I found that when virtual server (or container) numbers started to get up over 50, running individual machines became difficult to manage, so opted to cluster the servers, all servers managed from one screen helped. However, networking was still very much an issue, typically having a virtual pipe of some kind between a container and the Internet added up to lots (and lots) of VPN connections, each one a configuration, management and monitoring problem. Vastly simplified, something like this;
There are three main issues to address;
- Making each container visible to the public facing reverse proxy server
- Making containers visible to other containers on the local cluster
- Isolation, as these containers will be servicing traffic from the Internet, it can’t escape out onto the local network so any inter-container traffic needs to be secured. (currently via VPN)
So, at 50 containers, that’s 51 reverse proxies to manage, 51 VPN servers, and a whole lot of logging.Then of course it gets a whole lot worse when you add a few hundred more instances.
There appear to be two potential solutions to this;
- VLAN’s, which need VLAN compatible switches and can introduce it’s own management issues
- SDN, which is the shiney new approach that apparently everyone should be using (ROFL)
SDN in action
So if we look at the same sort of functionality through an SDN focused lens, we should see something like this;
The notable changes;
- We now only need ONE reverse proxy, which is the public facing instance
- We only need ONE VPN connection per physical host, which is rather more manageable
Why?
SDN can manipulate IP ranges in such a way that each node (regardless of physical location) appears to the other nodes as being on the same Local Area Network. i.e. they are all able to address each other via MAC address. So in this scenario, the reverse proxy server sat on the Internet Cloud server, can directly access any container on any hypervisor. (so no per instance VPN’s are required)
This removes a HUGE amount of configuration which reduces setup time, maintenance time and monitoring.
How hard is it to set up …
At face value, at the moment, let’s just say it’s not for the uninitiated, however it is a challenge and I have written some management code (which will be available on GitHub soon) to automate the process. Hopefully over the next couple of weeks things will start to migrate over from the current model to the SDN model.
If anyone else out there is working on SDN and/or clustering, I’d be interested to hear about your experiences so far.
1 post - 1 participant
