Search

EP-4149064-B1 - CONTAINERIZED ROUTING PROTOCOL PROCESS FOR VIRTUAL PRIVATE NETWORKS

EP4149064B1EP 4149064 B1EP4149064 B1EP 4149064B1EP-4149064-B1

Inventors

  • PAUL, Arijit
  • NALLAMOTHU, VINAY K

Dates

Publication Date
20260513
Application Date
20220907

Claims (14)

  1. A computing device comprising: processing circuity and a storage media, wherein the processing circuitry has access to the storage media; a containerized application, stored in the storage media and executed by the processing circuitry; a virtual router (21A), stored in the storage media, executed by the processing circuitry and configured to implement a data plane for a virtualized provider edge, PE, router (32A), the virtualized PE router configured to provide a virtual private network, VPN, for the containerized application; a virtual network interface (17A) enabling communications between the virtual router and the containerized application; and a containerized routing protocol process (25A) stored in the storage media, executed by the processing circuitry and configured to implement a control plane for the virtualized PE router, the containerized routing protocol process is configured to: obtain a Media Access Control, MAC, address or an Internet Protocol, IP, address sent by the containerized application via the virtual network interface; and execute a first routing protocol to generate and output a route comprising at least one of the MAC address or the IP address to implement the VPN for the containerized application; and program the virtual router with forwarding information for the route that causes the virtual router to forward a packet to the containerized application.
  2. The computing device of claim 1, wherein the containerized routing protocol process is configured to execute the first routing protocol to establish a routing protocol peering session with a physical router that is external to the computing device.
  3. The computing device of claim 1, wherein the containerized routing protocol process is configured to execute the first routing protocol to establish a routing protocol peering session with a different virtualized PE router that is external to the computing device.
  4. The computing device of any of claims 1-3, wherein the VPN is an Ethernet VPN, EVPN, and the route comprises an EVPN Type-2 route or an EVPN Type-5 route.
  5. The computing device of any of claims 1-3, wherein the VPN is a Layer 3 VPN, L3VPN, and the route is included in a Multi-Protocol Border Gateway Protocol, MP-BGP, message.
  6. The computing device of any of claims 1-5, wherein the containerized routing protocol process is configured to: execute a second routing protocol to receive, from the containerized application, a routing protocol message that indicates the IP address.
  7. The computing device of any of claims 1-6, wherein the containerized routing protocol process is configured to operate in host network mode to have access to a host network interface of the computing device, and wherein the containerized routing protocol process outputs the route via the host network interface.
  8. The computing device of any of claims 1-5, further comprising: a container networking interface, CNI, plugin executed by the processing circuitry and configured to: configure, in the virtual router, the virtual network interface with a virtual network address for the containerized application; and provide, to the containerized routing protocol process, an IP address for the virtual network interface, wherein the containerized routing protocol process is configured to execute a second routing protocol to establish a routing protocol peering session with the containerized application using the IP address for the virtual network interface.
  9. The computing device of any of claims 1-5, wherein the containerized routing protocol process is configured to execute a second routing protocol to establish a routing protocol peering session with the containerized application to receive the IP address sent via the virtual network interface.
  10. A container orchestration system for a cluster of computing devices including a computing device of claim 1, said device acting as a computer node, the container orchestration system comprising: processing circuity and a storage device, wherein the processing circuitry is configured to cause the container orchestration system to: deploy a containerized application to the compute node; and in response to deploying the containerized application to the compute node, configure, by communicating with or transmitting configuration data to be consumed by a containerized routing protocol process deployed to the compute node, the containerized routing protocol process with a virtual routing and forwarding, VRF, instance to generate a route to implement a virtual private network, VPN, for the containerized application and instruct the containerized routing protocol process to program a virtual router, deployed to the compute node and configured to implement a data plane for a virtualized provider edge, PE, router, with forwarding information for the route that causes the virtual router to forward a packet to the containerized application.
  11. The container orchestration system of claim 10, wherein a network attachment definition specification defines the VRF instance, and wherein the container orchestration system is configured to configure the VRF instance in response to determining a specification for the containerized application references a network attachment definition in the network attachment definition specification.
  12. The container orchestration system of any of claims 10-11, wherein the container orchestration system is configured to: send a route with an Internet Protocol, IP, prefix to a container network interface, CNI, executing on the compute node to cause the CNI to program the containerized application with the IP prefix to indicate a network reachable via the containerized application, wherein a specification for the containerized application includes the IP prefix.
  13. The container orchestration system of any of claims 10-11, wherein the container orchestration system is configured to: send a Media Access Control, MAC, address to a container network interface, CNI, executing on the compute node to cause the CNI to program the containerized application with the MAC address, wherein a specification for the containerized application includes the MAC address.
  14. A computer-readable medium comprising instructions that, when executed by processing circuitry of a computing device, causes the computing device to: execute a virtual router (21A) to implement a data plane for a virtualized provider edge, PE, router, the virtualized PE router configured to provide a virtual private network, VPN, for a containerized application; configure a virtual network interface (17A) enabling communications between the virtual router and a containerized application on the computing device; and execute a containerized routing protocol process (25A) to implement a control plane for the virtualized PE router that: obtains a Media Access Control, MAC, address or an Internet Protocol, IP, address sent by the containerized application via the virtual network interface, executes a first routing protocol configured to generate and output a route comprising at least one of the MAC address or the IP address to implement the VPN for the containerized application, and programs the virtual router with forwarding information for the route that causes the virtual router to forward a packet to the containerized application.

