Slide presentation from the April 16th, 2015 Downtown NY Tech Meetup hosted at Control Group and presented by Christopher Liljenstolpe from Project Calico (www.projectcalico.org) Project Calico is a scale-out networking fabric for bare metal, container, VM, and hybrid environments. Project Calico leverages the same networking techniques used to scale out the Internet to present a highly scaleable, L3 network for those environments without the use of tunnels, overlays, or other complex constructs. We'll also do a demo of a Calico enabled Docker environment, and have plenty of time for q&a during and after. About Christopher Liljenstolpe Christopher is the original architect of Project Calico and one of the project's evangelists. In his day job, he's the director of solutions architecture at Metaswitch Networks. Prior to Calico/Metaswitch, he's designed and run some bio-informatics OpenStack clusters, done some SDN architecture work at Big Switch Networks, Run architecture at two large carriers (Telstra - AS1221, and Cable & Wireless/iMCI - AS3561) and been the IP CTO for Alcatel in Asia. He's also run networks in Antarctica (hint, bend radius becomes REALLY important at -50C), and been foolish enough to do a stint as a wg co-chair in the IETF. Occasionally you can have the (mis-)fortune of hearing him speak at conferences and the like.

1. Project Calico is sponsored by
Sponsored by
Project Calico: a Pure Layer 3
Approach to Scale-out networking
Christopher Liljesntolpe <cdl@projectcalico.org> April 15, 2015

2. Project Calico is sponsored by
 Christopher Liljenstolpe
 Lead Architect, Project Calico
 Director, Solutions Architecture
Metaswitch’s Networking Business Unit
 Metaswitch
 Sequoia-backed software company
 SDN & IP Multimedia Communications
 1,000+ global customers
 Project Calico
 Open source project, sponsored by Metaswitch
 Pure Layer 3 cloud networking solution
 Containers, virtual machines & bare metal
Introductions

3. Project Calico is sponsored by
• PNNI
• SVCs
• UNI
• IISP
• ILMI
Legacy (ATM / SNA)
• SIP
• Megaco/H.248
• MGCP
• Diameter
• SBC
VoIP / IMSEthernet / IP Routing
• BGP
• OSPF
• IS-IS
• RIP
• PIM
• IGMP
MPLS / Optical
• MPLS
• RSVP-TE
• LDP
• VPNs
• VPLS
• GMPLS
• O-UNI/NNI
• E-NNI
• LMP
• PCE
• SNA/IP
• SNAP-IX
• APPN
• HIS
• LLDP
• LACP
• STP
• ERPS
• SyncE
• OAM

4. Project Calico is sponsored by
An (Apache licensed) open source
project to enable networking of
workloads in a data center / cloud
environment
Objectives:
What is Calico?
SimpleScalable Open
Thousands of servers,
100k’s of workloads
Don’t demand users to
be networking experts
Open source and open
standards

5. Project Calico is sponsored by
Metaswitch Networks | Proprietary and
confidential | © 2014 | 5

6. Project Calico is sponsored by
Docker Networking Today: Two Main Models
Port forwarding / NAT
 Simple
 Works “out of the box”
 Easily understood
 … but not “real IP
networking”
 Won’t work with all
applications (e.g. IPsec)
 Only one container per
external IP/port combination
Overlay networks
 Give each container its
own private IP address (or
subnet)
 Separate “overlay” domain
over “underlay” network
with GRE, MPLS, VXLAN,
or proprietary tunneling
protocols
 But…

7. Project Calico is sponsored by
Virtual L2 segments, implemented
in software by virtual switch
The Standard Virtual Networking Model
vSwitch vSwitch vSwitch
Linux Linux Linux
Encap / de-
encap
(& flooding!)
Outer
MAC
Outer
IP
Outer
UDP
VXLAN
VM
MAC
VM
IP
VM
TCP/UDP
VM
Data
Router
services
required to
hop between
tenants
NAT required
for public
Internet
access
On/off-ramp
required to
get to NAS,
etc.
Virtual L2 segments, implemented
in software by virtual switch

8. Project Calico is sponsored by
☹ Unnecessary complexity
☹ Low scale limits
☹ Performance issues
☹ Inefficient resource utilization
☹ Difficulty troubleshooting
☹ Demands placed on
application developers to be
networking experts
This leads to…
ALL solutions that use
overlay / underlay
model suffer from
these effects, however
they are mitigated.
These issues become
critical with
containers due to the
higher scale than VMs
(100s vs 10s per
server)
… It doesn’t have to be this way!

