With the ever-growing popularity and advantages of cloud and containers, organizations are increasingly adopting cloud-native applications and container-based infrastructure for running their business applications. To efficiently manage cloud infrastructure, networking tools play an important role. Having the right set of networking tools can help the network admin manage and operate the cloud-native apps. Here are some open-source networking projects network administrators can use for their cloud-native worlds:
1. Project Calico
Project Calico is a free and open-source project that can be used to manage highly scalable and secure network policies for containers, virtual machines, and native host-based workloads. It supports well-known cloud-native platforms such as Kubernetes, Docker EE, OpenStack, OpenShift, and bare-metal services.
It utilizes standard Linux networking tools to offer two major services for cloud-native applications: network connectivity between workloads and security policy enforcement between workloads. It supports a broad range of deployment options using modular components, including CNI plugins for Kube, Neutron ML2 plugin, Felix, BGP routing stack, and a simple command-line interface, calicoctl. In addition, it offers non-overlay and overlay networking options in the public cloud or on-premise deployments. It offers visibility and troubleshooting, self-service security, zero-trust security, cloud micro-segmentation, intrusion detection, and multi-tenancy. It also provides advanced egress access controls, extended firewalls to Kubernetes, and additional security controls.
This project has multiple data planes, so a user can choose the technologies that best suit their needs, such as a Linux Berkeley Packet Filter (eBPF) data plane, Linux networking data plane, and a Windows HNS data plane.
Cilium is an open-source tool that provides transparent and secure network connectivity along with load balancing between application workloads. It works at layer 3/4 for traditional networking and security services and layer 7 to secure the use of the latest application protocols such as gRPC, HTTP, and Kafka.
This open-source tool can be integrated into common orchestration frameworks, such as Kubernetes. The foundation of this tool is Linux kernel technology called eBPF. It supports the dynamic insertion of eBPF bytecode into the Linux kernel at numerous integration points, such as application sockets, network IO, and tracepoints, to implement security, networking, and visibility logic.
It is available in two editions: Cilium Open Source and Cilium Enterprise. Cilium Open Source features part of the open-source Cilium community codebase, while the Enterprise edition supports the distribution of advanced observability and security workflows.
Envoy is an open-source network proxy developed for layer 7 edge and used for cloud-native applications. It offers high performance with a small footprint edge and works as a service proxy. It is built on the learnings of software and hardware load balancers such as HAProxy/NGINX. It is based on Lyft and has a vibrant contributor base. It is also an official project with Cloud Native Computing Foundation (CNCF) project.
Envoy is C++ distributed proxy created for single applications and services. It offers a communication bus and universal data planes developed for large microservice service mesh architectures. When service traffic in an infrastructure flows using an Envoy mesh, it allows easy visualization of problem areas via regular observation, overall performance tuning and also adds substrate features in a single place.
The latest version of Envoy is 1.17.1 (released on Feb. 25). It supports static configuration via the use of YAML files. For more advanced configuration, it has a set of gRPC-based APIs.
Jaeger is a distributed tracing platform developed by Uber Technologies and donated to CNCF. This platform can be used for monitoring microservices-based systems. It can be used for tasks such as transaction monitoring, service dependency analysis, root cause analysis, distributed context propagation, and performance or latency optimization.
This platform is inspired by Dapper and OpenZipkin. It offers features such as Jaeger backend that have no single points of failure and scale according to business needs. For example, any Jaeger installation usually processes several billions of spans every single day. It supports strongly typed span tags and structured logs and generally distributed context propagation mechanism via baggage. In addition, it represents traces as Directed Acyclic Graphs (DAG) via span references. The Web UI, Jaeger backend, and instrumentation libraries have been created from scratch to support the OpenTracing standard.
Jaeger can be installed by default as part of Red Hat OpenShift Service Mesh that includes an implementation of Istio. It includes various components (Client, Agent, Collector, Query, and Console) that work together to store, collect, visualize spans and traces.
Flannel is an overlay network that can be used to connect containers across various hosts. It can be used to configure layer 3 network fabric created for Kubernetes. It runs a small, single binary agent (called flanneld) on every host. It uses Kubernetes API or etcd directly for storing network configuration.
This tool is a basic overlay network that works well with the assigned subnet address range. In simple terms, an overlay network is built on top of another network. While flannel was mainly created for Kubernetes, it is a simple overlay network that can be used as a basic alternative to existing software-defined networking solutions. To be more specific, this networking tool gives every host an IP subnet from which the Docker daemon can allocate IPs to the individual containers. Each address is linked to a container so that all containers in a system may exist on various hosts.
Using deployment tools and distributions, the flannel can be deployed with Kubernetes easily. For example, the CoreOS Tectonic can set up flannel in the Kubernetes clusters by using an open-source Tectonic Installer. However, it can also be installed manually into any existing Kubernetes cluster.
Kuma is a modern service mesh created by Kong, the company behind the popular Kong API gateway. Kuma differentiates itself from older service meshes by supporting not just containers but also VMs. In this way, it is a good fit for both greenfield (modern) and brownfield (legacy) applications.
Kuma is built on top of Envoy, the leading network proxy service (and is also listed above). As of today, Kuma is the only CNCF service mesh that runs on Envoy. Kuma allows for highly complex deployments. There are two modes — standalone and multizone. Standalone consists of a single control plane and many data planes, and multizone consists of more than one control plane and multiple data planes. Kuma has native API integration with any API provider. This is convenient and helps to build robust networking infrastructure that integrates the best of both worlds — API gateway and service mesh.
Still in its early stages, Kuma is off to a great start, but how it performs comparative to the incumbent Istio and Linkerd is yet to be seen. If you’ve felt that Istio is too complex for your needs, you should give Kuma a look.
Open-source networking: Easing the journey to the cloud
Using the right networking tools, the app developers can manage their cloud-native applications better or move their existing applications to the cloud more efficiently and quickly. It can help eliminate the network performance issues and also ensure the high availability of the hosted applications. These open-source projects are cost-effective and offer flexibility and agility as well. Selecting the right networking tools can help app developers on their journey to the cloud.
Featured image: Shutterstock