The networking stack in Kubernetes is one of the most important architecture components for an enterprise production deployment. In Kubernetes, container networking is delegated to networking plug-ins that implement the Container Network Interface (CNI). Most of the common CNI plug-ins available in the market today struggle to provide a comprehensive networking solution that can handle the dynamic and distributed nature of containers and Kubernetes.

Diamanti D20 RH frees enterprises from managing infrastructure problems related to networking and storage rather allows them to focus on building and deploying containerized applications on Red Hat OpenShift 4.5. In this blog, we’ll highlight the unique features of Diamanti D20 RH’s networking architecture.

Enterprise-grade Diamanti D20 RH Networking Features

Diamanti D20 RH for OpenShift v4.5 provides a unique solution that offers two networking models on Diamanti D20 worker nodes by leveraging OpenShift Multus CNI.

• Overlay networking using OpenShift SDN CNI, which creates a VxLAN based overlay network on top of Diamanti Ultima SmartNIC. This unified OpenShift SDN cluster network configures an overlay network using Open vSwitch (OVS). Doing so allows the ease of software-defined networking for intra-cluster communication while providing all the features of the OpenShift SDN networking model.
• Layer 2 networking with Ultima SmartNIC, which offloads the networking to hardware I/O cards and offers patented I/O acceleration technology which significantly improves the performance of data-intensive applications. Diamanti Ultima assigns a Virtual Network Interface (vNIC) to each pod on external routable networks, making networking much easier.

During the cluster installation, users configure the default pod network as OpenShift SDN. The default network handles all control and data network traffic for in-cluster pod to pod communication, service discovery, health checks and liveliness probes. Diamanti attaches the L2 CNI plugin for Diamanti D20 worker nodes as an additional network using OpenShift Multus CNI. This enables users to attach one or more L2 network endpoints to an application. Users can leverage Diamanti L2 CNI for applications that require network isolation of data plane and control plane, performance, and guaranteed quality-of-service. These networking models allow customers to have the choice to use a real hardware-defined L2 network along with the default OpenShift SDN network.

Both models provide different levels of traffic isolation. L2 network uses VLAN-based segmentation, providing traffic isolation at PCIe SR-IOV level per container from the Diamanti Ultima networking card. OpenShift SDN network provides VXLAN-based isolation using network policy mode, allowing project administrators to configure their own isolation policies, or use multitenant mode which provides project-level isolation for pods and services.

Capabilities of Diamanti L2 CNI Network Plugin

• Networking I/O offload: Diamanti accelerates networking with its Ultima I/O offload card which virtualizes networking at the hardware layer, freeing up the host from networking functions. By offloading storage and network traffic, Diamanti Ultima drives 95% host utilization, making more processing power available for actual applications.
• OpenShift SDN on Diamanti Ultima: Incase of OpenShift SDN, two Ultima PCIe virtual functions are pre-configured for both 10G network interfaces which are bonded together to provide a single 20G network interface. OpenShift uses the bonded 20G interface as its primary interface for both control and data traffic.
• SR-IOV VF Interfaces: The Diamanti L2 CNI plugin manages hardware-backed virtual-NICs (SR-IOV virtual functions (VFs)) on each worker node and assigns them dynamically to application containers when they are scheduled. Ultima SmartNIC bypasses the host networking stack and uses SR-IOV virtual functions to plumb a VNIC (Virtual Network Interface) directly to a pod’s network namespace as an additional eth1 network interface. Application administrators can choose to resolve DNS entries of the application to eth1 interface IP address, instead of defaulting eth0 OpenShiftSDN interface in order to gain performance and quality of service(QoS) benefits of Diamanti L2 CNI plugin.

• Traffic Isolation: Diamanti L2 CNI provides complete isolation for pod’s control, data and storage traffic with separate SR-IOV VF for control, data and storage network. This eliminates noisy neighbor problems by having separate receive and transmit queues per application network interfaces.
• QoS and Performance: Diamanti Ultima offload provides PCIe based I/O acceleration, which prevents overprovisioning of resources. This eliminates “noisy neighbors” and guarantees performance with hardware-enforced QoS. The Diamanti L2 CNI plugin provides the ability to set network performance tiers which allows setting maximum and minimum bandwidth limits for each provisioned SR-IOV VF interface. With this, the applications running on the same node do not interfere with the performance of other applications.
• Static endpoint provisioning: Diamanti L2 CNI provides the flexibility to create a static endpoint which makes sure that a pod’s IP remains the same even if a pod is restarted or redeployed elsewhere in OpenShift.
• Storage traffic: Diamanti delivers two separate networking planes for storage and pod traffic which are physically isolated from the host network. Diamanti’s Ultima SmartNIC comes with a 40G (4x10G QFSP) interface, of which 2 x 10G is reserved for Diamanti storage traffic and 2 x 10G is reserved for pod data traffic.

Conclusion

Diamanti D20 RH’s powerful networking architecture provides the best of both worlds by integrating the OpenShift SDN and Diamanti L2 CNI networking functionalities to solve real-world application’s performance requirements. Ultimately, system administrators have the option to expose some pods via OpenShift ingress router to the corporate network and be part of the OpenShiftSDN overlay network, while isolating the performance hungry applications behind the L2 network. Diamanti’s CNI plugin provides the simplicity, security and performance predictability required by enterprises to successfully deploy and manage cloud-native applications at a scale.

To learn more:

• Watch this Diamanti and Red Hat on-demand webinar
• Read Diamanti D20 RH’s unique storage capabilities
• Read our Diamanti D20 RH GA announcement blog and Press Release