Network programmability for container orchestration

Kubernetes is considered the de facto system for automating deployment, scaling, and management of containerized applications. The growing cloudification of technology stacks, particularly in the telecommunications field, has highlighted the need to manage a large number of workloads, as well as the growing need to be able to distribute applications in geographically distributed datacenters. Since the network model in Kubernetes is designed to be as generic as possible based on software components called CNI (Container Networking Interface) plugins, this makes it difficult to introduce specific network features for a CNI plugin cleanly, without interrupting compatibility with other plugins. Segment Routing over IPv6 (SRv6) is a networking architecture that can be used in IP backbones and in data centers, where operators can implement services like overlay networking, VPNs, traffic engineering, protection/restoration in a scalable and effective way. Integrating a feature-rich network overlay solution, such as SRv6 with Kubernetes, would be very beneficial for service providers to address the challenges identified above, but currently no Kubernetes network plugin supports SRv6. The first objective of this thesis is indeed the design and development of the extension of a CNI plugin to allow the support of SRv6 in the Kubernetes networking model. This extension is not trivial since, to be successfully deployed in the real world, it needs to be smoothly integrated into an existing CNI plugin without breaking existing features or compatibility. Another problem is that IPv6 is currently not fully mature in Kubernetes I networking plugins, while we need IPv6 for transport (as we want to use SRv6) and in the workload networks (where we want to support both IPv4 and IPv6). A second set of issues that this thesis wants to solve, concerns the control and configuration mechanisms to be used in Kubernetes when dealing with the new advanced networking features. In fact, such features require the dynamic control and coordination of a potentially large number of nodes which could also be distributed in a large geographical area across multiple datacenters. This thesis work shows how to design and implement an extension of a networking plugin (Calico-VPP) and its overlay solution based on IP-in-IP tunneling, implementing a custom IP-in-SRv6 tunneling. One of the main results of this work is to ensure that the basic configuration of a Kubernetes cluster and its interaction with the CNI plugin is not changed, therefore our proposed solution can be completely transparent to Kubernetes users. The thesis demonstrates that is possible to add advanced networking features with no disruption of the current CNI interface. Regarding the issues related to the control mechanism to be used to deal with the advanced networking features, this thesis work analyzes and implements two approaches: one is based on the extension of the BGP routing protocol and the other one is based on Kubernetes control plane. As a result, the solution based on the BGP extension has been merged into the mainstream of the Calico-VPP project, while the one based on the Kubernetes control plane is still under evaluation. Finally during the research activity, I found the need to have a tool to perform automated performance tests on the Kubernetes network plugins considering different types of traffic flows. In particular I found it necessary to support IPv6 and to be able to use the traffic generators most suitable for the type of transport protocol in use. Considering these requirements, I have worked on a tool called Kites, which has also been released as an open source project.