Network Function Containerization

Replacing Metal With Software

Project logistics

Preferred past experience

Project Overview

Network Virtualization is one of the hottest topics in the $50B+ networking industry. The trend of taking network functions like routing, firewalling, load balancing and monitoring and moving them from custom hardware to virtual machine software holds considerable promise.

For background, the vast majority of networking technology today is already software. Cisco's IOS software, the software that runs on millions of networking devices in the industry today, has more lines of code than Microsoft Windows.

As the industry goes through this transition from hardware-centric network functions to software-centric network functions, there is a widespread expectation that operations of production networks will change. Obviously, a firewall function running as software on a virtual machine on a standard data center server can only process a fraction of the number of the packets per second as a firewall running on dedicated, custom hardware with carefully engineered hardware acceleration for key operations. The result is that replacing a single physical firewall may require 3-4 instances of a virtual firewall with traffic sharded across them.

This project is an experimentation with new Linux container (lightweight virtual machines) technologies and the newest management systems to prototype out the user experience of managing a fleet of network function instances in parallel.

The goal is create a scale-out system that includes Docker for container packaging, Kubernetes for provisioning, OpenVSwitch (OVS) and Open Virtual Network (OVN) for the network dataplane, Consul for service discovery and state sharing as a platform to provision network functions, chain them together, scale them out and stitch traffic between them appropriately. A simple CLI or REST API will be the initial interface, with a basic web UI if there is time / team size and skills appropriate for it.

Initial network functions will simply be some of the widely used Linux networking software packages. The Linux kernel includes IPTables for firewalling and a mature software stack for routing (at slow speeds). Other potential functions to sit on top of this platform include HAProxy for load balancing and Snort for intrusion detection.

Some Technologies you will learn/use: