pipework: software-defined network for containers and docker
DESCRIPTION
Pipework lets you connect together containers in arbitrarily complex scenarios. Pipework uses cgroups and namespaces and works with "plain" LXC containers (created with lxc-start), and with the awesome Docker. It's nothing less than Software-Defined Networking for Linux Containers! This is a short presentation about Pipework, given at the Docker Networking meet-up November 6th in Mountain View. More information: - https://github.com/jpetazzo/pipework - http://www.meetup.com/Docker-Networking/TRANSCRIPT
![Page 1: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/1.jpg)
Pipework
![Page 2: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/2.jpg)
PipeworkThe little SDN container framework
that you should NOT use
![Page 3: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/3.jpg)
![Page 4: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/4.jpg)
JérômePetazzoni(@jpetazzo)
Grumpy French DevOps
- Go away or I will replace youwith a very small shell script
Runs everything in containers
- Docker-in-Docker
- VPN-in-Docker
- KVM-in-Docker
- Xorg-in-Docker
- ...
![Page 5: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/5.jpg)
Outline
● History● Features● Roadmap
![Page 6: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/6.jpg)
Use cases
● Performance– Linux bridge, iptables, conntrack... Ohnoes!
● Integration into existing networks– VLAN, bonding...– IP addr management
● Work at L2/L3 instead of L4– Ethernet/IP vs TCP, UDP
![Page 7: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/7.jpg)
Modus Operandi
● Create network interfaces● Move them to containers
(while they're running)● Configure network interfaces
(from outside)● Shell script
![Page 8: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/8.jpg)
Seriously
![Page 9: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/9.jpg)
Shell…?
![Page 10: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/10.jpg)
Yup.
![Page 11: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/11.jpg)
Upsides of /bin/sh
● Easy to understand● Easy to rip out the bits you (don't) need● Most things we do require exec anyway
(ip, route, brctl, etc)● Complicated stuff is hard to implement
(avoid feature creep, e.g. IPAM)
![Page 12: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/12.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24
![Page 13: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/13.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24 ^^^^
● Physical eth0 on the machine
![Page 14: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/14.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework br0 mysql 10.1.1.1/24 ^^^
● Pre-existing bridge
![Page 15: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/15.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql 10.1.1.1/24 ^^^^^^
● Open vSwitch bridge
![Page 16: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/16.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp ^^^^
● DHCP
![Page 17: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/17.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp @10 ^^^
● VLAN
![Page 18: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/18.jpg)
Features
● Fixed address or DHCP● Random MAC or fixed MAC● Change netmask, default route● Linux bridges, OVS bridges● IP over Infiniband● Multiple interfaces
![Page 19: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/19.jpg)
Roadmap
![Page 20: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/20.jpg)
![Page 21: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/21.jpg)
Pipework:
● Will not be integrated into Docker(probably)
● Is not necessary anymore in many cases(thanks to host networking)
● Is not actively maintained(but I'll happily merge PRs)
![Page 22: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/22.jpg)
What do?
● Use it as a big toolbox● Understand how things work● Possibly extract what you need● Contribute to Docker instead
![Page 23: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/23.jpg)
Possible improvements
● Don't require host-side tooling anymore● Allow operation over Docker API● A small POC is available at:
https://github.com/jpetazzo/plumber/
![Page 24: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/24.jpg)
A brighter future
● Native Docker Multi-Host Networkinghttps://github.com/docker/docker/issues/8951
● Docker Network Drivershttps://github.com/docker/docker/issues/8952
![Page 25: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocument.in/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/25.jpg)
Thank you!Questions?