NSX Container Plugin (NCP) Architecture

By | September 26, 2019

The purpose of this blog post is to describe the NSX Container Plugin (NCP) Architecture in detail so that you will have a good understanding of why is it created, what are the components and how it works. With that knowledge, hopefully it will comes in handy when you require to perform troubleshooting when things does not goes well as you expected.

NCP Architecture

Screen Shot 2019-09-04 at 9.24.34 AM

These are the NCP components and its purpose.

  • NCP
    Translating Kubernetes resources to NSX-T objects
  • NSX-Node-Agent
    Forward pod network information
    Plumb pod interface to OpenvSwitch inside node vm
  • NSX CNI plugin
    CNI interface between kubelet and nsx-node-agent
  • NSX-Kube-Proxy
    Translate Service(ClusterIP) of Kubernetes Resources into OpenvSwitch configuration
  • OpenvSwitch
    Provide container networking and Service(Cluster IP)
    Isolate Pod traffic in VM

Where are the components running?

Screen Shot 2019-09-04 at 9.37.07 AM

  • NCP
    • Deployed as a Pod of Kubernetes.
    • Only single instance is running on one of kubernetes node
  • NSX Node Agent
    • Deployed as a DaemonSet of Kubernetes
    • Every Kubernetes nodes has NSX-Node-Agent
  • OpenvSwitch
    • Virtual switch installed inside Kuberntes nodes
    • Every Kubernetes nodes has OpenvSwitch
  • NSX CNI plugin
    • CNI plugin used in NSX-T integration.
    • Installed in every Kubernetes nodes

Purpose of OpenvSwitch

Screen Shot 2019-09-04 at 9.40.17 AM

  • Distributed Firewall (DFW) at Host
  • Micro-segmentation Pod to Pod traffic

Watch a video recording on NCP Architecture

Credits

I would like to thank the following people:-
– Yuki Tsuboi, Customer Success Architect, APJ for the architecture diagrams and explains.
– Yasen, Snr Technical Product Manager, NSBU for his guidance, especially on the installation.

Be Sociable, Share!