9. Project Calico is sponsored by
What if we built a data center like the internet?
IP
App
IP
App
IP
App
IP
App
IP
App
IP
App
IP
App
IP
App
Router
Router
Router
BGP BGP
Hosts

10. Project Calico is sponsored by
What if we built a data center like the internet?
IP
App
IP
App
IP
App
IP
App
IP
App
IP
App
IP
App
IP
App
BGP BGP Compute NodeCompute Node
VMs / LXCs
Router
Router
Router
VMs / LXCs
… this is Project Calico!

11. Project Calico is sponsored by
Project Calico – key Principles
IP
 Perform layer 3 forwarding at each compute node
 Leverage Linux kernel’s efficient IP forwarding engine –
no separate vSwitch
BGP
 Distribute routes using proven Border Gateway
Protocol, with route reflectors for scale
 Program routes into Linux kernel on each host (and into
physical fabric if required)
 Separate policy decisions from routing information
 Translate global policy into distributed firewall on each
host, enabling tenant isolation & more

12. Project Calico is sponsored by
Technical Details
 Architecture components
 Orchestrator plug-in
 Integrates with platform-specific APIs
(e.g. Neutron)
 Felix agent
 Forwarding table update, security
policy, per-tenant traffic isolation
 etcd – distributed, highly available
datastore
 BIRD – BGP stack
 Linux kernel – layer 3 forwarding
and ACL enforcement
 Build on and contribute to many
existing open source projects
 Release status
 Openstack, Juju: ready for trials
 Docker, Fuel: early/experimental
 Others: in progress
 Supported, hardened commercial
release end-Q2, 2015
Any physical fabric (L2, L3, MPLS, …)
Cloud OS / Orchestration SystemCloud OS / Orchestration System
Compute NodeCompute NodeCompute Node
Linux kernel
Cloud OS / Orchestration System
BGP
Client
Felix
Routes ACLs
Route
Reflector
Workload
VM / Container
Eth0 Eth1
Calico
Plugin
…

13. Project Calico is sponsored by
Traditional Overlays and Calico - Compared
Before Calico After Calico
Scale challenges above few hundred
servers / thousands of workloads
Scale to millions of workloads with minimal
CPU and network overhead
Troubleshooting connectivity issues can
take hours
What is happening is “obvious” –
traceroute, ping, etc., work as expected
EXITOn/off ramps + NAT to break out of
overlay
Path from workload to non-virtual device
or public internet (or even between data
centers) is just a route
High availability / load balancing across
links requires LB function (virtual or
physical) and/or app-specific logic
Equal Cost Multi-Path (ECMP) & Anycast
just work, enabling scalable resilience and
full utilization of physical links
C
C
N
A
CCNA or equivalent required to
understand end-to-end networking,
deploy applications
Basic IP networking knowledge only
required

14. Project Calico is sponsored by
Calico Roadmap / Future Directions
Q1 2015 Q2 2015 2H 2015 2016
 Ready for trial on
OpenStack
 Docker support
 Automated
installation via
Chef, Juju
(Canonical)  Commercially
supported
release
 Integration with
Mirantis Fuel
 Container
orchestrator
integrations
 Integration with
additional
orchestrators
 Overlapping IP
addresses with
v4-in-v6
 Simplified
deployment
automation
 Enhanced
diagnostics,
analytics, policy
 MPLS tunnel
termination
 Multicast

15. Project Calico is sponsored by
get involved
 Main project website:
www.projectcalico.org
 Github
 https://github.com/Metaswitch/
calico
 https://github.com/Metaswitch/
calico-docker
 Mailing list:
 http://lists.projectcalico.org/listi
nfo/calico
 Download & try it out
 We welcome your
feedback and contributions
 Follow us @projectcalico