Lots of experiments are happening in the area of orchestrating NFV in containers. I didn’t find a working example for NFV in containers, so I decided to write one. In this post, we will see how to orchestrate NFV in containers by taking a simple example. We will also discuss some problems that we face with this approach.

 

To analyze the use of containers in NFV, we will first see the process of launching NFV in containers using OpenStack Tacker.

 

Setup NFV in container using Tacker:
1. We are using the ‘nova-docker’ compute driver in this example. You can follow the instructions mentioned here to setup ‘nova-docker’ as compute driver for nova.
2.  Pull an openWRT docker image using:

(steps to build the image can be found here)

 openWRT provides a custom firmware for the router. You can learn more about it here.

3. Save it to glance using:

4. Try to launch an instance using the above image. When you try this, you might face a couple of errors:

  • Nova-compute throws an error “Cannot find any PID under container ”. The problem here is that the nova starts the container, but as no command was specified, it stops immediately. So, we must run the following the command to solve this issue.

  • Nova compute throws an error “Unauthorized command: ln -sf /proc/7552/ns/net /var/run/netns/e7e19d7015b5670b2930ef2c3efa0f06f644ef443d14c15fcf2e0477f6b06c72 (no filter matched)”

     The problem here is that the driver.py in nova-docker is creating a soft link netns, but in rootwrap we don’t have such a filter. So, we must add the following line in /etc/nova/rootwrap.d/network.filters file

5. Now create the VNFD and VNF in the Tacker for openWRT using docker image:

6. Now you can configure the openWRT using:

Now we have the simple NFV setup using Docker.

 

Problems with this approach:

    1. I feel using nova-docker is a bad idea for the following reasons:

 

      • It is not mature enough. You can see many bugs while running nova-docker (as you have seen in the 4th step)

 

      • Floating IP is not working for nova-docker.

 

      • We cannot launch virtual machine and Docker container in the same compute node.

 

    1. Network implementation for containers is not fully implemented. The OpenStack Kuryr project is intended to solve network problems with containers.

 

    1. Cannot manage multiple containers which belongs to the same VNF.

 

 

For the above problems, one of the solution is to create a Magnum bay (which is a collection of nodes to launch the containers) and use Tacker to launch VNF containers. We can manage those containers using Kubernetes or Docker Swarm as a container orchestration Engine. For the network issues, we need to use OpenStack Kuryr.


As most of the NFV are not containerized yet, NFV in containers is not growing as fast as containers. Once we have enough NFV in Docker, I feel most of the NFV orchestrators will use containers.