A pursuit for a Virtualised Infrastructure Management based on Containers

Containers, like Docker, are a virtualisation technology that is rapidly gaining ground and is expected to have a great impact in the future deployments of cloud technologies and Network Function Virtualisation (NFV). Containers virtualise the OS, making it possible to deploy multiple container-based applications on top of it. Because of this ability, they are very popular in the DevOps movement, as it makes it very fast to build, test and deploy applications. The functionalities of containers are very appealing for the cloud industry, although the full extent of their drawbacks have not been explored yet.

Currently, NFV technology is dominated by the use of Virtual Machines (VM), that use a hypervisor (i.e. KVM, QEMU) to abstract and virtualise the hardware, thus making it possible to run several guest OSs on the same physical machine. VMs have reached a level of maturity that are widely used in various virtualisation environments offering performance, resiliency and stability.

NFV defines Virtual Infrastructure Managers (VIM), being often Openstack considered as such. It is anticipated that various VIM implementations could arise. A promising candidate are Docker engines (containers) due to a number of benefits vs. VMs. Some of them are:

• Faster Booting: Containers take only a few seconds to boot, contrary to VMs, that may need several minutes.
• Less Overhead: Containers require less resources in order to function, making them not only more energy efficient but cost-effective also.
• Easier Distribution: Due to their small size, operators can upload and download container images through registry services in the cloud, as Docker Hub, in a matter of seconds.

As it can be observed, containers provide significant advantages that make them very appealing in their use for VNF implementation in NFV-based systems. There are already some capable container orchestrators, most based on Docker, such as Docker Swarm, Mesos and Kubernetes. Although the community is very active on adopting Docker-based engines as VIM for NFV (e.g OpenRetriever), at the moment there are limitations and challenges that still remain to overcome in order for containers to be used effectively in NFV.

A main drawback in using containers is their security and isolation issues, as they are still a relatively new technology. Their security has not been really evaluated or even extensively tested yet, as they are not that widespread yet. Another challenge is the documented complexity in orchestrating a mix of containers and VMs, as this will be the main need in the future. Finally, as far as container networking is concerned, there is still room for improvement and still needs to mature before Docker-based VIMs are ready for NFV. It is worth mentioning that there are already projects working on that, such as OpenRetriever and Kuryr.

The SONATA project has looked at the possibility of adding a container-based VIM support for its integration, specifically Kubernetes but, as mentioned, the technology is not ready for this yet and there are open issues to be solved, even disregarding security. In particular, the networking is not mature enough yet to cover the NFV requirements, such as service function chaining. Kubernetes and other Docker-based orchestrators were developed based on that the deployed Dockers would be endpoint micro-services without the need of communication with other container clusters. The concept of NFV though demands that the containers are part of a service chain, a series of network functions (provided by each container) communicating with each other, passing the traffic and executing a variety of chosen services. Currently, these capabilities are missing from these orchestrators, but there is already effort being put into additional functionalities, as the implementation of multiple isolated network interfaces (e.g. Multus) or the development of more complex networking solutions providing expanded capabilities (e.g. OVN).

Nonetheless, the SONATA project, as a proof of concept, has implemented deployment of its network functions on Docker using its emulation platform, son-emu. This emulation platform was created to support network service developers to locally prototype and test complete network service chains in realistic end-to-end multi-PoP scenarios. It allows the direct execution of real network functions, packaged as Docker containers, in emulated network topologies running locally on the network service developer's machine.

References:

- Containers and Virtual Machines: https://www.sdxcentral.com/reports/linux-container-ecosystem/chapter-2-c...
- On Containers: https://www.sdxcentral.com/cloud/containers/
- Containers for NFV: http://mplsworldcongress.com/2017/2017Presentations/01_tracks_1_2_confer...
- Containers as NFV: https://www.sdxcentral.com/reports/linux-container-ecosystem/inside-the-...
- SONATA son-emu platform: https://github.com/sonata-nfv/son-emu