fashion, and each container has its own user space that cannot be used by other
containers. Although Docker is a popular container management system to run containers
on a physical server, there are alternatives such as Drawbridge or Rocket to consider.
Each container is assigned a virtual interface. Container management systems such as
Docker include a virtual Ethernet bridge connecting multiple virtual interfaces and the
physical NIC. Configuration and environment variables in the container determine which
containers can communicate with each other, which can use the external network, and
so on. External networking is usually accomplished with NAT although there are other
methods because, containers often use the same network address space.
The biggest advantage of containers is that they can be loaded on a device and executed
much faster than VNFs. Containers also use resources much more sparingly— you can
run many more containers than VNFs on the same hardware. This is because containers
do not require a full guest operating system or boot time. Containers can be loaded and
run in milliseconds, not tens of seconds. However, the biggest drawback with containers
is that they have to be written specifically to conform to some standard or common
implementation, whereas VNFs can be run in their native state.
Related
Documentation
Understanding Disaggregated Junos OS on page 3•
• Understanding Physical and Virtual Components on page 12
• Understanding Virtio Usage on page 8
• Understanding SR-IOV Usage on page 10
• Comparing Virtio and SR-IOV on page 11
Understanding Virtio Usage
You can enable communication between a Linux-based virtualized device and a virtualized
network function (VNF) module by bridging the two using a library called virtio.
When a physical device is virtualized, both physical NIC interfaces and external physical
switches as well as the virtual NIC interfaces and internal virtual switches coexist. So
when the isolated VNFs in the device, each with their own memory and disk space and
CPU cycles, attempt to communicate with each other, the multiple ports, MAC addresses,
and IP addresses in use pose a challenge. With the virtio library, traffic flow between the
isolated virtual functions becomes simpler and easier.
Virtio is part of the standard Linux libvirt library of useful virtualization functions and is
normally included in most versions of Linux. Virtio is a software-only approach to inter-VNF
communication. Virtio provides a way to connect individual virtual processes. The bundled
nature of virtio makes it possible for any Linux-run device to use virtio.
Virtio enables VNFs and containers to use simple internal bridges to send and receive
traffic. Traffic can still arrive and leave through an external bridge. An external bridge
uses a virtualized internal NIC interface on one end of the bridge and a physical external
NIC interface on the other end of the bridge to send and receive packets and frames. An
internal bridge, of which there are several types, links two virtualized internal NIC interfaces
Copyright © 2017, Juniper Networks, Inc.8
JDM User Guide for NFX250 Network Services Platform
To Next Page
Loading...
