Layer 3 SDN
Package Delivery
Extended Interaction
All in all, Calico proves to be a versatile SDN solution that takes a refreshingly new approach when compared with Open vSwitch and similar solutions. Another feature makes the solution appealing: Calico offers direct links to other network solutions through its API. Istio [4], practically in common with Calico, is a good example. Calico establishes the Layer 3 connection, and Istio uses it dynamically.
Migration to the cloud has made networking far more complex for more than just administrators. Admittedly, it is the admin that has to deal with SDN and the like and prepare the cloud in such a way that appropriate services are available. However, once this initial setup is in place, the admin only needs to give the topic more attention if something does not work as desired. The developer, on the other hand, has to deal with a far more complex network than ever before.
Complicated Microarchitecture
The physical cloud is accompanied by the desire to make the best use of its services. The principle of cloud-ready applications therefore dictates that programs for the cloud are always also distributed programs.
According to common doctrine, distribution can ideally be handled by a microservices architecture. Instead of monoliths, today's developers build applications that comprise various individual parts and communicate with each other over defined API interfaces. From the developer's point of view, it is no longer sufficient to roll out an application. Instead, they must think about how to harden communication between the components of the application – both in terms of reliable functionality and security.
Istio specifically addresses developers with this problem and promises to build a full mesh network between the components of an application following the microservices doctrine. Load balancers, firewall rules, and routing are the key features, so it is only natural that Istio and Calico developers work in close collaboration.
Access to All Details
In practice, that means that Istio connects directly to the Calico services and retrieves there most of the parameters it needs for its own configuration. If the network changes during operation, Istio automatically adapts according to the received data.
It stands to reason that it is a good idea to create a direct link between the SDN application in the cloud and mesh solutions like Istio. Calico and Istio impressively show us what this can look like.
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Correctly integrating containers
If you run microservices in containers, they are forced to communicate with each other – and with the outside world. We explain how to network pods and nodes in Kubernetes. -
Safeguard and scale containers
Security, deployment, and updates for thousands of nodes prove challenging in practice, but with CoreOS and Kubernetes, you can orchestrate container-based web applications in large landscapes. -
Secure Kubernetes with Kubescape
Kubescape checks Kubernetes container setups for security and compliance issues, making life easier for administrators. -
Simple, small-scale Kubernetes distributions for the edge
We look at three scaled-down, compact Kubernetes distributions for operation on edge devices or in small branch office environments. -
Securing the container environment
Implement a good, robust defense with an in-depth strategy of applying multiple layers of security to all components, including the human factor.