If you were fortunate enough to be in Austin Texas at DockerCon 2017, then you had the amazing opportunity to learn the latest in software container technologies.  This year’s DockerCon had a 34% increase in attendance over last year with a total of 5,500 people.  This conference was “just-right” sized between a large Docker MeetUp and the behemoth that is Cisco Live.  While DockerCon provided exemplary Texas hospitality, the real draw was an opportunity to access the wisdom of container developers and implementers and to collaborate with peers.  One of those container technologies that DockerCon attendees came to learn about was Cisco’s Contiv.



Hybrid-IT Operational Model:

Enterprises prefer having one operational model for both cloud infrastructures, container environments and their traditional on-premises data center.  It is conceivable that an enterprise organization can be using containers on virtual servers for manageability, using containers on bare-metal hardware for performance, and using containers on cloud infrastructure for scalability.  Therefore, enterprises should seek out those container management systems that can create a single policy configuration that applies to many different types of infrastructure.


Enterprises are not going to operate completely in the cloud, nor are they able to continue to ignore the benefits of cloud architectures and run all services in their current private data centers.  Cisco has been working on developing technology solutions for operating hybrid-IT environments for years.  To this end, Cisco has also been forming a strategic alliance with Docker to facilitate customers using containers on Cisco network switches and Cisco UCS servers and FlexPod systems.  Cisco has published Cisco Validated Designs (CVDs) for Cisco UCS Infrastructure with Docker Datacenter for Container Management, and FlexPod Datacenter with Docker Datacenter for Container Management.


Rather than specifying each-and-every command on each-and-every element in the architecture, it is better to leverage “promise theory” concepts to express what you want the IT environment to do.  What you want to have is “cluster-wide intent” and have consistency of configuration and policies across all your containerized infrastructure.  Cisco’s goal for container management is to allow you to define your application and operational intent and have that universally provided on the broad range of infrastructure.



(Picture Source: Project Contiv – Infrastructure Operational Policy Specification for Containerized Application Deployment)


Cisco Contiv:

Cisco has been working on Project Contiv since 2015, but their container technology group really accelerated when Cisco acquired ContainerX in August of 2016. Cisco combined their own teams working on container networking with the ContainerX team to form one cohesive team working on container-based networking and policy solutions.

Cisco now has a compelling product to share with the container community.  Cisco provided technical details of Contiv at Cisco Live EMEA in Berlin.  Cisco prepared to share this information with the DockerCon crowd and providing some demonstrations and hands-on labs of the software.


On the first full day of the conference (Tuesday April 25th) in the ecosystem track, there was an informative session titled “Networking for your Docker Applications - From Dev/Test to Production”, by Pradeep Padala and Rohit Agarwalla from Cisco.  In this session, they gave an overview of container networking requirements and made the business case for Contiv.  They talked about Contiv’s functionality and how it becomes part of your container network infrastructure.  The following diagram shows the Contiv functionality and the ecosystem of infrastructure that it supports.



(Picture Source: Introducing Contiv 1.0 – The Most Powerful Container Networking Fabric)


Cisco Open Source:

One notable characteristic of Cisco’s Contiv is that it is a completely open source project.  There is no licensing cost for using the software. This is not typical of Cisco, but is an evolution of how the IT world is using more open source software in commercial production deployments.  Cisco also provides technical support for this 100% open source product.  This liberal open source licensing model will make it easy for organizations to utilize Contiv.


Contiv Architecture:

Contiv is quite powerful because it can provide layer-2 and layer-3 container connectivity as well as overlay networking using VXLAN.  Contiv is written in Go and uses Open vSwitch (OVS) virtual networking to connect to virtual container networks.  Contiv also supports Docker, Kubernetes, and RedHat OpenShift.  Contiv integrates with Docker Swarm clusters to provide for container clusters.  Contiv has a rich policy framework that allows for the definition of network constraints and security policies for container services.  Thankfully, Contiv supports both IPv4 and IPv6, because you wouldn’t want a new product to only support IPv4.


Cisco’s Contiv team has put together a set of videos that describe its functionality and value.


Contiv Integration with ACI:

If you are using a completely different network overlay and policy configuration in your container environment than in other parts of your data center, then you have created more work and potential problems for yourself.  The conversion of policies and connectivity between environments could lead to configuration errors and a lack of automation.  For example, your container systems may be located in your private data center connected to a Cisco Application Centric Infrastructure (ACI) data center fabric using Nexus 9000 switches running in ACI mode with a 3-node APIC defining the policies.


One of the compelling characteristics of Contiv is that the rich policy configuration is the same for the container clusters as the policy configuration available in Cisco ACI. The definition of End Point Groups (EPGs) for microsegmentation, local and external contracts and filters for application security, and external connectivity are the same for container networks and ACI.  By bringing the Contiv ACI gateway container into your Docker container environments and using Cisco ACI in your physical private data center, you can synchronize policies and automate networking seamlessly across both environments. Following is a diagram of how that Contiv and ACI integration is performed.



(Picture Source: Contiv in ACI Mode)


Contiv Customers:

Even though Contiv is relatively new, there are enterprise customers working with and using Contiv in production.  One example of this was described by John MItchell, Chief Architect, Platform, SAP Ariba, during Cisco Live EMEA in Berlin.  In this video he describes the operational benefits of Contiv.


Contiv Installation:

Hopefully, this article has piqued your interest and you will want to test Contiv in your own test environment.  At DockerCon there were a couple of Contiv hands-on sessions that you could have signed up for and Cisco also had Contiv running on terminals at their booth in the expo hall.  But now that DockerCon is over, there are a couple of ways you can “kick-the-tires” and get Contiv working in your testing environment.


One way is to go through the online tutorials.  Cisco has made all their documentation freely available online and you can read the CLI reference.  Their container network tutorial steps you through getting Contiv deployed on Docker swarm clusters using Vagrant.  This was basically the syllabus for the hands-on tutorials conducted at DockerCon.


Another way to get Contiv running is to simply install the plugin into your existing Docker cluster from the Docker Store.  Cisco Contiv is a fully certified Docker network plug-in.  To accomplish this one-step installation you just run the following command to install the Contiv plug-in.

docker plugin install store/contiv/v2plugin:1.0.0-beta.3


Preparing for Cisco Live U.S.:

Contiv is a newer project for Cisco, but it is growing in popularity.  There will likely be even more information about Contiv provided at Cisco Live U.S. (CLUS).  We can expect technical breakout sessions on Contiv and anticipate more product enhancements and the project receives more customer feedback.  At Cisco Live we can also expect there to be similar demonstrations of Contiv on the expo floor and more hands-on demonstrations.  Cisco has used this training environment at recent Cisco Live events to teach people about Contiv.  We can expect this to be utilized for Cisco Live U.S.  In the meantime, you can test Contiv for yourself and come to Cisco Live prepared to ask questions of the Contiv team.  Besides looking forward to seeing Bruno Mars at Cisco Live Customer Appreciation Event (CAE), we can also look forward to learning more about Contiv at Cisco Live.