Docker CTO/Founder

Continue reading »

Tagged with:
Apr 30


A collection of industry analysts convened to share their thoughts on DockerCon 2017. From a technology perspective, certainly LinuxKit was one of the more significant announcements. It’s approach to the creation of small, custom Linux OS images seems heavily inspired from Project UniK‘s approach to the creation of unikernels – small, custom Linux OS images.

From a business perspective, the Moby Project was a key announcement refactoring the way in which docker as an open source project is structured.

Did you attend DockerCon or watch the keynotes remotely? What did you think of DockerCon 2017?

Watch and listen to the virtual panel debriefing on DockerCon 2017.

Continue reading »

Tagged with:
Mar 11

Ship with tug (source: tpsdave via Pixabay).

Cloud-native applications are designed to draw upon the performance, scalability, and reliability benefits of distributed systems. Unfortunately, distributed systems often come at the cost of added complexity. As individual components of your application are distributed across networks, and those networks have communication gaps or experience degraded performance, your distributed application components need to continue to function independently.

To avoid inconsistencies in application state, distributed systems should be designed with an understanding that components will fail. Nowhere is this more prominent than in the network. Consequently, at their core, distributed systems rely heavily on load balancing—the distribution of requests across two or more systems—in order to be resilient in the face of network disruption and horizontally scale as system load fluctuates. Continue reading »

Tagged with:
Oct 04

Presented at ContainerizeThis 2016 on Sept. 30th, 2016, this talk is an introduction to container runtimes (engines) and an understanding of when container orchestrators enter and what role they play. We’ll look at what makes them alike, yet unique.

Tagged with:
Sep 17

Microservices present challenges of coordination, SSL termination and socket connection among others. Looking to different cloud providers to assist with their load-balancers leaves you wanting as features socket connection support, SSL termination and geo-distributed load-balancing are often absent.

Presented at Nginx Conference 2016 on Sept. 8th, 2016.

Tagged with:
Sep 16

glen-canyon

Originally published on The New Stack on Sept. 4th, 2016.

There are two proposed standards for configuring network interfaces for Linux containers: the container network model (CNM) and the container network interface (CNI). Networking is complex, and there are many ways to deliver functionality. Arguments can be made as to which one is easier to adopt than the next, or which one is less tethered to their benefactor’s technology.

When evaluating any technology, some important considerations are community adoption and support. Some perspectives have been formed on which model has a lower barrier to entry. Finding the right metrics to determine the velocity of a project is tricky. Plugin vendors also need to consider the relative ease by which plugins may be written for either of these two models. Continue reading »

Tagged with:
Sep 14

container-rope

Originally published on The New Stack on Sept. 4th, 2016.

While many gravitate toward network overlays as a popular approach to addressing container networking across hosts, the functions and types of container networking vary greatly and are worth better understanding as you consider the right type for your environment. Some types are container engine-agnostic, and others are locked into a specific vendor or engine. Some focus on simplicity, while others on breadth of functionality or on being IPv6-friendly and multicast-capable. Which one is right for you depends on your application needs, performance requirements, workload placement (private or public cloud), etc. Let’s review the more commonly available types of container networking.

There are various ways in which container-to-container and container-to-host connectivity are provided. This article focuses primarily on a breakdown of current container networking types, including:

  • None
  • Bridge
  • Overlay
  • Underlay

Continue reading »

Tagged with:
Sep 02

100804-N-5483N-026 LIBSON, Portugal (Aug. 4, 2010) Capt. Karl Thomas, commanding officer of the amphibious command ship USS Mount Whitney (LCC/JCC 20) greets U.S. ambassador to Portugal Allan J. Katz before a reception highlighting the partnership between Portugal and the United States. (U.S. Navy photo by Mass Communication Specialist 2nd Class Sylvia Nealy/Released)

Originally posted on Network World on Sept. 6th, 2016.

Navigating the container ecosystem can be confusing. Deciding where to dip your toes is challenging for those stepping into container and microservices waters. Even those who have already ventured knee-deep still wade through many questions as they progress in their cloud native journey. To help them guide them through the ecosystem, the Cloud Native Computing Foundation (CNCF) recently launched a Cloud Native Ambassadors program at its inaugural CloudNativeDay in Toronto.

Recognized for their expertise, Cloud Native Ambassadors are individuals who belong to a CNCF member organization and are selected based on their passion for cloud native technology and willingness to help others learn. Most ambassadors also organize or are involved in community meetups oriented toward technologies and projects governed by the CNCF. Forty-one meetups worldwide have joined the program to date (disclaimer: I’m a CNCF Ambassador  and an organizer of the Microservices and Containers Austin meetup in Austin, TX.). Continue reading »

Tagged with:
Sep 01

Presented at LinuxCon+ContainerCon, August 2016. Includes Swarm 1.12, Kubernetes, Mesos+Marathon.

(slides)

Tagged with:
Previous Entries