If you’re into network operating systems like me, then you’ll know that the containerization architecture of SONiC is a huge step forward for delivering on higher levels of network uptime.
In the past, most network operating systems were monolithic, which means they had a single codebase controlling all the network functions, one big fat image with all the features. But containerization changes all of that! Now, each network function is separated into its own container or microservice. It’s like having different rooms for different functions in your house instead of having everything in one big room. You can renovate a room completely while life in the other rooms remains unaffected.
Containers, microservices, and Kubernetes are the standards for deploying distributed applications in the cloud, perhaps it is time for networking to catch up? What can we expect with this new paradigm?
Why are containers such a big deal? For starters, it gives us a lot more flexibility. With containerization, we can update or add new features to a specific service without having to change the entire operating system. This is a game-changer for configuring and troubleshooting networks. In the past, if there was a bug or vulnerability in a component that was not part of the data plane, you still needed to reboot the whole system in order to patch it. Sure there were proprietary solutions like ISSU, but they were somewhat unreliable and part of the vendor’s black box. With containers and open source software, we can be assured of which things are dependent on each other. This is a very important part of developing reliable systems.
Another big benefit is scalability. With containerization, we can scale individual services as needed instead of having to scale the entire system. This is great news for handling increasing network traffic without breaking the bank. We can scale up each individual container with additional resources, or spin up new identical containers to parallelize workloads to better match the necessary demand.
Security is also a major plus. Containerization provides an added layer of security for network operating systems. Each service is isolated in its own container, so any security breaches or vulnerabilities only affect that specific service, rather than the whole system. And if we find a piece of code that is insecure, we can replace it easily and quickly because we don’t need to replace the entire OS. That’s peace of mind that’s priceless!
Efficiency is also a big selling point. Containerization allows each service to use only the resources it needs, which leads to cost savings, especially in large-scale networks. And the best part is that SONiC’s containerized approach allows for greater openness and interoperability with other systems. In the same way we might throttle inbound traffic to the management interfaces, we should also set limits on the management processes to ensure that they don’t blow up our control plane. The more control we have over system processes the more space we have available for the new and exciting pieces of software that we’ve always wanted to leverage in our network management.
And here’s a bit of magic that might make you think differently about the future of networking. If the NOS is a collection of containers running our network services on nodes, and the network fabric is a group of these worker nodes participating in delivering a specific outcome, isn’t that basically the same thing as a distributed application? (NOD YOUR HEAD)
So can we use Kubernetes to deploy and operate these network services in an extremely intelligent fashion? You bet! We don’t need any proprietary network management system (NMS) or network controller, we can use Kubernetes and get all of the benefits of the entire Cloud Native community of tools to dramatically improve our capabilities.
Overall, I think containerization in SONiC is a huge improvement over monolithic network operating systems. It’s a more flexible, scalable, secure, efficient, and open approach. It’s exactly what application developers want when designing modern apps. The time has come for the network to catch up with the rest of modern infrastructure.
Till next time…