It’s now apparent to most savvy IT professionals that microservices enabled by containers need to be joined at the proverbial hip to the ability to create microsegments using network virtualization (NV) software. Just how that’s going to happen is still a matter of debate.
VMware, for example, is bundling its NSX NV software with the Photon Platform that VMware created to natively run containers using a lightweight Linux host that supports the widely deployed VMware ESXi hypervisor. The goal is to increased container networking interoperability. Most recently, VMware extended that effort by adding support for Kubernetes container orchestration software to its Photon Platform.
Photon Targets Container Interoperability
Initially, NSX will be employed to provide basic switching and routing services. Jared Rosoff, chief technologist for the Cloud-Native Applications Business Unit at VMware, says that over time the Photon Platform will feature a complete set of logical networking elements and services using the same core network virtualization technologies that IT organizations are already embracing across the rest of the enterprise.
In fact, the Photon Platform is only one of two container networking efforts VMware has underway. The other is a vSphere Integrated Container (VIC) offering that makes it possible to run containers as a guest on a vSphere virtual server that supports NSX.
In either scenario, Rosoff says, IT organizations will not have to manage containers in isolation: NSX and other core VMware technologies will make it possible to, for example, employ VMware vRealize automation technologies across cloud-native and legacy applications. In addition, developers will be able to provision Kubernetes clusters, containers, and virtual machines from a catalogue of machine sizes, containers, and operating system base images using VMware management platforms.
“The goal is to reduce the total amount of technical debt,” says Rosoff.
Moving Beyond NAT
As part of that effort, VMware is also trying to move beyond approaches to container networking that rely on network address translation (NAT). While NAT makes it possible for containers to communicate with resources outside of the container’s environment, from a network management perspective it remains challenging to apply a common set of software-defined security and networking policies to containers and the rest of the data center environment.
Naturally, VMware is not the only provider of container networking technologies with similar ambitions. Both Docker Inc. and Weaveworks offer rival software-defined container networking platforms, and it’s reasonable to assume that every networking vendor to one degree or another has similar ambitions. Whether networking vendors partner with VMware, Docker, or Weaveworks to accomplish that goal or whether they craft their own solutions remains to be seen.
But Carlos Matos, director of global network infrastructure for Fidelity Investments, and a co-chairman of the Open Interoperable Control Plane committee within the Open Network User Group (ONUG), says a lack of container networking interoperability standards could slow adoption.
“The way container orchestration platforms internally handle networking is different from all the network overlays,” says Matos. “There’s no standard for integrating them.”
It’s probably only a matter of time before the container networking interoperability issue gets forced. But in the meantime, it would be prudent for IT organizations to keep their container networking options open.