Redefine Kubernetes Networking with the Diamanti CNI Plugin

In my article on The New Stack, I’ve discussed various shortcomings in most of the common Container Network Interface (CNI) plugins available for Kubernetes. Diamanti eliminates many of these shortcomings and provides a unique solution that offers 2 different networking models:

Layer 2 (L2) networking with Ultima Smart NIC, which offloads the networking to hardware acceleration card and assigns a Virtual Network Interface (VNIC) with real L2 MAC addresses to each pod on external routable networks, making networking much easier.
Layer 3 (L3) overlay networking using Open vSwitch (OVS), which creates an overlay network (VXLAN based) on top of Diamanti L2 networking. This allows the ease of software-defined networking for inter-cluster communication while providing namespace isolation.

Customers have the choice to use a real hardware-defined L2 network or OVS based software-defined overlay network for each endpoint of the pod. Diamanti brings the best of both worlds as IT admins get the flexibility and ease to enable both L2 and L3 networking simultaneously at the container level. Both models provide different levels of traffic isolation. L2 networks use VLAN-based segmentation, providing traffic isolation mostly seen in traditional networks. L3 networks provide VXLAN-based isolation and can be controlled at the namespace level.

Figure 1: Diamanti Platform architecture

Benefits of Diamanti Network Architecture

Diamanti’s CNI plugin offers a broad range of features as described below.

Networking redefined for Kubernetes

Support for both L2 and L3 networking: The Diamanti CNI plugin enables L2 networking by offloading it to the Diamanti Ultima smartNIC which allows assigning real L2 MAC addresses to each pod on external routable networks, making networking much easier. At the same time, it supports L3 overlay networking using Open vSwitch (OVS), traffic isolation, VLAN/VXLAN segmentation, multi-homed networking, static endpoint provisioning, network aware scheduling, guaranteed SLAs, and many more unique features.
Easy transition from your existing infrastructure: Plug and play at L2 networking allows for an easy transition from VMs as it fits well with existing corporate networking infrastructures. Enterprises can continue to use their existing firewalls, network shapers, load balancers, etc. However, they can also move to Kubernetes-based software defined networking.
SR-IOV VF Interfaces: The Diamanti CNI plugin manages SR-IOV Virtual Function (VF) interfaces on each cluster node and assigns them dynamically to application containers when they are scheduled.
Networking I/O offload: With Diamanti Ultima, networking functions are offloaded to the smart NIC, freeing more compute resources for the applications.
Support for other networking options and virtualization technologies: Diamanti allows the extension of all the same benefits of container networking to other virtualization technologies like VMs based on KVM/QEMU. It can also be extended to support other networking solutions such as Red Hat OpenShift SDN.
Avoid load imbalance: With the option to directly access the pods, external and internal load balancers have the capability to distribute traffic directly and evenly to pods.
Avoid extra hops: With the option to directly access the pods, traffic directly flows to the pods without node hopping.

Exposing applications outside the cluster

Make pods first-class citizens of your network: Diamanti’s unique CNI architecture, fueled by Diamanti Ultima acceleration cards, provides L2 networking to pods so that each pod has its own MAC and IP address and traffic travels directly from containers to an external TOR (top-of-rack) switch while maintaining SLA guarantees to each network interface. Other solutions in the market forward traffic through the host network, which degrades performance.

Figure 2: L3 networking vs Diamanti’s simplified L2 Networking

Support for the headless service model: The Diamanti CNI plugin supports the Kubernetes headless model. In this model, Kubernetes skips the packet routing via the host network and allows direct access to pods with DNS round-robin or internal/external load balancing.
Support for other services: Diamanti also supports other service types like clusterIP, NodePort, and LoadBalancer.

Traffic Isolation

Diamanti provides traffic isolation both at the physical as well as virtual level. Diamanti provides complete isolation for control, pod and storage traffic with separate host, pod and storage network interfaces. This eliminates many security risks and assures that one type of traffic does not impact the performance of others.

Support multi-homed networking

The Diamanti CNI plugin provides built-in support for multiple interfaces per pod either from L2 or L3 overlay networks. It can assign multiple SR-IOV VF or network interfaces per pod and assign unique static or dynamic IPs to each interface. Source-based routing is configured in order to avoid asymmetric routing issues.

Static endpoint provisioning

The Diamanti CNI plugin provides the capability of assigning static endpoints to Pod so that IP of the pod is not changing between restarts or redeployments in Kubernetes.

Hardware-controlled QoS and performance SLAs eliminates noisy neighbor issues

The Diamanti CNI plugin provides the ability to set network performance tiers which allows setting bandwidth limits for each provisioned SR-IOV VF interface. With this, even if there is a neighboring application misbehaving or trying to hog CPU-resources it will not interfere with the performance of other applications. This provides true multitenancy in a virtualized environment.

Multizone support

Diamanti’s CNI plugin enables the configuration of availability failure zones through subnet availability awareness across different data centers. Applications are dynamically assigned IP addresses based on affinity/anti-affinity criteria, subnet/IP policies, as well as on and the availability zone data center within which they are scheduled.

Support for storage traffic

Most CNI plugins cannot differentiate between storage and regular traffic and use the same shared network interface for storage and regular data movement. Diamanti’s CNI plugin enables an isolated path for pod traffic and Diamanti storage traffic.

Conclusion

Diamanti offers a unique CNI plugin that solves many shortcomings found in common CNI plugins. The Diamanti Kubernetes platform seamlessly integrates with existing data center networks and provides a dedicated L2 interface to all containers. Additionally, Diamanti also supports L3 overlay networking using OVS, traffic isolation, VLAN/VXLAN segmentation, multi-homed networking, static endpoint provisioning, network aware scheduling, guaranteed SLAs, and many more unique features. Stay tuned for my next blog where I’ll deep dive further into Diamanti’s unique L2 and L3 networking models.

Redefine Kubernetes Networking with the Diamanti CNI Plugin

Redefine Kubernetes Networking with the Diamanti CNI Plugin

Benefits of Diamanti Network Architecture

Networking redefined for Kubernetes

Exposing applications outside the cluster

Traffic Isolation

Support multi-homed networking

Static endpoint provisioning

Hardware-controlled QoS and performance SLAs eliminates noisy neighbor issues

Multizone support

Support for storage traffic

Conclusion

Blog

With Kubernetes, Entertainment and Media Companies are Keeping Up with the Times

How Mining and Natural Resources Companies Can Unearth Kubernetes’ Value

Keeping the Public Sector Secure and Reliable with Kubernetes