docker multihost networking
TRANSCRIPT
The New World ofThe New World ofDocker NetworkingDocker Networking
12
Nicola Kabar
|| [email protected] Architect at DockerHelp Customers Design Solutions based on DockerCCIE (for those who care)Favorite Moto : "Ping works. Not my problem !!!"
@nicolakabar
3
Agenda
Old Networking ModelChallengesWhat's Multi-Host Networking?How does it work?DemoUse-casesRoadmap
4
5
Docker Networking (< 1.9)Docker Networking (< 1.9)Docker creates three networksbridge (default) --> containers in local docker0 bridgenull --> containers without any network interfaceshost --> containers use same interfaces as host ( same netns)
NETWORK ID NAME DRIVER51d5e0c6b3f4 bridge bridge0b240f7c1d73 none nullb9819d9c0380 host host
$ ifconfigdocker0 Link encap:Ethernet HWaddr 02:42:30:91:60:49 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::1/64 Scope:Link inet6 addr: fe80::42:30ff:fe91:6049/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 RX packets:23957697 errors:0 dropped:0 overruns:0 frame:0 TX packets:17161453 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9273953094 (9.2 GB) TX bytes:4601244328 (4.6 GB)
6
ChallengesChallengesRequired host port mapping for multi-host deploymentNo network visibilityNeed linking for container discoveryNo horizontal scaling
7
The New Multi-Host Networking The New Multi-Host Networking Exited experimental in 1.9Batteries included: `overlay` network driver + IPAMNew network API + UXNetwork Driver + IPAM PluginsIntegration with Swarm and Compose ( --x-networking )
$ docker network --help
Usage: docker network [OPTIONS] COMMAND [OPTIONS]
Commands: disconnect Disconnect container from a network inspect Display detailed network information ls List all networks rm Remove a network create Create a network connect Connect container to a network
8
Under the Hood Under the Hood 1. VXLAN ==> Data Transport
Virtual eXtensible Local Area Networks L2 Network over an L3 network ( overlay )RFC7348Invisible to the containerHost as VXLAN Tunnel End Point (VTEP)Point-to-Multi-Point TunnelsProxy-ARP
9
Under the Hood Under the Hood 2. Key-Value Store ==> Cluster Discovery ( Strongly Consistent)
support etcd, zookeeper,consul,boltdbstore Network ID, Subnets, Nodes, VXLAN ID, IPAM...etc
3. Serf ==> Cluster Discovery (Eventually Consistent)
Gossip protocolPropagates cluster updates(e.g MAC <> VTEP IP mapping)
10
Under the Hood Under the Hood 4 . Network Namespaces ==> Host + Container Networks
A Linux Bridge per Subnet per Overlay Network per HostA VXLAN interface per Overlay Network per Host1 Linux Bridge per Host for default traffic (docker_gwbridge)Lazy creation ( Only if container is attached to network)
11
RequirementsRequirements Linux Kernel 3.16+
Docker Engine 1.9Underlying Open TCP/UDP Ports
Docker Engine port (e.g TCP 2376)VXLAN: UDP 4789Serf: TCP + UDP 7946Key-value store ( e.g for Consul TCP 8500)
Swarm 1.0Compose 1.5
12
Configuration WorkflowConfiguration Workflow 1. Create K/V Store
2. Configure Engines with `cluster-store` and `cluster-advertise`3. Create Overlays with `docker network create -d oberlay BLUE`4. Run containers with `--net BLUE`
$ docker network create -d overlay --subnet 10.10.10.0/24 BLUE68478121f0a73b7c27854f5ac7a7750bcb4bd1400d2fc20f1c1303aa72a5dfd5
$ docker network lsNETWORK ID NAME DRIVER68478121f0a7 BLUE overlay3748cf0d06c5 none nullc7be99c9c48f host host418e521b16a0 bridge bridge
13
Demo:Demo:Overlay NetworkingOverlay Networking
14
Use-cases:Use-cases:Multi-tenancySegmentationMulti-Cloud Networks
15
Roadmap:Roadmap:
IPv6 Support for OverlaysDNS-based service discoveryProxy containersEncryption
16
Thank you!Thank you!
www. .com
@nicolakabar