Networking [clear filter]
Tuesday, November 19

10:55am PST

Low Latency Multi-cluster Kubernetes Networking in AWS - Paul Fisher, Lyft
Lyft is migrating their entire service stack of hundreds of microservices to Kubernetes on AWS. A critical component to Lyft’s successful migration is their open source set of CNI plugins which implement a simple, fast, and low latency networking stack tying together multiple Kubernetes clusters into a flat network within AWS Virtual Private Clouds. Paul’s talk takes a deep dive into the design and implementation of Lyft’s multi-cluster Kubernetes platform from a network-centric perspective, including Envoy mesh integration and performance characteristics.

avatar for Paul Fisher

Paul Fisher

Software Engineer, Lyft
Paul Fisher works on all things infrastructure related at Lyft, from monitoring software to the service provisioning stack. He’s currently leading the Lyft migration to Kubernetes. Paul tends toward work that lies at the intersection of systems programming and scale. He's previously... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 28ABCDE - San Diego Convention Center Upper Level

11:50am PST

Rethinking the K8s DNS for the Modern Enterprise - Deepa Kalani & Venil Noronha, VMware
The Domain Name System (DNS) is the component that provides the most vital piece of information for one to locate and communicate with services running in a Kubernetes cluster. This technology provides a set of features for name resolution, service discovery, metrics collection, query tracing, etc. However, this is only sufficient to satisfy the requirements of traditional workloads, and modern enterprises demand more.

In this talk, we will discuss the state-of-the-art in the modern enterprise in the context of the Kubernetes DNS. We will present use-cases like extensive aliasing, multi-tenancy, security, etc. that stretch the capabilities of currently available DNS solutions like CoreDNS, Kube-DNS, etc. We will then examine possible approaches to solve these challenges and see where these technologies fall short and how they could be improved.


Deepa Kalani

Staff Engineer 2, VMware
Deepa Kalani is a Staff Engineer at VMWare, responsible for development of service mesh technologies with a focus on Istio and Envoy integrations for the enterprise. Prior to VMware, Deepa held various engineering roles at PLUMgrid and Cisco Systems.
avatar for Venil Noronha

Venil Noronha

Sr. Member of Technical Staff, VMware, Inc.
Venil Noronha is an engineer with the Tanzu Service Mesh team at VMware. He also contributes upstream to open source projects in the service mesh domain, like Istio and Envoy proxy. In the past, he has contributed to several open source projects including Kubernetes, Spring, and... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

2:25pm PST

Adapting Kubernetes to Constrained IP Address Environments - Mahesh Narayanan & Satyadeep Musuvathy, Google
When it comes to IP addresses, Kubernetes has a demand and supply issue.
On the Demand side, Kubernetes treats Pods as first class citizens with their own IPs. This makes port mappings and usage from a developer’s point of view much much simpler. But from an infrastructure perspective, this makes the whole cluster use IP addresses liberally.

On the Supply side, Kubernetes deployments generally run alongside incumbent networks. Therefore there are not enough IPs to allocate and have a production grade deployment.

Based on real world experience by our customers so far, we have found that there are a few ways to design your clusters to address these concerns:
-- Optimize the per node allocation so that the overall consumption can be optimized
-- re-use IP addresses for Infrastructure but have unique Services IPs.
-- Leverage a new IP addressing scheme through non-RFC 1918 ranges

avatar for Mahesh Narayanan

Mahesh Narayanan

Product Manager, Google
Mahesh Narayanan is a Cloud Networking Product Manager at Google Cloud. He works on GKE and drives its networking strategy and roadmap. Mahesh has also worked in sales and customer support roles and has a good understanding of customer perspective. Prior to Google, Mahesh worked in... Read More →

Satyadeep Musuvathy

Software Engineer, Google
Satya is a Software Engineer at Google. He lives and breathes GKE including GKE On-Prem. Satya has extensive Enterprise customer experience with stints at companies like Yahoo and Walmart.

