Use Cases

Core CNF

>

Ligato + VPP

Ligato VPP Agent and VPP dataplane are "bolted" together in one container forming the programmable VPP vSwitch

Problem To Solve

Need core network function with:

  • Container lifecycle best practices
  • Control plane agent
  • Code reusability
  • Function plugin options
  • Stats/Telemetry
  • 12-factor app principles
  • Operate in user space
  • Extensibility
  • Immutability
  • Open Source

Solution

Programmable VPP vSwitch

  • FD.io/VPP dataplane feature set
  • Lightweight container packaging
  • Innovation ready
  • Cloud Native distributed configuration
  • Implemented in multiple solutions
  • Demonstrated code reusability, platform versatility and operational deployment feasibility

An important aspect of any container-based network soltion is rapid and accurate configuration programmability. Containers are added and removed frequently. They must (re)start within a second and there could be multiple running instances on a single host. They could move to other hosts. The complete configuration required for run-time operations may require each separate comfiguration action to be performed in proper sequence. Therefore it is crucial there be minimal delay to programming the correct configuration in the correct into the dataplane.

Other solutions, projects and ventures either being worked on, shipping or considering the use of a container-based VPP vSwitch include hICN, ONAP, Service Function Chaining as well as cable, mobility and service mesh edge proxies.


>

Problem To Solve

for K8s cluster networks

  • K8s policy/services awareness at the network layer
  • Flexible networking options
  • Interface flexibility (i.e. TAPv2, veth, memif)
  • Fast config programmability
  • Container lifecycle best practices
  • Stats and Telemetry streaming and export
  • 12-factor app principles
  • Operate in user space

Solution

Contiv - VPP

  • K8s Policies/Services mapped to VPP networks
  • contiv-vSwitch CNF tailored for K8s / Contiv - VPP networking
  • User space operations
  • Web UI

The figure above presents an abstracted view of Contiv-VPP deployed in a K8s cluster. The unique aspects of this solution are:

  • K8s Policy and Service Mapping to FD.io/VPP Configuration. This is an automated distribution pipeline where k8s policies and services are automatically reflected into FD.io/VPP configuration information which is then programmed into the network.

  • contiv-vswitch. This is the CNF composed of the FD.io/VPP dataplane and a Ligato-based VPP agent. It is across APIs enabled by the contiv and VPP agent/plugins that configurations rendered from policy and services are pushed down into the VPP dataplane. The contiv-vswitch runs in user space and uses DPDK for direct access to the network I/O layer.

Extensions to Contiv - VPP in development are support for IPv6, SRv6 and SFC:


IPsec VPN Gateway

Problem To Solve

Capacity, performance & networking needs

  • Tunnel b/w from Mbps to multi-Gbps
  • Tunnel setup & termination scales
  • Heterogeneous Tunnel Internetworking
  • Per-client tunnel stats and telemetry
  • K8s cloud native operations and lifecycle
  • IPsec and IKEv2 support

Solution

StrongSwan VPN control plane with VPP dataplane

  • Leverages complete IPsec tunnel VPP feature set
  • Scales up to Multi-Gbps throughput
  • Scales up to thousands of tunnels per node
  • IPsec VPN - SD-WAN Interworking
  • Extensive client tunnel stats/telemetry
  • Pod/container horizontal scaling
  • IPsec and IKEv2 standard feature support
  • StrongSwan, Ligato and FD.io/VPP are open source projects

//