docker networking
TRANSCRIPT
![Page 1: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/1.jpg)
Docker NetworkingJohn Merrells
![Page 2: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/2.jpg)
DockerThe current state of Docker Networking
![Page 3: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/3.jpg)
get a server
![Page 4: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/4.jpg)
Ubuntu 14.04
eth0: 45.79.82.5
install an operating system
![Page 5: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/5.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1
install Docker
Docker 1.6.2
$ wget -qO- https://get.docker.com/ | sh
![Page 6: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/6.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22b
start a container
eth0: 172.17.0.1port: 5000
$ docker run -d …
![Page 7: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/7.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22b
traffic routed through docker bridge
eth0: 172.17.0.1port: 5000
![Page 8: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/8.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22bport 32768
start a container, and publish a port
$ docker run -d -P …
eth0: 172.17.0.1port: 5000
![Page 9: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/9.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22bport 32768
traffic to port forwarded
eth0: 172.17.0.1port: 5000
![Page 10: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/10.jpg)
Ubuntu 14.04
If we want containers to communicate with each other
eth0: 45.79.82.5docker0: 172.17.42.1
![Page 11: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/11.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22b
start a container, with a name
$ docker run -d —name web …
eth0: 172.17.0.1port: 5000name: web
![Page 12: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/12.jpg)
Ubuntu 14.04
start containers with names, and ‘link’ them together
eth0: 172.17.0.1port: 5432name: db
eth0: 172.17.0.2port: 5000name: web
eth0: 45.79.82.5docker0: 172.17.42.1veth8a5c43aveth7b4d22bport 32768
$ docker run -d --name db … $ docker run -d -P --name web --link db:db …
![Page 13: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/13.jpg)
Ubuntu 14.04
eth0: 172.17.0.1port: 5432name: db
eth0: 172.17.0.2port: 5000name: webDB_PORT=tcp://172.17.0.7:5432DB_PORT_5432_TCP=tcp://172.17.0.7:5432DB_PORT_5432_TCP_ADDR=172.17.0.7DB_PORT_5432_TCP_PORT=5432DB_PORT_5432_TCP_PROTO=tcpDB_NAME=/web/db
linking is via environment variables
custom application code needed
![Page 14: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/14.jpg)
h2eth0: 45.79.90.4docker0: 172.17.42.1
h1eth0: 45.79.82.5docker0: 172.17.42.1
If we want containers, on different hosts,
to communicate with each other
Docker hosts don’t know about each other
![Page 15: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/15.jpg)
eth0: 172.17.0.1port: 5432name: db
h2eth0: 45.79.90.4docker0: 172.17.42.1port 32768
eth0: 172.17.0.1port: 5000name: web
h1eth0: 45.79.82.5docker0: 172.17.42.1port 32893
there’s no linking across the network
h1$ docker run -d -P —name web … h2$ docker run -d -P —name db …
![Page 16: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/16.jpg)
Container NetworkingDocker
IP Allocation Subnet per Host
Routing NAT
Ports IPTables, Port Forwarding, Random Ports
Service Discovery Environment Variables
Multi Host Not Supported
![Page 17: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/17.jpg)
WeaveNetworking with Docker + Weave
![Page 18: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/18.jpg)
get a server
![Page 19: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/19.jpg)
Ubuntu 14.04
eth0: 45.79.82.5
install an operating system
![Page 20: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/20.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1
install Docker
Docker 1.6.2
$ wget -qO- https://get.docker.com/ | sh
![Page 21: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/21.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1
install Weave
Docker 1.6.2
$ wget -O /usr/local/bin/weave \ https://git.io/weave
Weave 0.10.0
![Page 22: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/22.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1vethace68bd
weavevethwepl8289
launch the weave router
$ weave launch
eth0: 10.0.0.1name: weaveport: 6783
![Page 23: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/23.jpg)
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1vethace68bd
weavevethwepl8289
eth0: 10.0.0.1name: weaveport: 6783
let’s ignore the docker bridge and interfaces
![Page 24: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/24.jpg)
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
start a container
$ weave run 10.2.1.1/24 -d …
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000
![Page 25: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/25.jpg)
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
traffic routed through weave
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000
![Page 26: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/26.jpg)