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

3:20pm PST

Design Decisions for Communication Systems - Eric Anderson, Google
When hearing about a new programming language, one might learn it is imperative, strongly-typed, dynamically-type-checked, object-oriented, and garbage-collected. If they have used multiple languages in the past, they now have a pretty good view of the basic constraints of the language.

When it comes to communication systems, it's not as much common knowledge the design choices made and the impact they have. Come hear Eric Anderson discuss a variety of communication systems, from IPC to message queues to REST, modern and historical, and the various features they provide and some trade-offs involved. Learn where gRPC fits and how its design choices impact your service design.

avatar for Eric Anderson

Eric Anderson

Software Engineer, Google
Eric Anderson is the tech lead of gRPC Java as a software engineer at Google. He contributed to the gRPC wire protocol and is experienced with HTTP/2. Previously, he developed the Connectors 4 framework for the Google Search Appliance. Prior to Google, Eric maintained data-driven... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

4:25pm PST

Understanding and Troubleshooting the eBPF Datapath in Cilium - Nathan Sweet, DigitalOcean
The advent of eBPF (extended Berkeley Packet Filters) has contributed significantly to container networking progress. However, the tooling for diagnosing and troubleshooting eBPF issues is nascent, and most members of the K8s and Linux communities are unfamiliar with it.

This talk will help demystify eBPF and cover its history. We'll present the default network datapath of the Linux kernel and contrast it in depth with how various eBPF program types diverge from this datapath. In addition, we'll match up the ways in which cilium implements various CNI and K8s constructs/objects with their eBPF program type, so that you'll be able to identify the right troubleshooting methods easily. Finally, we'll match appropriate methods and tools to the various eBPF program types.

avatar for Nathan Sweet

Nathan Sweet

Senior Software Engineer, DigitalOcean
Nathan Sweet is a Senior Software Engineer at DigitalOcean that works on the managed Kubernetes team. He has been working on managed cloud products for the past 5 years, and managed Kubernetes products for the past 3 years. He focuses specifically on system and network performance... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level
Wednesday, November 20

10:55am PST

Multiple Networks for Kubernetes Workloads - Piotr Skamruk, CodiLime & Doug Smith, Red Hat
Embark on a tour of CNI multiplexers -- an adventure in attaching multiple network interfaces to pods. We'll show the advantages of each and provide examples to get you started using them. We'll also talk about the history and future of multiple network attachments in Kubernetes.
Kubernetes is based on simplicity, and Kubernetes networking is no different-- simplicity is king. Each pod is given a single IP address, and a single network in which “everything sees everything”.
This model is not always what consumers expect, especially for high performance networking. In this world we need to have network isolation (to isolate traffic between control & data planes) or to have multiple interfaces in pods. This provides operators better control over functionality, latency and throughput.
We'll make sure you're geared up for the adventure with CNI multiplexers and multiple network attachments!

avatar for Doug Smith

Doug Smith

Prinicipal Software Engineer, Red Hat, Inc.
Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →
avatar for Piotr Skamruk

Piotr Skamruk

Software Engineer, Travelping
Piotr is a long-time GNU/Linux and Forth language enthusiast, sys administrator and sys developer. He has worked on kernel sources, backend apps and even on frontends in a wide variety of languages. At Intel he did the kvm flavor for CoreOS RKT, enabling it to run containers on VMs... Read More →

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

11:50am PST

Build Your Own Private 5G Network on Kubernetes - Frank Zdarsky, Red Hat & Raymond Knopp, Eurecom
Private 5G networks are dedicated cellular networks, confined to user premises and tailored to a specific use case. In smart factories, for instance, they may soon enable remote control of robots, augmented reality-enhanced maintenance, and other use cases for which ultra-low latency, high bandwidth, and reliable radio connectivity to local edge computing services is a must.

