Thursday 6 June 2024

Announcing Advanced Container Networking Services for your Azure Kubernetes Service clusters

Announcing Advanced Container Networking Services for your Azure Kubernetes Service clusters

Following the successful open sourcing of Retina: A Cloud-Native Container Networking Observability Platform, Microsoft’s Azure Container Networking team is excited to announce a new offering called Advanced Container Networking Services. It’s a suite of services built on top of existing networking solutions for Azure Kubernetes Services (AKS) to address complex challenges around observability, security, and compliance. The first feature in this suite, Advanced Network Observability, is now available in Public Preview.

What is Advanced Container Networking Services?


Advanced Container Networking Services is a suite of services built to significantly enhance the operational capabilities of your Azure Kubernetes Service (AKS) clusters. The suite is comprehensive and is designed to address the multifaceted and intricate needs of modern containerized applications. With capabilities specifically tailored for observability, security, and compliance, customers can unlock a new approach to managing container networking.

Advanced Container Networking Services focuses on delivering a seamless and integrated experience that empowers you to maintain robust security postures, ensure comprehensive compliance and gain deep insights into your network traffic and application performance. This ensures that your containerized applications are not only secure and compliant but also meet or exceed your performance and reliability goals, allowing you to confidently manage and scale your infrastructure.

What is Advanced Network Observability?


Advanced Network Observability is the inaugural feature of the Advanced Container Networking Services suite bringing the power of Hubble’s control plane to both Cilium and Non-Cilium Linux data planes. It unlocks Hubble metrics, Hubble’s command line interface (CLI) and the Hubble user interface (UI) on your AKS clusters providing deep insights into your containerized workloads. Advanced Network Observability empowers customers to precisely detect and root-cause network related issues in a Kubernetes cluster.

This capability provides network flow information in the form of metrics or flow logs at pod-level granularity by collecting data in real time from Linux Kernel leveraging extended Berkeley Packet Filter (eBPF) technology. Along with network traffic flows, volumetric data and dropped packets, it now brings domain name service (DNS) metrics and flow information with deep request and response insights.

  • eBPF based observability powered by either Cilium or Retina.
  • Container Network Interface (CNI) agnostic experience.
  • Monitor network traffic in real time to identify bottlenecks and performance issues with Hubble metrics.
  • Trace packet flows across your cluster to understand and debug complex networking behaviors with on-demand Hubble command line interface (CLI) network flows.
  • Visualize network dependencies and interactions between services to ensure optimal configuration and performance with an unmanaged Hubble UI.
  • Generate detailed metrics and logs to meet compliance requirements and enhance security postures.

Announcing Advanced Container Networking Services for your Azure Kubernetes Service clusters
Architecture diagram of Hubble interfacing with Cilium/Retina.

Container Network Interface (CNI) agnostic Hubble


Advanced Network Observability extends the Hubble control plane beyond Cilium. In Cilium based clusters, Cilium provides the eBPF events to Hubble. In non-Cilium based clusters, Microsoft Retina serves as the dataplane surfacing deep insights to Hubble, providing a seamless interactive experience for customers.

Visualizing Hubble metrics with Grafana


Advanced Network Observability supports two integration modes for visualization:

  • Azure Managed Prometheus and Grafana.
  • Bring your own (BYO) Prometheus and Grafana for advanced users comfortable with increased management overhead.

With the Azure-managed Prometheus and Grafana approach, Azure offers integrated services that simplify the setup and management of monitoring and visualization. Azure Monitor provides a managed instance of Prometheus, which collects and stores metrics from various sources including Hubble.

Querying network flows with Hubble CLI


With Advanced Network Observability, customers can use the Hubble command line interface (CLI) to query for all or filtered network flows across all nodes.

Customers will be able to identify dropped or forwarded flows from all nodes via a single pane of glass.

Service dependency graph with Hubble UI


Customers can deploy Hubble UI on to clusters with Advanced Network Observability enabled to visualize service dependencies. Hubble UI provides on-demand view of flows across the whole cluster and allows customers to select a given namespace and view network flows between different pods within the cluster surfacing in-depth information about each flow.

Benefits


Advanced network visibility

Advanced Network Observability offers unparalleled network visibility by providing granular insights into network traffic at the pod level. This detailed visibility enables administrators to monitor traffic flows, detect anomalies, and gain a comprehensive understanding of network behavior within their Azure Kubernetes Service (AKS) clusters. By leveraging eBPF-based data collection from the Linux Kernel, Advanced Network Observability provides real-time metrics and logs that surface traffic volume, packet drops, and DNS metrics. This enhanced visibility ensures that network administrators can swiftly identify and address potential issues, thereby maintaining optimal network performance and security.

Cross node network flow tracking

With Advanced Network Observability, customers can track network flows across multiple nodes within their Kubernetes clusters. This allows precise tracing of packet flows, making it possible to understand complex networking behaviors and interactions between different nodes. Hubble CLI can query network flows enabling users to filter and analyze specific traffic patterns. This cross-node tracking capability is invaluable for debugging network issues, as it surfaces the entire network flow within a single pane of glass identifying both dropped and forwarded packets across all nodes.

Real-time performance monitoring

Advanced Network Observability provides customers real-time performance monitoring capabilities. By integrating Hubble metrics powered by either Cilium or Retina, users can monitor network traffic in real time, identifying bottlenecks and performance issues as they occur. This immediate feedback loop is critical for maintaining high-performance and ensuring that any degradation in network performance is promptly surfaced and addressed. The managed Hubble metrics and flow logs offer continuous, detailed insights into network operations, allowing for proactive management and rapid troubleshooting.

Multi-Cluster historical analysis

Advanced Network Observability coupled with Azure Managed Prometheus and Grafana extends its benefits to multi-cluster environments, providing historical analysis capabilities that are essential for long-term network management and optimization. By storing and analyzing historical data across multiple clusters, administrators can identify trends, patterns, and recurring issues that may impact network performance and reliability going forward. This historical perspective is crucial for capacity planning, performance benchmarking, and compliance reporting. The ability to review and analyze past network data helps in understanding the evolution of network performance over time and informs future network design and configuration decisions.

Source: microsoft.com

Related Posts

0 comments:

Post a Comment