Docker Networking in Swarm, Mesos, KubernetesApril 2016

Fawad Khaliq - @fawadkhaliq

Copyright © PLUMgrid, Inc. 2011-2016

IntroductionSpeaker

2

Sr. Software Engineer at PLUMgridKhaliqFawad

Twitter: @fawadkhaliq IRC: fawadkhaliq

Copyright © PLUMgrid, Inc. 2011-2016

• Introduction • Docker Orchestration Tools

• Docker Swarm • Mesos • Kubernetes

• Docker Networking • Early (host, bridge, container modes) • Modern (libnetwork)

• PLUMgrid’s involvement in the Docker ecosystem • Demo

Agenda

3

Orchestration Tools

4

Copyright © PLUMgrid, Inc. 2011-2016

• Scheduling • Scaling • Management • Upgrades • Availability • Service Discovery • Networking

Docker Orchestration Tools

5

Copyright © PLUMgrid, Inc. 2011-2016

Docker Swarm

6

Copyright © PLUMgrid, Inc. 2011-2016

Mesos

7

Copyright © PLUMgrid, Inc. 2011-2016

Kubernetes

8

Networking

9

Copyright © PLUMgrid, Inc. 2011-2016

• Early • Bridge mode • Host mode • Container mode

• Evolution • Container Network Model (CNM)

Docker Networking Strategies

10

Copyright © PLUMgrid, Inc. 2011-2016

Docker’s interface between the docker daemon and the network

Container Network Model (CNM)• Docker specific (Docker Swarm) • Network = Subnet • ‘Metadata’ to select group policies at the

network level • Options: arbitrary key/value data

libnetwork

11

Copyright © PLUMgrid, Inc. 2011-2016

docker network

create Create a network connect Connect container to a network disconnect Disconnect container from a network inspect Display network information ls List all networks rm Remove a network

Docker Network CLI

12

Copyright © PLUMgrid, Inc. 2011-2016

Container Network Interface Treats container / group (pod) of containers synonymous to Linux network namespaces Networks described on JSON based format for network and IPAM config in /etc/cni/net.d

{ "name": “test-net", "type": ”bridge”,#type of network plugin:bridge,macvlan,ipvlan,commercial "bridge": "cni0", "isGateway": true, "ipMasq": true, "ipam": { "type": “host-local", # can be pluggable IPAM "subnet": "10.22.0.0/16", "routes": [{ "dst": "0.0.0.0/0" }] }}

Capable to providing networking for Docker containers as well

Other networking options

13

Copyright © PLUMgrid, Inc. 2011-2016

Networking and Orchestration Tools Together

14

* In discussion phase ** In design/implementation phase

PLUMgrid’s Involvement in the Docker Ecosystem

15

Copyright © PLUMgrid, Inc. 2011-2016

• PLUMgrid and Docker Swarm • PLUMgrid libnetwork plugin • Available at https://github.com/plumgrid/libnetwork-plugin • Uses PLUMgrid Open Networking Suite

• PLUMgrid and Mesos • Mesos Networking under Docker containerizer • Mesos Networking Isolators

PLUMgrid in Docker Ecosystem

16

Copyright © PLUMgrid, Inc. 2011-2016

Docker Swarm and PLUMgrid

Libnetwork (CNM)

PLUMgrid Plugin

Slave Node

Con

tain

er

Con

tain

er

Con

tain

er

Con

tain

er

Doc

ker

Dae

mon

Master Node

Swarm Manager

Consul / etcd / …

Docker Daemon (in each slave)

Daemon

IOVisor

PLUMgrid Director Cluster

17

Copyright © PLUMgrid, Inc. 2011-2016

Docker Swarm and PLUMgrid

VD: t1

18

DEMO

19

Copyright © PLUMgrid, Inc. 2011-2016

Demo: Docker Swarm

20

OverviewNetwork Creation w/ Docker Swarm (libnetwork) Containers on-boarded on PLUMgrid VDs Security Policies

Use CaseMicro-segmentation & Networking for Containers and microservices

What to expectChanging Policies alters the traffic flow between containers

Environment

(408) 800-7586 www.plumgrid.com

5155 Old Ironsides Dr. Suite 200 Santa Clara, CA 95054

THANK YOU!Keep in Touch and Contact Us