The emerging Docker containers have potential to revolutionalize NFV.
After all, they are lightweight compared to virtual machines; they need less overhead and resources; and, they can provide application isolation running in the same operating system, they live in.
That means, if a Virtual Network function (VNF) in NFV can run in a Docker container with complete isolation, you may not need a virtual machine.
But, is it that easy?
And what is the future of virtual machine, then?
However, if you stay till the end, you will be able to find out, what makes Docker containers so special that everyone is talking about them now.
The primary aim of this guide is to walk you step by step in understanding the architecture of Docker container. In the process, you will also understand the basics of the hypervisor and virtual machine.
The concepts are explained, assuming zero prior knowledge about virtual machines and hypervisors.
What is a container?
Historically, containers emerged as a way of running applications in a more flexible and agile way. Linux containers enabled running lightweight applications, within Linux OS directly. Without a need for the hypervisor and virtual machines, applications can run in isolation in the same operating system.
What is a Docker container?
Google has been using Linux containers in its data centers since 2006. But, they became more popular with the arrival of docker containers in 2013. Which is a more simple and standard way to run containers compared to earlier version of containers.
The Docker container also runs in Linux. But Docker is not the only way run containers. LXC is another way to run containers. Both LXC and Docker have roots in Linux.
One of the reasons, the Docker container is more popular compared to competing containers such as LXC is its ability to load as “image” on host operating system in a simple and quick manner. Dockers are stored in the cloud as images and called upon for execution by users when needed in a simple way.
Moving forward, I will use the word “container” and “Docker container” interchangeably as the concepts apply to both.
Step by Step guide to understanding Docker containers in NFV
Virtual machines are good, yet they have problems:
You need a dedicated operating system. And, you need a hypervisor to separate the virtual machine to achieve virtualization.
More applications mean more software overhead, more expensive and a need to keep them updated.
Yet, virtual machines are needed for NFV architecture, so let’s see the NFV architecture.
Step 1: Let’s start with the Hypervisor in NFV Architecture
In this diagram, I am showing the NFV architecture, you may have seen many times ( Need a refresher, visit here).
For the purpose of this discussion, I will zoom only on the NFVI ( NFV Infrastructure) that has three distinct components:
The Hypervisor domain, the Compute domain, and the Network Infrastructure domain.
The virtualization layer is actually the hypervisor, which is responsible for abstracting the hardware resources of a compute domain (physical/x86 servers). For example, you may have a single physical server ( physical memory and physical compute) but the hypervisor can partition it into multiple virtual memories and virtual computes in a way that each entity is independent.
Together, the virtualization layer ( which we called hypervisor) with the virtual resources is called “Hypervisor domain”.
Step 2: Lets zoom in Virtual Machines
To understand virtual machines, I will now expand the hypervisor domain to show what is inside this domain.
Have a look at Fig 2 below:
I am showing on the left the same Hypervisor domain as in Fig1 above. But in the figure to the right, I have expanded the Hypervisor domain to show the virtual machines. That is, the virtual resources of the hypervisor domain are now shown as virtual machines.
For simplicity, I have removed the virtual network/network blocks on the left, as they are not important for this discussion.
The virtualization layer has become the resource/network manager. The virtual compute/memory has become virtual machine (VM)
So what is a virtual machine?
A virtual machine provides an environment in which a VNF ( Virtual Network Function) runs.
If you look at the diagram, each Virtual Machine is linked to a VNF .
Let’s take an example to clarify. There is a VNF1 called Virtual CPE and another VNF2 called Virtual Firewall. From the example above, each then runs into its own virtual machine. They can then be chained and connected internally through a hypervisor domain.
Also, note that virtual machines are logically separate from one another. This makes it possible to run independent operating systems on each virtual machine. For example, Guest Operating System OS1 can be Linux and Guest OS2 can be Solaris (as an example).
And in addition to the Guest operating systems/OS, did you notice that there is also a need for Host Operating System/OS, which is an environment in which the hypervisor runs.Keep this important point in mind, as I discuss containers in the next paragraph.
Let’s take the journey forward and now remove the Virtual Machines.
Step 3. Remove virtual machines and introduce containers!
Now instead of virtual machine, I introduce a totally new component Container
VNF1 now runs in container 1 and VNF2 runs in container 2 providing the same functionality as virtual machines.
What we have achieved is the same functionality as a virtual machine but within the same OS, which is Linux here.
Did you notice that there is no need for Guest OS now?
Simple architecture; isn’t it?
What have we achieved with containers?
1. There is no need for Guest Operating System (OS) in the container environment as you can see that the Host OS is Linux. Therefore, they are lighter weight and need less overhead compared to virtual machines
2. Architecture is simplified by removing the hypervisor as now the containers can retain sufficient isolation at the OS level inside the same Host OS.
3. Virtual Machine provides hardware level virtualization meaning classic virtual machines take a host and partition it via hypervisor software. This essentially means that VMs are isolated from the OS of the host machine. You can run a windows Host over a Linux operating system.On the other hand, containers provide OS level virtualization. That is in the same OS, applications can keep themselves isolated. This is far less overhead compared to VM as the whole OS is not duplicated.
That’s it about the Containers.
Future of containers for NFV
Let’s face it, the current NFV architecture and standards are based on the Virtual machines.
Containers are still new to NFV. There are still a lot of development going on especially from a security point of view. As you can see that the Host OS is exposed to all containers so there could be potential multi-tenancy security issues.
However, they do promise a good future considering the ease and simplicity of running the VNFs in such environments. Also, they can open a door to running microservices instead of running a complete VNF over a virtual machine.
For example in the case of virtual CPE, a lot of its components can be decomposed into small containers and chained together. By decomposing the functions, this will provide an opportunity for small software vendors to develop small functions of a VNF easily with less overhead.
Did this guide help you in understanding the containers in a simple way ?
Share your views in the following comments section.