5 Things You Should Know About Project Calico
In 2015, the Project Calico team was terribly busy, promoting the open source project's latest release and traveling the world to meet with developers and customers. This year promises to be even busier with new releases and participation in many events across the globe. If you haven't been able to keep up, here are a few things we wanted to pass along to remind you about some of the things that make Project Calico so special:
- Calico is highly scalable. With its Layer 3 approach to virtual networking and Internet-style architecture, Calico is far more scalable than current overlay solutions. As TelecomTV recently reported, the Calico team have already demonstrated this scaling power by instantiating a Calico-based OpenStack cluster of 10,000 virtual machines running across 500 compute hosts. They also completed a container deployment running 50,000 containers across 500 hosts with setup rates of over 20 containers per second.
- Calico is secure. The Layer 2 overlay approach to data center networking presents a “clumsy and inefficient way to implement security,” explained Metaswitch CTO Martin Taylor in an interview with InfoQ. He added, “Calico supports the configuration of fine-grained connectivity policies for each workload, and these policies are rendered into firewall rules that are automatically applied between each and every workload and the physical network fabric in both ingress and egress directions. This provides for the maximum possible network security without the inefficiency inherent in moving packets between overlay L2 segments via separate and distinct firewall functions in the cloud.”
- Calico just works. In lab deployments, the Calico team have gotten Calico up and running on OpenStack and passing traffic within four hours on tens of nodes. “The comments we hear are … ‘My God, that was easy. It just works’,” according to Metaswitch’s Christopher Liljenstolpe, Director, Solutions Architecture in a recent OpenStack:Now podcast.
- Calico integrates easily with existing networks. Calico can talk to existing switches and routers in the network because it’s based on IP and communicates using the same type of IP packets. This is much less complicated than overlay configurations, as Liljenstolpe explained in an interview with Linux.com. “In the overlay environments, if I have to interact with legacy or hardware-based infrastructure, I have to put ‘on/off’ ramps and de-encapsulate and re-encapsulate the tunnel in front of everything that isn’t part of the overlay. … In the Calico model, each VM or container is just an endpoint.”
- Calico does containers too. Project Calico was established to find a better way to network cloud workloads – and not just virtual machines. In fact, it works equally well with containers. As a new enterprise stack is emerging around “cloud-native” principles, including decomposing applications into micro services running in containers, Calico has become one of the front-runners for connecting and securing these containers, as CTO Martin Taylor pointed out in a recent blog. “While the Calico team continues to invest heavily in the OpenStack space, the world is increasingly embracing containers as the best way to run new applications in the cloud because they are simpler and more efficient than VMs, and we expect the world to embrace Calico for networking new applications in the cloud for precisely the same reasons.” As part of this movement, the Project Calico recently joined the new Cloud Native Computing Foundation.