...
- Aniket Daptari from Juniper
- While the slides are all about Contrail, please note that all of this functionality is in Tungsten Fabric
- What's a network function service chain?
- Routing in the dataplane (via vRouter) to steer traffic through a speciied set of network functions
- TF abstracts away the complexity
- Independent of workload, location, and form factor of the network function
- Only constraint: must be anchored to Virtual Networks
- Telcos use this…
- …to add value added functions inside the datacenter of a service provider
- Add resiliency
- Add scale, and load balance across all the instances of network functions
- CSRX: Next gen firewall in a docker container
- Containerising network functions
- Run an L7 firewall inside a small container that boots in seconds
- Could do this on every host if you desire, minimising exposure of network to bad traffic
- Only possible because of service chaining
- Containerising network functions
- But the problem with k8s, ports with multiple interfaces aren't supported in vanilla upstream k8s
- Network functions typically need multiple interfaces
- Juniper dev team is working on this, and to upstream it to k8s
- Also working to add service chaining in k8s
- Problem with Multus in k8s
- Designed to enable multiple network providers on interfaces to pods
- But does not allow for single provider on a single pod
- TF Pod will be able to to this
- Have enhanced the pod manifest and yaml files
- Also have a custom resource definition to help define what network a pod should connect to
- Questions
- None, it's demo time
Action items
- Aniket DaptariSend the slides so they can be attached to this page