Version 5.0.1 of the open source SDN and security platform offers enhanced microservices and Kubernetes support along with SNAT features to streamline forwarding.
AMSTERDAM – Open Networking Summit Europe — Sept. 25, 2018 — The LF Networking (LFN) board has admitted the Tungsten Fabric project, completing a process that started when Tungsten Fabric (formerly OpenContrail) joined The Linux Foundation in December of last year.
The Tungsten Fabric community has also released version 5.0.1 of its open source software-defined networking (SDN) and security software platform.
Key features include:
Tungsten Fabric Microservices
Tungsten Fabric now comes in a fine-grained scale-out microservices architecture packaged as containers. Avoiding monolithic containers results in a more agile and performant system. The architecture delivers the ability to deploy patches without updating the entire deployment, offering better ways to manage its function lifecycles while improving provisioning and upgrading user experiences. Install-time provisioning is now possible with minimum information provided, and yet every feature is configurable if needed. Installation continues to be supported on various container orchestrators, but it has been optimized and validated for Kubernetes and OpenShift clusters. The Tungsten controller can run adjacent to the cluster, or the controller containers can run on the cluster under management, whereby a new Helm Chart can ease its lifecycle management.
Distributed Source Network Address Translation (SNAT)
The distributed SNAT feature allows traffic from container or virtual machine-based workloads in the Tungsten-managed overlay to directly exit the overlay routing on the node where the workload is running. This functionality is achieved through network- and port-address translation of workload traffic using the IP address of the compute node as the public address; thus, virtual networks with distributed SNAT enabled can communicate on the underlay IP fabric network and anything it is connected to without the need for dedicated routing gateways in and out of the overlay virtual networks. Distributed SNAT is supported for TCP and UDP, and users can configure discrete port ranges for both protocols.
Implementing Kubernetes Network Policy with Tungsten Fabric Firewall Policy
Tungsten Fabric now supports implementing Kubernetes network policy in Tungsten Fabric using the Tungsten Fabric firewall security policy framework. While Kubernetes network policy can be implemented using other security objects in Tungsten Fabric (like security groups and Tungsten Fabric network policies), support for tags by Tungsten Fabric firewall policy allows decoupling of routing from security policies and provides multidimensional segmentation and policy portability, while significantly enhancing user visibility and analytics.
The release includes the following updates in support of Kubernetes:
- The IP fabric forwarding feature enables reachability to public cloud services for Kubernetes pods. The IP fabric forwarding feature enables the overlay network to be a part of the underlay network.
- The ip-fabric-snat feature enables service or ingress reachability from external clusters in isolated namespaces.
- Multiple Ingress Controllers can co-exist. Since Tungsten Fabric ensures the reachability between pods and services, any ingress controller can reach the endpoints or pods directly or through services.
More information on the latest version can be found in the version 5 release notes.
Join us at ONS Europe in Amsterdam
Join us for presentations, demos, workshops and an evening Meetup to learn more about Tungsten Fabric and get engaged with the community. https://tungsten.io/join-the-tungsten-fabric-community-at-ons-2018-in-amsterdam.
Get Going With Tungsten Fabric in 15 Minutes
Kubernetes operators and developers who need a full-featured, production-grade SDN and want to start using Tungsten Fabric can stand up an environment in 15 minutes (based on average deployment times) with their own AWS credentials, using Carbide Quick Start: https://tungsten.io/start/.
About Tungsten Fabric
Tungsten Fabric is an open source, scalable, multicloud, multistack networking platform. It provides a single point of control, observability and analytics for networking and security. Tungsten Fabric is integrated with private cloud stacks including Kubernetes, VMware and OpenStack. It also supports hybrid deployments with public clouds including AWS and GCE. More at https://tungsten.io.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
The Linux Foundation