There will come a point when we must say goodbye to the networks, as we know them. Not because of their fundamental scheme, but rather because of the way they are implemented and managed on a day-to-day basis. Container networking are part of a trend that is getting stronger in 2020. What is a container network? Will it be useful to migrate to that technology right now? Today in this article we tell you everything you need to know and do before making this decision.
These types of networks are part of an evolution of the storage (storage) Virtualized, computing and networking technologies. Let’s remember that virtualization has already been practically a decade since its first implementations. Hardware resources are shared through the already known virtual machines. Every virtual machine contains a particular application and a complete instance of the operating system. Using traditional virtualization, a physical server can host multiple virtual machines. Each of these, for example, could have a hypervisor with three instances of the operating system running separately.
However, using containers, a single server can host three applications in containers, this requires a single operating system instance, and the containers share their kernel. Another direct advantage is the saving in storage space. A virtual machine may require several gigabytes of space. A container, on the other hand, will only need a few megabytes of space. Consequently, a single server will already be able to host many more containers than virtual machines. The main benefit obtained from this is greater efficiency in the performance of the resources of a data center.
What do I need to do to start using containers in networks?
It is important to determine the correct approach to deployment, this depends largely on the needs of applications, the type of deployment you will have, the use of process automation and the type of operating system. The most popular options we can find today are Docker and Kubernetes. These have networking subsystems that can be connected through the use of drivers . The types of communications that container networks support are container-to-container or container-to-host .
If the transition to using containers has been chosen, the main purpose is to create a distributed architecture made up of microservices. What do these consist of? They are applications structured as sets of services. The main benefits of using microservices is to become a fault tolerant infrastructure and also a very easy to upgrade or apply improvements.
The technology applied to containers also allows each of the containers to be linked in such a way that they are apparently connected to the same interface . This, unlike traditional connection schemes in which each container would be treated as a different device from each other. Thus, all the pieces that make up the infrastructure will be able to communicate easily and will be distributed on different machines located in different data centers.
Do you already have something clearer? We are sure that it is. Now, we will quote the most common types of container networks:
The main types of container networks
- Bridge type networks . In English they are known as bridge networks . It allows containers to run on the same host to communicate with each other. But, the IP addresses assigned to each container are not accessible outside that host. If you opt for Docker, it has a default bridge network. So all new containers will automatically connect to that network. However, there are characteristics that we must adjust yes or yes when implementing this type of network:
- DNS resolution
- Add or remove containers from a custom bridge while they are running
- Sharing environment variables between containers
- Overlay networks. They are designed for containers that run on different hosts. These can locate each other automatically and communicate through subnets with tunnels. If this type of network is chosen, it is not necessary to configure each of the containers.
- Hosts Networks. This network has a controller that allows containers to have their own network stacks, running side by side with the stack that is on the host. A web server, for example, on port 80 that is in a container is available from port 80 itself on the host itself. In this type of network, if you map port 80 or any other port to a container, no other can access that port on the same host.
- Macvlan Networks. These are designed for applications that work directly interacting with the physical network. Like network monitoring applications. This type of network has a controller that not only assigns an IP address to a container. If not also, a MAC address . When to use Macvlan networks? When you have applications that do not operate unless they depend on a physical network address.
Knowing the main types of container networks, it is important to keep in mind that their adoption will mean a very important change. Both in data center operations and the practices to carry them out. According to industry experts, the vast majority of networking equipment is known to be familiar with a static infrastructure, which never changes. Subnets already planned and established, standard methods for measuring capabilities, among other things. In a container-based ecosystem, changes to network configuration and service locations occur routinely. Therefore, there is no direct human control of the network. It is as if the network becomes a huge application, and the practices for managing it differ greatly from the traditional.
One of the most important questions: are container networks secure? This type of network is far from what one can know about traditional firewalls or the mechanisms of operation of security controls. Any person or organization that adopts the containers will need to micro-segment them so that the applications do not interfere with each other. Also, firewalls will need to map connectivity to containers, not to virtual machines anymore. It is daring to assume that these new network technologies are completely safe, but there is no doubt that, over time, the characteristics and security measures will be reinforced according to how they are adopted.