Networking

Learn Live: Taking Your Intelligent App Global with AKS with the Steves

by

I will be co-presenting an AKS Learn Live this month with Microsoft Principal Cloud Advocate Steven Murawski on “Taking Your Intelligent App Global with AKS”!. It will be moderating by Principal Product Manager Brian Redmond!


We will touch on using Azure Front Door and Fleet Manager. Description of the session:

Once we have our intelligent application running, it’s time to make it scale. Using globally-scalable services like Azure CosmosDB and Azure Front Door, along with AKS Fleet Manager, we can take bring our intelligent apps closer to their consumers, while providing a consistent operating experience for the developers and operations personnel responsible for the service.”

You don’t want to miss this one!

Register here:

https://lnkd.in/gbJXzWSJ

__Update__

If you missed the session, no worries. You can access the lab here:

https://moaw.dev/workshop/?src=gh:smurawski/moaw/learn_live_spring_2024/workshops/aks_global_scale/

You can watch the recording of it here:

Read more

Giving Keynote – Networking is more relevant than ever in a cloud-native world

by

I will be giving the Keynote at the next (MN)NUG (Minnesota Networking User Group) event on December 6th. (MN)NUG is a part of the (US)NUA (US Networking User Association) organization that hosts a vendor-neutral environment to talk networks. With beer.

After my talk, there will be a panel of networking experts from Target, Cologix, Cisco, and Arista Networks.

Here is my talk info:

Title:

Networking is more relevant than ever in a cloud-native world (cloud & Kubernetes)

Abstract:

Folks are often so focused on the new and shiny stuff in modern technology such as cloud, Kubernetes, and DevOps, however, core skills such as networking are as relevant as ever and one of the top skills one should have when working with these modern technologies. In this session, Steve is going to explore why you should start with networking when embarking on a journey into the cloud or Kubernetes.

Here is the full schedule:

4:30pm – 5:00pm Check-In / Open Mingle

5:00pm – 5:50pm Keynote Presentation Networking more relevant than ever in a cloud-native world (cloud & Kubernetes)

5:50pm – 6:15pm Break

6:15pm – 7:15pm Panel Discussion Emerging Networking Ideas & Trends

7:15pm – 7:30pm Open Mingle

If you have an unwrapped donation for “Toys for Tots” you may bring it to this event for drop off.

Full event info and registration here:

https://events.bizzabo.com/441464

Read more

IP exhaustion in AKS got you down? Try Azure CNI Overlay.

by

One of the top concerns I see from companies when architecting AKS is running out of IP addresses. This is commonly known as IP exhaustion. This concern would come up when selecting the network model for AKS specifically with Azure CNI.

Companies would lean towards Azure CNI at first but quickly opt for Kubenet. Azure CNI provides benefits on Azure. It has deeper integration between Kubernetes and Azure networking. With Azure CNI you don’t have to manually configure routing for traffic to flow from pods to other resources on Azure VNets. Pods get full network connectivity and can be reached via their private IP address. Supports Virtual Nodes (Azure Container Instances), it supports either Azure or Calico Network Policies and Windows containers. Azure CNI does however require more IP address space. The traditional Azure CNI assigns an IP address to every Pod from a subnet reserved for pods or pre-reserved set of IPs on every node. This method can lead to exhausting available IPs.

The alternative to Azure CNI with AKS is Kubenet. A lot of companies opt for Kubenet to avoid IP Exhaustion as it conserves IP address space. Kubenet assigns private IP addresses to pods. It does not have routing to Azure networking. In order to route from pods to Azure VNets you need to manually configure and manage user-defined routes (UDRs). With Kubenet a simple /24 IP CIDR range is able to support up to 251 nodes in an AKS cluster. This would give you support IPs for up to 27,610 pods (at 110 pods per node).

With Azure CNI the same /24 IP CIDR range would be able to support up to 8 nodes in the cluster supporting up to 240 pods (default max of 30 pods per node w/Azure CNI. Allocation of 31 IP address; 1 for the node + 30 for Pods.).

Here is a side by side breakdown of Kubenet and Azure CNI:

AreaKubenetAzure CNI
Capacity using ‘/24’ address range251 nodes / 27,610 pods (110 pods / node)8 nodes / 240 pods (30 pods / node)
Max nodes per cluster400 (UDR max)1,000 (or more)
Network policyCalicoCalico, Azure
Pod IPsNAT’ed / UDR /Subnet-assigned
LatencySlightly greater (NAT hop)Best
Virtual nodesNoYes
Windows containersNoYes
SupportCalico community supportSupported by Azure support and the Engineering team
Out of the Box Logging/var/log/calico inside the containerRules added/deleted in IPTables are logged on every host under /var/log/azure-npm.log
ConclusionBest w/limited IP space Most pod comms within cluster UDR management is acceptableAvailable IP space Most pod coms outside cluster No need to manage UDR Need advanced features

As you can see you can get a lot more pods on Kubenet and you will burn through a lot more IP’s with Azure CNI. One would think when using Azure CNI to just assign a large CIDR for the subnets like /16 instead of /24. This would work however most IT teams in the enterprise that are connecting AKS to existing networks don’t have that option based on the existing IP design and are stuck working with smaller IP address ranges they can use.

Microsoft has built a solution to the IP exhaustion problem. The solution is Azure CNI Overlay. Azure CNI Overlay for AKS has been around for a while but was recently released into public preview on 9/4/22. Azure CNI Overlay for AKS helps us avoid IP exhaustion with our AKS clusters. It does this by assigning using a private /24 IP CIDR range and assigning IPs from this for pods on every node.

Read more