Presentation is loading. Please wait.

Presentation is loading. Please wait.

Containers Topics of Interest

Published byJeffery Stafford Modified over 6 years ago

Similar presentations

Presentation on theme: "Containers Topics of Interest"— Presentation transcript:

1 Containers Topics of Interest
Jerome Tollet CTAO - PIRL Sept 5th, 2016

2 Container fast communications Container placement Container Security
Agenda Container fast communications Container placement Container Security Container (Reactive) Policies

3 Container fast communications
Current status Today, containers communication rely on Linux kernel Can be a significant bottleneck for apps Very complex model including NAT (ip6 is not first class citizen) TCP is used even for “in server” communication Questions How can we bring user space networking for containers (DPDK, VPP,…) ? Can we reach 40Gbps for intercontainer communications ? Does that require applications changes ? What can be done at layer 2, layer 3, layer 4 and above Can we bypass useless and slow code for “in server” communications ?

4 Container placement Current status
Containers are placed when launched where there is enough free resources This strategy is not always optimal in terms of security, performance or energy saving Examples Performance: two containers working together could be co-located Security: It might be interesting to physically isolate containers belonging to different entities Energy Saving: might be interesting to switch off servers and group all running containers Questions How do we migrate containers ? What is the real benefit of grouping containers (switching off some CPU) ? How do we put in place an “optimal topology”

5 Container Security Current status
Containers are not simply light VMs, they are about application disaggregation into micro services Current security modelis very weak and looks more as an adaptation of VMs and Phy World security Topics of interest How can we better protect East-West communications at all level (2-3-4 above) How can we distribute in depth Security functions that used to be done at the Edge with minimal performance penalty ? How can we safely download signed Container Images from public repos

6 Container Policies Current status
Tens is not hundreds of container technologies Existing policies (GBP, etc) come from Virtualization/Phy world Existing policies are very static and mainly focus on ACL kind of rules Topic of interest How can we model high level policies taking into account performance, security and energy saving ? How there model deals with incompatibilities (eg. energy vs performance) ? How do we bring reactive policies in these models (eg container 1 and 2 suddenly talking together) ? Can we extend existing languages or do we have to define new ones ?

Download ppt "Containers Topics of Interest"

Similar presentations

Bringing Together Linux-based Switches and Neutron

Bringing Together Linux-based Switches and Neutron
B. Ramamurthy 4/17/20151. Overview of EC2 Components (fig. 2.1) 10..* 1 1 1 1 4/17/20152.

B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.
All rights reserved © 2006, Alcatel Benefits of Distributed Access Border Gateway in the Access  Benoît De Vos Alcatel, May 29 th 2006.

All rights reserved © 2006, Alcatel Benefits of Distributed Access Border Gateway in the Access  Benoît De Vos Alcatel, May 29 th 2006.
Server Virtualization Gina Myers. Definition Creating virtual machines (VMs) “VMs are software entities that emulate a real machine’s functionality” ◦

Server Virtualization Gina Myers. Definition Creating virtual machines (VMs) “VMs are software entities that emulate a real machine’s functionality” ◦
Build Test Integrat e Deploy Develop Languages Frameworks Cloud and Infra Data platforms.

Build Test Integrat e Deploy Develop Languages Frameworks Cloud and Infra Data platforms.
Operating systems design philosophy ESMAIL ASYABI- FEBRUARY 2015.

Operating systems design philosophy ESMAIL ASYABI- FEBRUARY 2015.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.

Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.
Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.

Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.
Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network  perf overhead.

Programmable Networks: Active Networks + SDN. How to Introduce new services Overlays: user can introduce what-ever – Ignores physical network  perf overhead.
1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.

1.4 Open source implement. Open source implement Open vs. Closed Software Architecture in Linux Systems Linux Kernel Clients and Daemon Servers Interface.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.

NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.
Operating Systems Structure what is the organizational principle?

Operating Systems Structure what is the organizational principle?
Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 10 Securing the network perimeter.
1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)

1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
VIRTUALIZATION TECHNOLOGIES BY COLLIN DONALDSON. PHYSICAL COMPUTING Install Hardware Load Operating System and other software Deploy either manually or.

VIRTUALIZATION TECHNOLOGIES BY COLLIN DONALDSON. PHYSICAL COMPUTING Install Hardware Load Operating System and other software Deploy either manually or.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

Similar presentations

Ads by Google