Networking in containerized environments is really hard to do with a traditional network stack. Virtual machines seem complex, according to many engineers I know, but as the Canadian rock band Bachman-Turner Overdrive used to sing "B-b-b-baby, you ain't seen n-n-nothin yet," as containers take complexity to the next level.
Containers are unlike anything network professionals have dealt with before. They are highly dynamic, are spun up and down very quickly and often run for just a few seconds. Traditional networking can be used for VMs and physical workloads, which aren't very agile and take a long time to boot. But the dynamic nature of containers makes visibility, connectivity and security much more difficult, as services need to be invoked as soon as the container is spun up and then turned off when the container is shut down. If a live container loses connectivity, bad things happen, so ensuring the network is there and rock solid is critical.
One approach would be to go the open source route and use Project A for networking, Project B for visibility, Project C for Security and Project D for Orchestration. If the company is Amazon.com Inc. (Nasdaq: AMZN) or Google (Nasdaq: GOOG) and there are dozens of PhDs available to create the custom code to tie these together, this might work. For the other millions of businesses, the lack of support and training makes this unrealistic.
Another approach could be to get a full stack from a single vendor in which all the components are tied together, but this creates vendor lock-in and limits choice and is the exact thing the industry is trying to move away from.
And that's where Arista Networks Inc. comes in. This week at Kubecon North America 2018, Arista took the covers off its Any Cloud platform, to provide consistent network operations and better security for Kubernetes-managed container workloads. The solution was put together in partnership with Red Hat Inc. (NYSE: RHT) and Tigera, a couple of Kubernetes heavyweights.
The Arista Any Cloud solution comprises the containerized version of its EOS operating system and CloudVision software and is an open alternative to vendor specific implementations. It leverages standard interfaces defined by the Cloud Native Computing Foundation (CNCF). The product works for Kubernetes workloads that span host-based and physical network infrastructure.
Arista's approach is to leverage best-of-breed partners to deliver a validated stack that can simplify deployment, reduce operational overhead and improve security.
The network component uses the containerized version of EOS (cEOS) announced in 2017. Arista cEOS for Kubernetes container network interface (CNI) provides the routing engine that brings a software control plane and streaming telemetry into the CNI reachability layer. Arista's CloudVision provides the analytics and visibility required to manage the end-to-end platform, including out to the cloud, making the processes of enforcing ACLs and security policies significantly simpler.
Tigera's Security Enterprise Edition, also known as Calico, is used for Kubernetes security policy and extended network segmentation. A feature called Container Tracers provides visibility into containerized workloads. This now supports Kubernetes through the partnership with Red Hat, with its OpenShift Kubernetes, which provides orchestration capabilities, better visibility and improved diagnostics.
The use of containers continues to skyrocket. The once niche technology is now mainstream, with many businesses looking to expand the use case to anything they can. Over the past year, I have seen containers used for workloads such as application deliver controllers (ADCs), artificial intelligence and even unified communications. CIOs that once swore they would never run mission-critical apps in containers have realized the benefits and have made a hard pivot in favor of them.
The rise of containers portends big problems with the rise of "container sprawl," which is similar to what happened with virtual machines (VMs) in the early days. It's imperative that organizations have the necessary levels of visibility, security and network services to ensure the use of containers can scale without putting the business at risk and overwhelming the IT department. The partnering approach Arista takes proven components from different vendors and ensures customers have an end-to-end solution without the associated risk of vendor lock-in or the complexity of trying to tie together a mixed bag of open source projects. The Red Hat component of the solution is available today. Arista cEOS with support for Tigera Secure Enterprise Edition is available now to its preview customers with general availability planned in 2019.
- Arista Acquires Metamako to Boost Low-Latency Networking
- Arista Finds Its Campus Mojo
- Arista Weaves Security Blanket Over Data Center, Campus and Cloud
- Arista Promises New 400G Switches for These Cloudy Times
— Zeus Kerravala is the founder and principal analyst with ZK Research.