Checmate: Lying, Cheating, and Winning with Containers in Networking

Containers have become ubiquitous in modern infrastructure. Containers have become the de facto mechanism of deploying and operating production software in recent years. Containerizaton technology has resulted in a a fundamental paradigm shift in multitenant computing. Unfortunately, networking in containers never caught up with this modern mechanism. As opposed to manipulating the tenant's perspective of the system using the OS containers, are still using virtualization techniques. In this talk, we present Checmate, a system that is resident to the Linux kernel, that implements microsegmentation and load balancing of containers with nearly undetectable overhead. This system is powered by a control plane in Erlang, with a custom compiler to ease the creation of new Checmate rules. These components work together to provide a modern approach to container networking. 

Talk objectives:

• To present Checmate, and Checmate's control plane as an alternative to the way the container networking works today
• To create interest in Checmate
• Discuss coordination-free datacenter orchestration systems
• Discuss Erlang's usefulness as a tool to develop DSLs, compilers, and distributed systems orchestrators

Target audience:

• Network software engineers
• Kernel developers
• Distributed systems engineers
• Individuals facing challenges with security, and performance in containers.