Cisco ACI, Docker Containers, and Microservices
Cisco® Application Centric Infrastructure (Cisco ACI™) offers an application-centric network automation solution that can support any computing infrastructure. Using a group-based policy model, Cisco ACI was designed in anticipation of the significant shift now occurring toward Linux containers and microservices. Containers offer a lightweight, operating system–level virtualization technology that makes applications extremely easy to build, package, and run.
Docker, the dominant container runtime, has become one of the most popular open-source projects of all time. The goal of Docker containers is to provide the capability to package an application with all its dependencies into a standardized unit for software development.
Because containers run on the same operating system, they are lighter weight than virtual machines and make more efficient use of shared resources such as the file system and RAM. Therefore, containers can be launched and run faster than virtual machines. Running applications in different containers provides namespace isolation and resource control. It also provides modularity, with the flexibility to port a given application from one infrastructure to another, unlike in a hypervisor environment.
When containers are used, an application always runs the same regardless of the environment in which it runs, whether the developer’s local machine, a test or production environment, or an environment hosted in a private infrastructure or a cloud. Also, because resources share the same kernel and operating system, they can be brought up and taken down much more quickly, allowing faster application scalability during peak use. A growing number of open-source container applications are now available, enabling end users to simply run in their environment applications that have been developed by other users using tools such as Docker. These applications are available in the web at shared repositories such as Docker Hub.
Figure 1 compares hypervisor and container environments.
Figure 1. Hypervisor Environment Compared to Container Environment
The emergence of Docker containers and the underlying support in the Linux kernel has enabled a shift in the way that applications are designed and built, using new microservice architectures. Microservice architectures are an approach to building complex applications through small, independent components that communicate with each other over language-independent APIs. This model specifically matches the application-centric model developed in Cisco ACI, in which endpoint groups (EPGs) represent each microservice and contracts represent APIs. This strong alignment makes Cisco ACI well suited to container-based technology.
This document describes how Cisco ACI integrates with Docker containers, using a new open-source project called Contiv, which offers a Docker network remote plug-in, available for Docker Release 1.9 and later.
Cisco ACI and Docker Integration
The integration of Cisco ACI with Docker containers allows an end user to create containers either directly through the Docker command-line interface (CLI) or through higher-level tools such as Docker Compose. The user can also join the service tiers in a multihost cluster and automate the creation of network policy in the Cisco Application Policy Infrastructure Controller (APIC), allowing communication for the given containers. Cisco ACI views containers just like any computing resource, and through this integration containers are mapped transparently to EPGs in the controller without the need for additional end-user intervention. This EPG-to-container mapping is intuitive and enables end users to benefit from Cisco ACI capabilities such as multitenancy, security, performance, and mobility.
Cisco ACI brings an intuitive structure to container networking. Users can easily define and integrate their dynamic container networking needs in Cisco ACI. This capability integrates containers into an infrastructure that may already include multiple computing technologies such as bare-metal servers, Layer 4 through Layer 7 (L4-L7) appliances, and VMware, Microsoft, and OpenStack and Kernel-based Virtual Machine (KVM) solutions.
For Cisco ACI, a container is just another application as depicted in Figure 2.
Figure 2. Containers Are Applications That Integrate Intuitively into a Cisco ACI Policy-Based Data Center
Cisco ACI integration with containers allows end-users to build a network that reflects the way that software for containers functions and then add management and system controls. This approach is significantly different from that of other software-defined networking (SDN) solutions, in which the network is built based on the management tools, which then try to adapt the network so that containers can function with it.
The integration of Docker containers with Cisco ACI is enabled through the Docker networking plug-in offered by an open-source project called Contiv. The Contiv project is designed to offer operational policy control to container environments, and it offers an open architecture in which APIC drivers can be added. Project Contiv has two critical components that enable integration:
● Contiv Master acts as a point of integration across multiple Docker hosts. It manages operation policies in the cluster and helps ensure that these policies are rendered accurately. Actions include pushing policies to the infrastructure controller using a component, itself running in a container, called aci-gw.
● Contiv Netplugin is a Docker plug-in running on each host. It handles container settings and helps ensure that container networking is configured to map appropriately to an EPG in Cisco ACI.
Figure 3 shows the integration of Cisco ACI and container architecture.
Figure 3. Cisco ACI and Container Integration Architecture
The host plug-in is responsible for mapping containers to VLAN or Virtual Extensible LAN (VXLAN) segments that can be mapped to Cisco ACI EPGs. Today, the integration can be implemented directly through the Docker CLI or through Docker Compose. Additional management tools such as Kubernetes and Mesos will be integrated in the future.
The integration of containers into Cisco ACI is intuitive. This integration, enabled by the Contiv project, offers the structure and policy benefits of Cisco ACI and adds new, highly scalable, and fast evolving containers to the data center environment and infrastructure.
For More Information
For more information, see:
● Cisco ACI: http://www.cisco.com/go/ACI
● Project Contiv: http://www.github.com/contiv
● Contiv networking: http://www.github.com/contiv/netplugin
● Docker documentation: https://docs.docker.com