Calico是应对大规模容器部署中跨主机通信的解决方案。它在数百台服务器和数千个工作负载环境下表现良好,但包封装导致故障排查复杂。网络中的每个节点都需要状态管理(如VLANs和隧道),并且为了连接公共IP或实现高可用性,可能需要虚拟NAT设备和额外的负载均衡功能。在地理分布的数据中心之间,还需要建立跨DC隧道。理解和配置Calico网络需要具备类似CCNA的网络知识。
1,Difficulties with traditional overlay networks
https://www.projectcalico.org/learn/
Traditional virtual infrastructures have offered a LAN-like (Layer 2) experience to users configuring multiple workloads. This may require several layers of virtual LANs, bridging and tunnelling to make Layer 2 networking work across multiple physical hosts. This presents a range of problems.
关于Calico的原理:
Calico把每个操作系统的 协议栈 认为是一个 路由器 ,然后把所有的 容器 认为是连在这个路由器上的 网络终端 ,在路由器之间跑标准的路由协议——BGP的协议,然后让它们自己去学习这个网络拓扑该如何转发。所以Calico方案其实是一个纯三层的方案,也就是说让每台机器的协议栈的三层去确保两个容器,跨主机容器之间的三层连通性。
https://www.projectcalico.org/learn/
Traditional virtual infrastructures have offered a LAN-like (Layer 2) experience to users configuring multiple workloads. This may require several layers of virtual LANs, bridging and tunnelling to make Layer 2 networking work across multiple physical hosts. This presents a range of problems.
- Scale challenges above few hundred servers / thousands of workloads.
- Difficult to troubleshoot due to packet encapsulation.
- On/off-ramp device (or virtual router hop) required to access non-virtualized devices.
- Every node in the network is state-heavy (e.g. VLANs, tunnels).
- Virtual NAT device required to connect a workload to a public “floating IP”.
- High availability / load balancing across links requires additional LB function and/or app-specific logic.
- Geographically distributed data centers require inter-DC tunnels.
- CCNA or equivalent required to understand end-to-end networking
关于Calico的原理:
Calico把每个操作系统的 协议栈 认为是一个 路由器 ,然后把所有的 容器 认为是连在这个路由器上的 网络终端 ,在路由器之间跑标准的路由协议——BGP的协议,然后让它们自己去学习这个网络拓扑该如何转发。所以Calico方案其实是一个纯三层的方案,也就是说让每台机器的协议栈的三层去确保两个容器,跨主机容器之间的三层连通性。
最低0.47元/天 解锁文章
扫一扫
2238
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