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
start a container, publish a port
$ weave run 10.2.1.1/24 -d —name web -p 5000:5000 …
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000name: web
![Page 27: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/27.jpg)
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
traffic router through weave, no random port
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000name: web
![Page 28: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/28.jpg)
eth0: 45.79.82.5
weave
If we want containers to communicate with each other
eth0: 10.0.0.1name: weaveport: 6783
![Page 29: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/29.jpg)
eth0: 45.79.82.5
weave
use the weave DNS server
$ weave launch-dns 10.1.0.3/16 …
eth0: 10.0.0.1name: weaveport: 6783eth0: 10.1.0.3name: weavednsport: 53
![Page 30: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/30.jpg)
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8801
vethwepl8709eth0: 10.2.1.1port: 5000name: web
eth0: 10.2.1.2port: 5432name: db
$ weave run 10.2.1.1/24 -d —name web -p 5000:5000 … $ weave run 10.2.1.2/24 -d —name db …
now we can name containers
eth0: 10.0.0.1name: weaveport: 6783eth0: 10.1.0.3name: weavednsport: 53
![Page 31: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/31.jpg)
and they can find each other with regular DNS lookups
name: weaveport: 6783
name: weavednsport: 53
eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8801
vethwepl8709
Where’s db?
Where’s web?
![Page 32: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/32.jpg)
and communicate with each other over regular IP based protocols
name: weaveport: 6783
name: weavednsport: 53
eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8801
vethwepl8709
![Page 33: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/33.jpg)
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
name: weavednsport: 53
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
name: weavednsport: 53
h1$ weave launch 10.0.0.1/16 h2$ weave launch 10.0.0.2/16 45.79.82.5
If we want containers, on different hosts,
to communicate with each other
![Page 34: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/34.jpg)
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
h1$ weave run 10.2.1.1/24 -d —name web -p 5000:5000 … h2$ weave run 10.2.1.2/24 -d —name db …
It’s just the same, containers can find each other with DNS
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
Where’s db?
Where’s web?
![Page 35: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/35.jpg)
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
and can communicate over regular IP based protocols
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
![Page 36: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/36.jpg)
Container NetworkingDocker Weave
IP Allocation Subnet per Host Subnet per App
Routing NAT L2 Routing
Ports IPTables As they should be
Service Discovery Environment Variables DNS
Multi Host Not Supported Supported
![Page 37: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/37.jpg)
WeaveBut wait, there’s more…
![Page 38: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/38.jpg)
mesh of peers, that gossip with each other
eth0: 10.2.1.2 eth0: 10.2.1.3
eth0: 10.2.1.4eth0: 10.2.1.1
![Page 39: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/39.jpg)
eth0: 10.2.1.2 eth0: 10.2.1.3
eth0: 10.2.1.4eth0: 10.2.1.1
mesh of peers, with least cost routing
![Page 40: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/40.jpg)
start containers, on different clouds…
Weave 0.10.0
eth0: 10.2.1.2 eth0: 10.2.1.3 eth0: 10.2.1.4eth0: 10.2.1.1
![Page 41: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/41.jpg)
encrypted traffic for application isolation
eth0: 10.2.1.2eth0: 10.2.1.1 eth0: 10.2.1.2eth0: 10.2.1.1
$ weave launch -password secret123
$ weave launch -password 321terces
![Page 42: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/42.jpg)
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
containers can migrate, from host to host
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
![Page 43: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/43.jpg)
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53
eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
containers can migrate, and maintain the same IP Address
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
![Page 44: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/44.jpg)
WeaveAnd coming soon
![Page 45: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/45.jpg)
eth0: 45.79.82.5
fast data path
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000
OVS kernel
module
![Page 46: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/46.jpg)
eth0: 45.79.82.5
weave
IP Address Management
eth0: 10.0.0.1name: weaveport: 6783iprange: 10.0.0.1/16
$ weave launch -iprange 10.0.0.1/16 $ weave run -d …
eth0: 10.0.0.2
![Page 47: Docker Networking](https://reader034.vdocument.in/reader034/viewer/2022042701/55c54f03bb61eb784c8b4584/html5/thumbnails/47.jpg)
Scope
Weave Scope