Organizations deploy hybrid clouds to balance economics and speed time to market. Connecting private and public clouds is like hosting dinner for a two-party caucus; everyone shows up firmly opinionated and intent on changing the others’ minds. Built with incompatible network layers, unique processes and home-grown tools, private-to-public cloud network integration is as much arbitration as it is expertise.
The adoption of Kubernetes as a cloud operating system is an important step towards unification. But, targeted at pod-to-pod networking, the basic container network interface (CNI) wasn’t designed to handle the rigors of a hybrid cloud. Without secure network segmentation, automation at scale and multicluster networking, cloud-hosted containers and microservices are simply unsecure islands of compute.
To bridge the private-to-public cloud gap and simplify hybrid cloud deployments, Juniper Networks has enhanced its cutting-edge Cloud-Native Contrail Networking (CN2) SDN to support Amazon’s Elastic Kubernetes Service (EKS). Now, managed from the world’s most popular hosted Kubernetes service, CN2 delivers consistent, end-to-end networking and security from the private edge to the public core. Operated from a central EKS instance, CN2 uses an operator-based installer to make deployment quick and easy. As a hosted service, CN2 on EKS brings immediate scale and agility to multicluster networking with application-aware security and advanced observability.
Networking Wormholes Fold Space and Time
In a hybrid cloud environment, the Internet – along with virtual private network cloud (VPC) networks – act as the connective physical underlay for servers and clusters. Using overlay tunnels like VXLAN and MPLSoUDP, CN2 hides application-specific underlay networking to erase geographical boundaries. This separation makes deployments more flexible for applications, clusters and infrastructures that stretch across the geography of the cloud to deliver the right service from the right spot.
Hosted from EKS, CN2 integrates with existing on-premises CN2 controllers to extend consistent network and security policies across the hybrid cloud. With on-demand compute and storage, CN2 on EKS delivers centralized and federated SDN control with elastic performance and scale.
Wrangling Kube-Sprawl with Multicluster Networking
Building infrastructure that spans data centers and clouds requires a multicluster experience, which treats Kubernetes clusters like pluggable endpoints. As clusters are created, they plug dynamically into the CN2 network fabric to simplify connectivity with streamlined management and operational scale. By leveraging BGP-based controllers, CN2 optimizes multicluster and service routing to deliver scalable and fault-tolerant applications.
The use of familiar sounding protocols such as BGP, EVPNand VXLAN is intentional. Using the same protocols supported by traditional networking equipment simplifies connectivity between the on-premises, EKS-hosted and hybrid CN2 SDN controllers with existing bare metal servers, appliances and infrastructure like load balancers and firewalls.
Fail-Safe Kubernetes Security
CN2 on EKS unlocks the power of managed Kubernetes, extending Kubernetes networking and security for multicluster and hybrid cloud connectivity. Through dynamic network policy and flexible service load balancing, CN2 gives developers and cluster operators a same-but-better Kubernetes networking experience. With a powerful set of networking tools, CN2 on EKS builds upon existing network engineering skills to simplify the delivery of secure applications across a plurality of cloud resources.
One clear example of this same-but-better model is CN2’s approach to enabling Zero Trust Kubernetes networking . Using custom pod networks, namespace isolation and custom private networking, CN2 on EKS lets operations deliver immediate, secure applications and network functions. With nothing more than a label or annotation, CN2 gives applications their own isolated network sandbox. This default, fail-safe forwarding permits application crosstalk only through explicit policies. By contrast, traditional KubernetesNetworkPolicy implementations work in a “fail-open” model, leaving cluster operators one typo away from a production-impacting event.
Pulling Back the Kubernetes Covers
Kubernetes abstractions simplify cloud operations, but these layers make root-cause analysis, problem resolution and compliance monitoring more challenging. This is especially true for hybrid and multicloud environments where packets can cross multiple operational domains. CN2 on EKS eliminates the blackbox complexity of hybrid cloud Kubernetes. Through a combination of monitoring and mirroring, CN2 exposes forwarding metrics and flow records for analysis to take all the mystery out of multicloud operations. With CN2, a cluster can be inspected and audited, making mistakes easier to catch and smooth operations easier to prove. While valuable for single cluster environments, these capabilities are table stakes for multicluster deployments where applications are delivered from a cloud infrastructure that may span cities, regions or even continents.
Juniper’s CN2 on EKS is available in release 22.4 to help customers on their hybrid cloud journey. To learn more, visit our CN2 product page, view our demo page, or test drive the new CN2 EKS experience with our Free Trial or through our Juniper Cloud Labs hosted lab and learning experience.
