Multus Container Network Interface (CNI)

As container adoption increases, so does the need to manage the traffic flow between applications. This means having ways of segregating traffic based on policy, performance, and security.

One way to segregate and manage this traffic flow is to use network function virtualization software (NFVS). NFVS allows you to control and manage the traffic flow on both the data plane and the control plane. Using NFVS allows you to work work with a variety of protocols for performance and security reasons.

Multus is an open source project to support multiple network cards in Kubernetes. One of the challenges that this solves is the migration of NFVS and network function virtualization to containers. Multus is a container network interface (CNI) that acts as a broker and arbiter of other CNI plug-ins for managing the implementation and life-cycle of supplementary network devices in containers. Multus supports plug-ins such as SR-IOV, vHost CNI, Flannel, and Calico.

The following diagram shows how you can design two separate workloads: a kernel-based workload (SR-IOV), and a DPDK-based workload. With these workloads, the control plane network manages the pods, and each pod connects to an extra data plane through a second network device.

This separation of functions improves the performance for the DPDK-based workload since it no longer relies on the SR-IOV performance.