Did you know you can build your own private 5G network purely from open source software and off the shelf hardware? This session will introduce OpenAirInterface, an open source 5G radio and core network implementation, and how to pick and set up hardware for it. Participants will learn how the latest Kubernetes technologies like Multus, SR/IOV CNI, real-time workers, device plugins, etc. need to come together to support these exigent Containerized Network Functions on Kubernetes and to manage them using Operators.

avatar for Raymond Knopp

Raymond Knopp

Professor, EURECOM and President, OpenAirInterface Software Alliance (OSA)
Raymond Knopp is currently serving as Professor in the Communication Systems Department at EURECOM. He received his PhD degree in Communication Systems from the Swiss Federal Institute of Technology (EPFL), Lausanne. His current research and teaching interests are in Digital Communications... Read More →
avatar for Frank Zdarsky

Frank Zdarsky

Senior Principal Software Engineer, Red Hat
In the old days, long before NFV had its name, Frank was leading mobile network research at a large telco equipment provider and running mobile network services on public cloud. He later joined Red Hat's Office of the CTO to build and lead a team of great engineers that worked with... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

2:25pm PST

Liberating Kubernetes From Kube-proxy and Iptables - Martynas Pumputis, Cilium
iptables and Netfilter are the two foundational technologies of kube-proxy for implementing a Service abstraction. They carry legacy accumulated over 20 years of development grounded in a more traditional networking environment that is typically far more static than your average Kubernetes cluster. In the age of containers, they are no longer the best tool for the job, especially in terms of performance, reliability, scalability, and operations.

Companies like Google, Facebook and Cloudflare have long realised this and therefore embraced eBPF as technology, which lets one to dynamically reprogram the kernel. Can we replicate the same success story in Kubernetes?

In this talk, the audience will learn about running a fully functioning Kubernetes cluster without iptables, Netfilter and thus without kube-proxy in a scalable and secure way with the help of eBPF and Cilium.

avatar for Martynas Pumputis

Martynas Pumputis

Software Engineer, Isovalent
Martynas Pumputis is a Software Engineer at Isovalent working on Cilium, eBPF and Linux kernel.

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
Thursday, November 21

2:25pm PST

Running High-performance User-space Packet Processing Apps in Kubernetes - Abdul Halim, Intel & Peng Liu, Red Hat
With 5G on the horizon, networking is transforming around us. Network functions have already found their way from proprietary blackbox into servers running in Linux. The Linux networking stack simply cannot keep up with increasing demands for higher throughput and lower latency of these packet flows. The packet processing pipeline is now run in userspace instead, bypassing the kernel. DPDK provides an environment and API to run high-intensive packet processing in userspace. Many CNFs are developed using DPDK. A DPDK application requires specific resources from a host for guaranteed performance. Deploying and running such applications in K8s is always a challenging task.

In this presentation & demo, users will learn about open source technologies and components and how to leverage them to deploy workloads that requires high performance networking infrastructure in a Kubernetes cluster.

avatar for Abdul Halim

Abdul Halim

Cloud Software Engineer, Intel
Abdul Halim is a Cloud Software Engineer working with Cloud Native Orchestration team at Intel R&D based in Shannon, Ireland. Currently he is focused on enabling high-performance networking solutions for NFV use-cases. He is a maintainer of SR-IOV network device plugin and SR-IOV... Read More →
avatar for Peng Liu

Peng Liu

NFV Partner Engineer, Red Hat
Peng Liu is a NFV partner engineer of the office of the CTO at Red Hat. He works in the areas of high performance networking and other NFV features on open source cloud platform, like Kubernetes and Openstack. Currently he is focussing on facilitating the Kubernetes integration with... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

3:20pm PST

CoreDNS: Beyond the Basics - Cricket Liu, Infoblox & John Belamaric, Google
This session will cover aspects of CoreDNS's configuration beyond the basics, including signing DNS data with DNSSEC, supporting DNS over TLS (DoT), manipulating queries and responses, managing zone data with Git, running a full recursive DNS server with the unbound plugin, configuring CoreDNS to perform multi-cluster service discovery. The session is intended for people with a solid understanding of basic CoreDNS configuration who wish to support more advanced use cases or to extend CoreDNS's functionality.

