Network Control for Large-Scale Container Clusters

The recent rise of container systems like Docker has created a lot of excitement in data center. Its ability to package, transfer and run application code across many different environments enables new levels of fluidity in how we manage applications. However, container's easy-to-manage and second-boot features increase the degree of network dispersion and management difficulties, which causes the networking and security issues in container network. Aiming at the lack of control in container network, this paper designs a network control architecture for large-scale container clusters to solve the key issue of large-scale container clusters deployment in the network adapter and isolation control. Specifically, we design two different container network models and a policy-based security isolation by using VLAN partition and iptables. The experimental results show that our network control architecture could achieve rapid VLAN division and accurate isolation of node-to-node communication.