Upload
docker-inc
View
278
Download
1
Embed Size (px)
Citation preview
Docker Networking
Docker 1.9.0• New top-level UX & API : docker network
• Support for multiple micro-segmented networks
• Built-in multihost networking using VXLAN based overlay driver
• Support for third party network plugins
• Ability to dynamically connect containers to multiple networks
• Pluggable and user-defined IP address mgmt
• Integration with Docker Swarm
Docker 1.10.0• Service Discovery using embedded DNS
• IP stability using `--ip / --ipv6` option
• Network-scoped Alias support
• `—link` support in user-defined networks
• Network isolation using `--internal` option
• Multi-host networking in all supported kernels (3.10+)
• Integration with Docker Compose
Docker 1.11.0• Built-in load-balancing using DNS-RR
• Service Discovery for IPv6 (AAAA Records)
• Experimental Macvlan & IPVlan drivers
Docker Networking use-cases
Use-case1 Default Bridge Network
(docker0)
eth0 eth0 eth0
docker0 docker0 docker0
C1eth0 eth0
C2eth0C3 C1
eth0 eth0C2
eth0C3 C1
eth0 eth0C2
eth0C3
ToR switch / Hypervisor switch / …
iptables : NAT / port-mapping
iptables : NAT / port-mapping
iptables : NAT / port-mapping
Use-case2
User-Defined Bridge Network
Host1 : $ docker network create -d bridge -o com.docker.network.bridge.name=brnet brnet $ docker run --net=brnet -it busybox ifconfig
eth0
brnet 172.18.0.1
ToR switch / Hypervisor switch / …
eth0C1
Host1
eth0C2
eth0C3
iptables : NAT / port-mapping
eth0
brnet 172.18.0.1
eth0C4
Host2
eth0C5
eth0C6
iptables : NAT / port-mapping
eth0
brnet 172.18.0.1
eth0C7
Host3
eth0C8
eth0C9
iptables : NAT / port-mapping
Host2 : $ docker network create -d bridge -o com.docker.network.bridge.name=brnet brnet $ docker run --net=brnet -it busybox ifconfig
Host3 : $ docker network create -d bridge -o com.docker.network.bridge.name=brnet brnet $ docker run --net=brnet -it busybox ifconfig
Use-case 3
Docker Overlay Network
eth0
C1eth1 eth1
C2eth1C3
ToR switch / Hypervisor switch / …
docker0docker_gw
eth0
C1eth1 eth1
C2eth1C3
docker0docker_gw
eth0
C1eth1 eth1
C2eth1C3
docker0docker_gw
ov-net1 ov-net1 ov-net1VXLAN-VNI 100 VXLAN-VNI 100
eth0 eth0 eth0 eth0 eth0 eth0 eth0 eth0 eth0
VXLAN-VNI 100
iptables : NAT / port-mapping
iptables : NAT / port-mapping
iptables : NAT / port-mapping
Use-case 4
Plumbed to underlay vlan with built-in IPAM
Experimental vlan drivers (macvlan & ipvlan) https://github.com/docker/docker/blob/master/experimental/vlan-networks.md
# vlan 10 (eth0.10)$ docker network create -d macvlan —subnet=10.1.10.0/24 —gateway=10.1.10.1 -o parent=eth0.10 mcvlan10
$ docker run --net=mcvlan10 -it --rm alpine /bin/sh
# vlan 20 (eth0.20)$ docker network create -d macvlan —subnet=10.1.20.0/24 —gateway=10.1.20.1 -o parent=eth0.20 mcvlan20
$ docker run --net=mcvlan20 -it --rm alpine /bin/sh
# vlan 30 (eth0.30)$ docker network create -d macvlan —subnet=10.1.30.0/24 —gateway=10.1.30.1 -o parent=eth0.30 mcvlan30
$ docker run --net=mcvlan30 -it --rm alpine /bin/sh
User Guide https://docs.docker.com/engine/userguide/networking/dockernetworks/
Docker overlay networking https://docs.docker.com/engine/userguide/networking/get-started-overlay
http://container42.com/2015/10/30/docker-networking-reborn/
Experimental docker vlan drivers : https://github.com/docker/docker/blob/master/experimental/vlan-
networks.md
Resources