Is Your CNI Good Enough?

Do you drown in iptables rules? Do you have no idea where to troubleshoot? Your cluster deserves something better!

Kubernetes is all about services talking to each other. The CNI – the Container Network Interface (CNI) defines how this communication works. That makes it one of the most fundamental components of your cloud native platform. There are many CNI plugins to choose from. Some are fine for small scale use-cases but many are not good enough for running critical production workloads; they are slow, they are hard to scale, and they are hard to troubleshoot. Furthermore you may find your chosen CNI has no backing by a larger community or entirely ceases to exist.

You need something better. Your workloads need a modern CNI. And since mission-critical workloads are involved, you need backing by someone that understands cloud native and your requirements.

Meet our CNI experts to discuss if your CNI meets your challenges

Our technical CNI experts can discuss your cloud native challenges and shed light on what this means for your CNI.

Talk to us

What makes a modern CNI?

Most CNIs just focus on connecting pods with other pods. But this only works when you have a single, isolated Kubernetes cluster and nothing else around it.

In reality, there are often multiple Kubernetes clusters, running on various platforms, offering different services, and connecting to non-Kubernetes services. This requires cluster-to-cluster capabilities, including cross-cluster service access, intelligent traffic routing, and connectivity to the outside.

This goes hand-in-hand with performance and scale: connecting a few pods is simple. Connecting hundreds of services across multiple clusters is not. Suddenly, the time it takes from a new application to be fully deployed can become a real issue if launching a pod takes a minute.

A modern CNI tackles these challenges head-on. Cilium seamlessly connects workloads across clusters, clouds, and premises, exposing services where needed while keeping traffic local to save costs where it makes sense. In addition, you can seamlessly integrate with your existing traditional IT using BGP or integrate with firewalls and external gateways. Cilium delivers the operational stability and performance essential for business-critical workloads, enabling new pods to spin up almost instantly. This results in reduced operational risks and costs, while enabling the operations teams to use existing hardware more efficiently.

How do you fix what you cannot see?

Kubernetes cluster operations means keeping lights on, adding new workloads, scaling to new nodes, implementing changes, troubleshooting issues, and debugging all upcoming problems. With multiple clusters and dozens of business apps involved, this is not an easy task. The key is to have deep visibility into the cluster, being able to see everything that happens, and understanding what this means for your operations. And for this, you need data!

However, simple logging is insufficient. It usually generates large amounts of logs that are hard to handle while not providing the deep, packet-level insights needed for effective troubleshooting. And if application owners don’t have the crucial insights they need to maintain their workloads, they will reach out to the operations time for each and every issue, putting additional strain on the ops team; turning them into a bottleneck.

As an example, take DNS failures. For most CNIs, troubleshooting DNS is super hard. They lack the necessary depth of visibility into the packet flow as well as into the high level DNS protocol. And it is always DNS, isn’t it?

DNS Troubleshooting Made Simple: Real-World Solutions with Isovalent and Cilium

Using the example of DNS, our CNI engineers show how they use Cilium to troubleshoot complex problems quickly. Learn how Cilium can transform your Kubernetes troubleshooting workflow!

Watch the video on-demand

A modern CNI is not limited to generating log levels and shallow insights. Cilium provides unmatched visibility into the kubernetes platform. It generates data that can be used to reports on any event, provides context, and presents the data in a clear, understandable format. In addition, Cilium gives crucial insights into the full stack from the low-level network layers up to level 7 protocols like DNS and empowers operators to quickly troubleshoot issues and fine-tune policies to the detail needed by compliance and security. This results in more reliable cluster operations and reduced operational risks. Data can also be provided to application teams in a self-service fashion, improving user experience, lowering friction between teams, and enhancing troubleshooting and, thus, operations.

What makes a CNI future-proof?

A CNI that isn’t prepared for future demands is of little use. Without a well-planned architecture, a forward-leaning technology base, or a strong vision and roadmap, future success is all but guaranteed. Future-proofing also requires a large community, an overall accepted project, and strong backing. If the development stalls, necessary adjustments to changing requirements will be lacking. The support will be cut back, leaving customers out in the open with an uncertain future for their production environments.

As a future-proof CNI, Cilium is built on eBPF, the revolutionary operating system technology allowing unprecedented efficiency in networking, observability, tracing, and security. Based on this architecture, Cilium supports features like the eBPF based Kube Proxy Replacement (KPR), BIG TCP, netkit, BBR, Maglev, and others, continuing to innovate while other CNIs are simply trying to catch up. At the same time, Cilum is the only graduated CNI of the CNCF, showcasing a healthy developer backing.

Cilium’s maturity has made it the primary CNI for all large public cloud vendors (AWS, Azure, Google) and a well-supported option across major Kubernetes distributions. This widespread adoption solidifies Cilium’s position as the de facto default CNI for Kubernetes.

Investing in Cilium allows customers to minimize the operational risks of outdated infrastructure and avoid increasing costs of maintaining legacy systems.

Tietoevry: More than just a CNI - Cilium and Hubble as the cloud native network stack

In this video, learn how Cilium and Hubble helped Tietoevry to migrate away from an existing CNI and to standardize on a powerful, fully cloud-native network stack based on the Isovalent Platform.

Watch the recording on-demand

What are key considerations in selecting the right CNI?

When selecting a CNI for your Kubernetes platform, the following factors should be considered:

• Cloud Provider and Kubernetes Platform Support: It is imperative to ensure that your chosen CNI is supported by and integrated with major cloud providers and Kubernetes platforms such as Red Hat OpenShift.
• Production-Ready Support and Expertise: The CNI vendor you select should offer dependable enterprise support, including in-depth expertise for instances when your team’s knowledge or resources are limited.

Isovalent is a strong partner for your cloud native journey with a platform based on Cilium and Tetragon. The founders and core developers of Cilium provide superior support and deep expertise. Backed by the networking giant Cisco, Isovalent has access to the best networking talent.

Conclusion

Kubernetes runs business critical workloads. However the success and failure of cluster operations crucially depends on the CNI. With Isovalent and Cilium, you can replace your outdated, underperforming, or too complex-to-handle CNI with something modern, something powerful, a CNI ready for the next step in your cloud native journey!

If you want to know more, reach out to an engineer to learn how Cilium can be your next step in your Kubernetes evolution.

Talk to our CNI experts to discuss if your CNI meets your challenges

Our technical CNI experts can discuss your cloud native challenges and shed light on what this means for your CNI.

Talk to our engineers