avatar for Cricket Liu

Cricket Liu

Chief DNS Architect, Infoblox
Cricket Liu is an authority on the Domain Name System and the co-author of all of O'Reilly Media’s books on DNS, including the classic DNS and BIND. As Infoblox’s Chief DNS Architect, Cricket guides the development of Infoblox’s product and business strategy, and serves as a... Read More →
avatar for John Belamaric

John Belamaric

Senior Staff Software Engineer, Google
John Belamaric is a Senior Staff Software Engineer at Google with over 25 years of software design and development experience. As a co-chair of Kubernetes SIG Architecture, he provides leadership on production readiness, conformance, and overall software architecture for the Kubernetes... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level

4:25pm PST

RDMA Enabled Kubernetes for High Performance Computing - Jacob Anders, CSIRO & Feng Pan, Red Hat
Adoption of Kubernetes in scientific workloads has been hampered by limited support for high speed interconnects used in HPC clusters. Fortunately, we can now solve this problem by enabling RDMA in Kubernetes.

In this session, we will describe the HPC use case and requirements from an end user's perspective. We will discuss how RDMA, a highly efficient network transport protocol, can be used to address this challenge. We will then provide an overview of a community driven RDMA implementation for Kubernetes using CNI plugins and SR-IOV.

Finally, we will demonstrate real-world applications running in RDMA-enabled Kubernetes environment and provide a performance comparison between standard and RDMA-enabled networking.

You will leave this session understanding the state of the art for HPC networking on Kubernetes.


Feng Pan

Sr. Manager, Software Engineering, OpenShift, Red Hat
Feng leads the OpenShift network engineering organization, responsible for all networking related features and roadmaps for OpenShift platform. Previously, Feng led Office of The CTO Networking team.
avatar for Jacob Anders

Jacob Anders

HPC Technical Lead, CSIRO
Jacob Anders is a Linux and Cloud architect with strong focus on High Performance Computing. He is a pioneer of using high performance interconnects in Cloud Computing, starting with OpenStack in 2012, currently working on RDMA support in Kubernetes. Jacob is interested in large scale... Read More →

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 33ABC - San Diego Convention Center Upper Level

5:20pm PST

Solving Multi-Cluster Network Connectivity With Submariner - Chris Kim, Rancher Labs & Miguel Angel Ajo, Red Hat
Today companies face the need to spread workloads across several clusters, leverage the capabilities of specific clouds, create more resilient services, or comply with GDPR by locating and securing specific data on specific geographic locations, but while that is possible today still communication between clusters is not solved in a transparent and secure way.

Currently the pods and services in two different kubernetes clusters are isolated from each other, network plugins in kubernetes don't have a common for way creating such connectivity. To connect two services in separate clusters the administrator needs to make the application endpoints public, some network plugins provide partial solutions to this problem and service meshes like Istio solve this and more at the cost of some level complexity and overhead.

https://submariner.io solves this problem connecting clusters at IP level

avatar for Chris Kim

Chris Kim

Field Engineer, Rancher Labs
Chris Kim is currently a field engineer at Rancher Labs. Chris originally developed Submariner as an open source project in response to the need he saw for cross cluster network connectivity while helping customers architect Kubernetes based solutions. He is an active contributor... Read More →
avatar for Miguel Angel Ajo Pelayo

Miguel Angel Ajo Pelayo

Senior Principal Software Engineer, Red Hat
Miguel is currently working at the Red Hat CTO Office Emergent technologies / EDGE for the MicroShift project.  Previously he worked on the Submariner project in the area of multi-cluster communication and security. He started contributing to OpenStack 7 years ago on the Neutron... Read More →

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Filter sessions
Apply filters to sessions.