The Cloud-Native SD-WAN project (CN-WAN) bridges the gap between SD-WAN technologies and cloud-native applications running on Kubernetes.
The documentation for the CN-WAN project is a work in progress. Please contact us at [email protected] with any questions.
If you are new to the project a good place to start is by reading the Overview and/or checking some of the Resources below. Once you are familiar with the project, feel free to explore the different components described in the Architecture. There is also some Automation available that should help bootstrap things.
- [Feb 2021] "Optimizing External Kubernetes Traffic with Cloud Native SD-WAN" - SDN devroom @ FOSDEM 2021 [info] [video] [slides]
- [Nov 2020] "Cloud Native & SD-WAN: Improving K8s Application Experience Over SD-WAN" - Breakout Session @ KubeCon NA 2020 [info][video] [slides]
- [Aug 2020] "Network, Please Evolve: Chapter 3, Stretching Out" - Cisco Keynote @ KubeCon EU 2020 [video]
- [Aug 2020] "CN-WAN: a Cloud Native (SD-)WAN for Microservice Applications" - Talk @ NSMCon EU 2020 [video]
- [Feb 2021] "Application-Optimized SD-WAN" - MEF 3.0 PoC [info] [video]
- [Nov 2020] "Cloud Native SD-WAN: A Look Under the Hood" - Cisco Booth Video @ KubeCon NA 2020 [info]
- [Oct 2020] "Introduction to Cloud Native SD-WAN" - Cisco Webinar [video]
- [Aug 2020] "CN-WAN: The WAN Your Kubernetes Applications Deserve" - Cisco Booth Demo @ KubeCon EU 2020 [info]
- [Feb 2021] "SD-WAN in the Age of Kubernetes and the Cloud Native SD-WAN Project" - MEF's Edge VIEW Blog [post]
- [Feb 2021] "Cisco, ngena and Equinix meet Kubernetes in Cloud Native SD-WAN" - ngena Blog [post]
- [Nov 2020] "SD-WAN and Kubernetes: It's Time to Play Together for Better Application Experience" - VMblog [post]
- [Aug 2020] "Cloud Native SD-WAN: The WAN Your Kubernetes Applications Deserve" - Cisco Blogs [post]
- [Feb 2021] "Cloud-Native SD-WAN and the New Model for Application-Optimized Networking" - SDx Central [post]
- [Nov 2020] "Cisco Project Bridges Kubernetes and SD-WAN to Speed Microservice Messaging" - The New Stack [post]
- [Aug 2020] "Cisco CN-WAN Smashes Together SD-WAN and Kubernetes" - SDx Central [post]
- [Aug 2020] "Cisco open-source code boosts performance of Kubernetes apps over SD-WAN" - NetworkWorld [post]
- [Nov 2020] "Cisco SD-WAN Cloud Hub with Google Cloud" - Google Qwiklabs [video] [lab] (Lab shows some of the features of CN-WAN using Cisco Viptela SD-WAN and Google Cloud Service Directory)
Nowadays, access to applications hosted in Kubernetes across Wide Area Networks (WANs) is a standard pattern for Enterprise apps. At the same time, Software-Defined WAN (SD-WAN) technologies are becoming popular since they democratize WAN access patterns across the Internet through latency reduction, throughput improvement, and packet loss prevention. Unfortunately, there is not much integration between SD-WAN and Kubernetes, in most cases (if not all) Kubernetes and SD-WAN are like ships in the night.
Interestingly, most SD-WAN solutions offer APIs that allows you to programmatically influence how the traffic is handled over the WAN. This enables interesting opportunities for automation and application optimization. There is an opportunity to pair the declarative nature of Kubernetes with the programmable nature of modern SD-WAN solutions to automatically optimize application experience over the WAN.
With that goal, the Cloud-Native SD-WAN (CN-WAN) project offers a reference implementation for how SD-WAN controllers can use Kubernetes application metadata to optimize application WAN traffic and link Kubernetes application attributes with SD-WAN network capabilities.
CN-WAN focuses on enabling Kubernetes - SD-WAN integration while minimizing disruptions to existing DevOps and NetOps workflows. In a typical enterprise today, a DevOps team configures and operates the Kubernetes infrastructure and another NetOps team setups and maintains the SD-WAN connectivity. Because today the two infrastructures are agnostic to one another, the two teams need to go through manual co-ordination to deliver optimal application experience. By using CN-WAN that is no longer the case.
The CN-WAN project presents DevOps teams with the possibility to adapt their workflows when deploying Kubernetes-hosted apps to define WAN attributes along with the rest of the app configuration and metadata. At the same time, CN-WAN offers patterns for publishing those apps via service discovery systems and connect those to SD-WAN controllers. NetOps can then configure the SD-WAN controller (along with a CN-WAN adaptation layer) to make it automatically receive the application metadata and optimize the application flows as they traverse the WAN. This reduces the need for manual coordination between the two teams and creates a more dynamic and efficient app experience across WAN connections.
The CN-WAN project is composed of three main components that together enable the integration between Kubernetes and SD-WAN:
-
CN-WAN Operator: A Kubernetes operator that monitors externally exposed services deployed in the Kubernetes cluster looking for WAN related metadata. DevOps deploying services on the cluster can use annotations in the form of (for instance) "cnwan.dev/traffic=video" to specify the type of traffic that the SD-WAN can expect for that particular service. The CN-WAN Operator extracts the externally exposed IP address and port for the services as well as the associated WAN metadata and makes it all available through an external Service Registry.
-
CN-WAN Reader: The Reader connects to the Service Registry to learn about how Kubernetes is exposing the services and their associated WAN metadata, as extracted by the CN-WAN operator. The CN-WAN Reader periodically polls the Service Registry and keeps track of updates regarding the services exposed and/or the metadata associated. When it detects new (or updated) services or metadata, it sends a message towards the CN-WAN Adaptor so SD-WAN policies can be updated.
-
CN-WAN Adaptor: The Adaptor is listening for updates from the CN-WAN Reader and connects with a given SD-WAN controller to translate the service metadata into SD-WAN policies. NetOps team can configure policies in the SD-WAN controller regarding the WAN metadata for the services (e.g. "services with video traffic should go through this link") and then let the CN-WAN Adaptor automatically populate the IP address and port for each of the services that should be treated by the policy.