Cloud Native Network
Network re-architecture has become a hot topic in the telecom field, and the re-architecturing process is accelerated by the gradual commercialization of diverse 5G service scenarios and its convergence with OTT vertical industries. Therefore, operators have a pressing need to build more elastic networks to gain competitiveness. Since the commercial practice of cloud-based networks in recent years, 66% of global mainstream operators have begun or are beginning their cloud deployments according to the IHS report. In this phase, general-purpose hardware is used for transport, virtual platform is used for deployment, and cloud virtual resources are used for content orchestration. Network function virtualization (NFV) is represented by virtual evolved parket core (vEP, virtual IP multimedia system (vIMS) and internet of things (IoT). Cloud native network is used in the further evolution phase of network re-architecture, where agile service deployment, efficient resource utilization, low-cost operation, and open capabilities are realized based on the cloud networks. Container has its intrinsic lightweight, agile, stateless, and self-contain features, so it has become the focus and best technical practice that supports lightweight infrastructure, service-based architecture and DevOps-based orchestration and management in the phase of cloud native network.
Container is not a new technology as it has found wide and mature applications in the IT and cloud service field. Global top five public cloud service providers have launched their container services. The container industrial ecosystem was well established in 2017.
● The Cloud Native Computing Foundation (CNCF) made remarkable achievements in the field of native cloud in 2017. Kubernetes has became the de facto standard for container orchestration and management, and the surrounding ecosystem of cloud native is further enriched.
● Open source communities such as OpenStack, ONAP, and OPNFV have embraced the container technology. Mature specifications released by Open Container Initiative (OCI) gave rise to the first container runtime in 2018. Various container engines that adapt to different scenarios such as Kata Container and gVisor have gained attention in the industry.
● Since 2017 telecom operators in the process of ICT convergence and digital transformation have all participated in developing the container technology. The container technology has experienced an explosive growth in the feasibility survey and commercial trial of the next-generation data center (NGDC) and NFV.
● Industry standards organizations such as ETSI, SDN/NFV, and CCSA began to pay attention to and set up projects concerning the container technology, promoting the standardization of container in the NFV field.
To address the evolution of cloud native networks, ZTE rolled out its carrier-grade container cloud platform product—TECS OpenPalette in 2017. It collaborated with mainstream telcos to advance small-scale commercial use and relative trials. Network functions focus on 5G core (5GC), vEPC and IoT.
TECS OpenPalette: Container Cloud Platform
ZTE’s TECS OpenPalette implements carrier-grade enhancement based on open source container engine Docker and container orchestration management system Kubernetes, meeting carrier-grade service requirements for high performance and high reliability (Fig. 1).
OpenPalette built on the core of open source projects provides carrier-grade enhancement through non-invasive modification. Externally, it also provides native and enhanced application programming interfaces (APIs). On the basis of Kubernetes container runtime interface ( CRI), OpenPalette supports multiple container runtime engines for different application scenarios. It supports Docker container engines, Kata container lightweight security engines, and Virtlet VMs, meeting the need for unified VM applications management. Moreover, ZTE has actively participated in open source projects to promote the enhancement features and contribute to the community.
OpenPalette improves performance on the basis of the container’s native efficient feature. It improves the computing performance of container applications via the CPU pinning and NUMA affinity features and enhances the network performance of container applications by supporting SR-IOV and DPDK features via the CNI-Knitter—ZTE’s open source network plugin under the Kuberenetes CNI framework. It adopts self-developed general-purpose high-performance middleware such as HSMQ and SLB to provide component support for container orchestration. It also supports acceleration hardware resources such as GPU and FPGA to satisfy the permanence enhancement requirement of container applications.
OpenPalette provides a complete high-availability solution at multiple layers ranging from the containers, cluster nodes, platform components to the whole system based on container applications provided by Kubernetes and high-availability framework of container clusters. This helps achieve zero loss of applications and systems.
OpenPalette reinforces system security from multiple dimensions. It supports kernel capability mechanism and SElinux enhanced security mechanism, strictly controls container authority allocation, and guarantees host security. It supports name space and control group, core isolation and binding, and whole system resource quota supervision to ensure the security of resource isolation, supports image digital signature and security scan service to guarantee the security of application image, and supports multi-plane isolation of container network to guarantee the security of network isolation. It provides unified authority and user management based on the role access control system, and uses security components like distributed software firewall to prevent DDOS attacks, so as to guarantee access security. It supports the Kata container security technology to improve virtualization security. It also provides a complete log audit and monitoring to meet the privacy protection requirement of GDPR.
Integration and Decoupling
OpenPalette uses microservice architecture and the DevOps concept to support more efficient component customization deployment and grey release and to guarantee efficient solution integration. Relying on the advanced carrier-grade cloud platform TECS, OpenPalatte provides OpenStack and Kubernetes dual-core engine that can fully share data center infrastructure and management system and provide an efficient cloud network synergy solution. OpenPalatte also supports bare metal, third-party IaaS
cloud, and public cloud such as AWS and alicloud. This helps achieve the layered decoupling of the entire system and guarantee no lock-in of vendors and technology stacks.
Scenarios for Introducing Containers
Like Hypervisor, container is a virtualization technology that provides virtualization resources and management capabilities for upper-layer applications. Container supports NFV as described in ETSI GS NFV-EVE 004. The current NFV architecture is based on VM bearer, and there are two scenarios for introducing containers in the NFV architecture (Fig. 2).
Scenario 1: Building a Container Cloud Platform Based on a VM Resource Pool
A contain cluster management system (OpenPalette Master) is added to the original NFVi/VIM to provide container resource management for up-layer applications and is centered around Kubernetes to provide certain software micro-service support capabilities. NFVO/VNFM interfaces with OpenPalette Master to complete the orchestration and management of containerized VNFs. The containerized VNFs act as tenant applications of the container cluster, using container resource services and microservice support capabilities. The container cloud platform exists as a tenant on the existing VM resource pool. It exclusively occupies a DC or shares the DC with existing VM tenants, using VMs as the infrastructure. The original NFVi/VIM completes the management of underlying hardware and VM resources. This scenario is suitable for large or central DCs, leveraging existing infrastructure to unify the orchestration and management portal.
Scenario 2: Building an Efficient Container Cloud Platform Based on Bare Metal Resources
The container cloud platform is deployed directly on bare metal resources and does not rely on the underlying Hypervisor hardware-assisted virtualization to improve performance and resource utilization. The container cloud platform is responsible for management and capability virtualization of underlying hardware resources and provides container resource management and certain software microservice support capability for the upper layer. This scenario is suitable for regional or edge DCs as well as the service scenario that requires higher performance and resource utilization such as edge computing.
The container cloud platform is centered on the container and Kubernetes, allowing it to build a management system around the lifecycle of cloud native applications from the beginning, not just around the resources. The container cloud platform will gradually evolve from IaaS to PaaS attributes, continuously enriching software support capabilities of the underlying platform and supporting the service-based architecture evolution of upper-layer network functions and the agile management of differentiated services.
The container technology is at the trial stage in the NFV field. It needs more widespread cooperation from the upstream and downstream industry on key technology verification, standardization and scenario value. As an active explorer and leader in network cloudification, ZTE will continue extensive cooperation with global operators and mainstream open source projects to jointly promote the maturity and application of the container technology in the NFV field, helping operators achieve cloud native network evolution, rebuild core competitiveness, and implement digital transformation and upgrade.