Description

This application claims the benefit of US Patent Application No. 17/807,700, filed 17 June 2022, which claims the benefit of US Provisional Patent Application No. 63/242,434, filed 9 September 2021. TECHNICAL FIELD The disclosure relates to a virtualized computing infrastructure and, more specifically, to virtual private networking using a virtualized computing infrastructure. BACKGROUND In a typical cloud data center environment, there is a large collection of interconnected servers that provide computing and/or storage capacity to run various applications. For example, a data center may comprise a facility that hosts applications and services for subscribers, i.e., customers of data center. The data center may, for example, host all of the infrastructure equipment, such as networking and storage systems, redundant power supplies, and environmental controls. In a typical data center, clusters of storage systems and application servers are interconnected via high-speed switch fabric provided by one or more tiers of physical network switches and routers. More sophisticated data centers provide infrastructure spread throughout the world with subscriber support equipment located in various physical hosting facilities. Virtualized data centers are becoming a core foundation of the modem information technology (IT) infrastructure. In particular, modern data centers have extensively utilized virtualized environments in which virtual hosts, also referred to herein as virtual execution elements, such virtual machines or containers, are deployed and executed on an underlying compute platform of physical computing devices. Virtualization within a data center can provide several advantages. One advantage is that virtualization can provide significant improvements to efficiency. As the underlying physical computing devices (i.e., servers) have become increasingly powerful with the advent of multicore microprocessor architectures with a large number of cores per physical CPU, virtualization becomes easier and more efficient. A second advantage is that virtualization provides significant control over the computing infrastructure. As physical computing resources become fungible resources, such as in a cloud-based computing environment, provisioning and management of the computing infrastructure becomes easier. Thus, enterprise IT staff often prefer virtualized compute clusters in data centers for their management advantages in addition to the efficiency and increased return on investment (ROI) that virtualization provides. Containerization is a virtualization scheme based on operation system-level virtualization. Containers are light-weight and portable execution elements for applications that are isolated from one another and from the host. Because containers are not tightly coupled to the host hardware computing environment, an application can be tied to a container image and executed as a single light-weight package on any host or virtual host that supports the underlying container architecture. As such, containers address the problem of how to make software work in different computing environments. Containers offer the promise of running consistently from one computing environment to another, virtual or physical. With containers' inherently lightweight nature, a single host can often support many more container instances than traditional virtual machines (VMs). Often short-lived, containers can be created and moved more efficiently than VMs, and they can also be managed as groups of logically related elements (sometimes referred to as "pods" for some orchestration platforms, e.g., Kubernetes). These container characteristics impact the requirements for container networking solutions: the network should be agile and scalable. VMs, containers, and bare metal servers may need to coexist in the same computing environment, with communication enabled among the diverse deployments of applications. The container network should also be agnostic to work with the multiple types of orchestration platforms that are used to deploy containerized applications. A computing infrastructure that manages deployment and infrastructure for application execution may involve two main roles: (1) orchestration-for automating deployment, scaling, and operations of applications across clusters of hosts and providing computing infrastructure, which may include container-centric computing infrastructure; and (2) network management-for creating virtual networks in the network infrastructure to enable packetized communication among applications running on virtual execution environments, such as containers or VMs, as well as among applications running on legacy (e.g., physical) environments. Software-defined networking contributes to network management. US 2020/0073692 A1 refers to multiple virtual network interface support for virtual execution elements. Juniper Networks, "Junos Containerized Routing Protocol Daemon", 30 November 2020 (2020-11-30), p