dockerday2015: docker networking
Post on 16-Aug-2015
288 Views
Preview:
TRANSCRIPT
Docker Networking
Văn Đình Phúc – System Engineer Nguyễn Văn Thường – Linux Sysadmin Trần Hữu Cường – R&D
AGENDA
¡ Introduction
¡ Networking Deep Dive (version 1.7)
¡ Networking Deep Dive (Experimental)
¡ Ecosystem
¡ Q&A
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
WHAT IS DOCKER ?
Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
WHY IS NETWORKING IMPORTANT ?
¡ Communication between containers and the wider world
¡ Communication between containers in single host and multi hosts
¡ Container attached to multi networks
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
LIBNETWORK
¡ Open Sourced in April
¡ Over 200 Pull Requests
¡ Over 200 GitHub Stars
¡ Windows and FreeBSD ports in progress
Source: recap from DockerCon US 2015
LIBNETWORK
¡ Project Pages define the goals of each Platform Version Release and identify current progress
https://github.com/docker/libnetwork/wiki
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
Project Page Target Date Current Sprint Platform Version
libnetwork 0.5 10/06/2015 Docker 1.9.0
libnetwork 0.4 08/04/2015 Sprint 20 Docker 1.8.0
libnetwork 0.3 06/18/2015 Docker 1.7.0
DOCKER0 BRIDGE
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
¡ Be a default bridge in Docker Hosts
¡ Randomly chooses an address and subnet from the private range defined by RFC 1918
¡ Automatically forwards packets between any other network interfaces that are attached to it
VIRTUAL ETHERNET INTERFACES
¡ a pair of “peer” interfaces that are like opposite ends of a pipe — a packet sent on one will be received on the other
¡ It gives one of the peers to the container to become its eth0 interface and keeps the other peer, with a unique name like veth37c1271
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
BINDING CONTAINER PORTS TO THE HOST
¡ docker run:
¡ -P or --publish-all=true|fals
¡ -p SPEC or --publish=SPEC
¡ -p IP:host_port:container_port
¡ -p IP::port
¡ --ip=IP_ADDRESS
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
¡ --expose <port>
¡ EXPOSE line in the image’s Dockerfile
or and
LINKING CONTAINERS TOGETHER
¡ docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 -e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=wppwd mysql
¡ docker run --name wp01 --link db:mysql -d -e WORDPRESS_DB_NAME=wpdb -e WORDPRESS_DB_USER=wpuser -e WORDPRESS_DB_PASSWORD=wppwd -p 8080:80 wordpress
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
Iptables
Docker Host
8080/tcp
eth0
db
3306/tcp
• Wpuser • wppwd
Wpd
b
eth0
wp01 • /etc/host • WORDPRESS_DB_N
AME=wpdb • WORDPRESS_DB_US
ER=wpuser • WORDPRESS_DB_PA
SSWORD=wppwd
eth0
Mysql:// 80/tcp
Docker Host
eth0 L0
docker0
HOW DOCKER NETWORKS A CONTAINER ?
¡ option to docker run : ¡ --net=bridge (default) ¡ --net=host ¡ --net=container:NAME_or_ID ¡ --net=none
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
db
• Wpuser • wppwd
Wpd
b
L0
Veth*** eth0
3306/tcp
¡ docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 -e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=wppwd mysql
EDITING NETWORKING CONFIG FILES
¡ with Docker v.1.2.0, you can now edit /etc/hosts, /etc/hostname and /etc/resolve.conf in a running container
¡ changes to these files will not be saved by docker commit nor will they be saved during docker run
¡ won’t be saved in the image, nor will they persist when a container is restarted
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
ADVANCED NETWORKING TOOLS (THIRD PARTIES)
¡ Pipework (Jérôme Petazzoni)
https://github.com/jpetazzo/pipework
¡ Foundations of Python Network Programming (Brandon Rhodes)
https://github.com/brandon-rhodes/fopnp/tree/m/playground
¡ WEAVE
https://github.com/weaveworks/weave
HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015
Why is Networking important?
• Traditional Networking is incredibly vast and complex
• Networking is an inherent part of distributed applications
• Make it developer-friendly & application driven.
Source: recap from DockerCon US 2015
Goals
• Make “network” & “service” as top-level objects
• Provide a pluggable networking stack
• Span networks across multiple hosts
• Support multiple platforms
Source: recap from DockerCon US 2015
Whats New?
• Updated Networking Stack in Docker
• Create Networks using the Docker CLI
• Multi-host Networking
• Services UI
blue = experimental Source: recap from DockerCon US 2015
What is Libnetwork
• Library for creating and managing network stacks for containers
• Test daemon/client called "dnet"
• Driver-based networking
• Implements the Container Network Model
Source: recap from DockerCon US 2015
Create
Network
Create
Container
Defer to Driver
Defer to Driver
Source: recap from DockerCon US 2015
Libnetwork API
• libnetwork.New
• controller.ConfigureNetworkDriver
• controller.NewNetwork
• network.CreateEndpoint
• endpoint.Join
Source: recap from DockerCon US 2015
RESTful API
• Provides CRUD for Networks and Endpoints
• /network
• /network/<network_id>/endpoints
• /network/<network_id>/endpoints/<endpoint_id>
• /network/<network_id>/endpoints/<endpoint_id>/containers
• /services
• /services/<service_id>
• /services/<service_id>/backends
Source: recap from DockerCon US 2015
Drivers
• Drivers implement the Driver API
• They provide the specifics of how a network and endpoint are implemented
Source: recap from DockerCon US 2015
Bridge Driver
• Creates a Linux Bridge for each network
• Creates a veth pair for each endpoint
- One end is attached to the bridge
- The other appears as eth0 inside the containers
• iptables rules created for NAT
Source: recap from DockerCon US 2015
Overlay Driver
• Creates a separate network namespace for every network - Facilitates overlapping IP address space across networks
• Creates a Linux Bridge and VXLAN tunnels to every other discovered host
• Creates a veth pair for each endpoint - One end is attached to the bridge
- The other appears as eth0 inside the container
• Network namespace connected to host network using NAT - Facilitates exiting the overlay network at every host(for external connectivity)
Source: recap from DockerCon US 2015
Network Plugins
• Implemented using libnetwork's remote driver
• Uses JSON-RPC transport
• Can be written in any language
• Can be deployed as a container
Source: recap from DockerCon US 2015
– R. Callon, RFC 1925 - The Twelve Networking Truths
“One size never fits all.”
Source: recap from DockerCon US 2015
Call to Action!
• Try the Docker Experimental Channel! - https://experimental.docker.com
• Contribute to libnetwork - Raise an Issue or Submit a Pull Request
• Chat with us on IRC - #docker-network on Freenode
• Stop by at the booth for a demo
Source: recap from DockerCon US 2015
top related