Embed Size (px)
Citation preview
Docker NetworkingJohn Merrells
DockerThe current state of Docker Networking
get a server
Ubuntu 14.04
eth0: 45.79.82.5
install an operating system
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1
install Docker
Docker 1.6.2
$ wget -qO- https://get.docker.com/ | sh
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22b
start a container
eth0: 172.17.0.1port: 5000
$ docker run -d …
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22b
traffic routed through docker bridge
eth0: 172.17.0.1port: 5000
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22bport 32768
start a container, and publish a port
$ docker run -d -P …
eth0: 172.17.0.1port: 5000
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22bport 32768
traffic to port forwarded
eth0: 172.17.0.1port: 5000
Ubuntu 14.04
If we want containers to communicate with each other
eth0: 45.79.82.5docker0: 172.17.42.1
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1veth7b4d22b
start a container, with a name
$ docker run -d —name web …
eth0: 172.17.0.1port: 5000name: web
Ubuntu 14.04
start containers with names, and ‘link’ them together
eth0: 172.17.0.1port: 5432name: db
eth0: 172.17.0.2port: 5000name: web
eth0: 45.79.82.5docker0: 172.17.42.1veth8a5c43aveth7b4d22bport 32768
$ docker run -d --name db … $ docker run -d -P --name web --link db:db …
Ubuntu 14.04
eth0: 172.17.0.1port: 5432name: db
eth0: 172.17.0.2port: 5000name: webDB_PORT=tcp://172.17.0.7:5432DB_PORT_5432_TCP=tcp://172.17.0.7:5432DB_PORT_5432_TCP_ADDR=172.17.0.7DB_PORT_5432_TCP_PORT=5432DB_PORT_5432_TCP_PROTO=tcpDB_NAME=/web/db
linking is via environment variables
custom application code needed
h2eth0: 45.79.90.4docker0: 172.17.42.1
h1eth0: 45.79.82.5docker0: 172.17.42.1
If we want containers, on different hosts,
to communicate with each other
Docker hosts don’t know about each other
eth0: 172.17.0.1port: 5432name: db
h2eth0: 45.79.90.4docker0: 172.17.42.1port 32768
eth0: 172.17.0.1port: 5000name: web
h1eth0: 45.79.82.5docker0: 172.17.42.1port 32893
there’s no linking across the network
h1$ docker run -d -P —name web … h2$ docker run -d -P —name db …
Container NetworkingDocker
IP Allocation Subnet per Host
Routing NAT
Ports IPTables, Port Forwarding, Random Ports
Service Discovery Environment Variables
Multi Host Not Supported
WeaveNetworking with Docker + Weave
get a server
Ubuntu 14.04
eth0: 45.79.82.5
install an operating system
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1
install Docker
Docker 1.6.2
$ wget -qO- https://get.docker.com/ | sh
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1
install Weave
Docker 1.6.2
$ wget -O /usr/local/bin/weave \ https://git.io/weave
Weave 0.10.0
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1vethace68bd
weavevethwepl8289
launch the weave router
$ weave launch
eth0: 10.0.0.1name: weaveport: 6783
Ubuntu 14.04
eth0: 45.79.82.5docker0: 172.17.42.1vethace68bd
weavevethwepl8289
eth0: 10.0.0.1name: weaveport: 6783
let’s ignore the docker bridge and interfaces
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
start a container
$ weave run 10.2.1.1/24 -d …
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
traffic routed through weave
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
start a container, publish a port
$ weave run 10.2.1.1/24 -d —name web -p 5000:5000 …
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000name: web
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8709
traffic router through weave, no random port
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000name: web
eth0: 45.79.82.5
weave
If we want containers to communicate with each other
eth0: 10.0.0.1name: weaveport: 6783
eth0: 45.79.82.5
weave
use the weave DNS server
$ weave launch-dns 10.1.0.3/16 …
eth0: 10.0.0.1name: weaveport: 6783eth0: 10.1.0.3name: weavednsport: 53
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8801
vethwepl8709eth0: 10.2.1.1port: 5000name: web
eth0: 10.2.1.2port: 5432name: db
$ weave run 10.2.1.1/24 -d —name web -p 5000:5000 … $ weave run 10.2.1.2/24 -d —name db …
now we can name containers
eth0: 10.0.0.1name: weaveport: 6783eth0: 10.1.0.3name: weavednsport: 53
and they can find each other with regular DNS lookups
name: weaveport: 6783
name: weavednsport: 53
eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8801
vethwepl8709
Where’s db?
Where’s web?
and communicate with each other over regular IP based protocols
name: weaveport: 6783
name: weavednsport: 53
eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
eth0: 45.79.82.5
weavevethwepl8289
vethwepl8801
vethwepl8709
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
name: weavednsport: 53
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
name: weavednsport: 53
h1$ weave launch 10.0.0.1/16 h2$ weave launch 10.0.0.2/16 45.79.82.5
If we want containers, on different hosts,
to communicate with each other
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
h1$ weave run 10.2.1.1/24 -d —name web -p 5000:5000 … h2$ weave run 10.2.1.2/24 -d —name db …
It’s just the same, containers can find each other with DNS
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
Where’s db?
Where’s web?
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
eth0: 10.2.1.2port: 5432name: dbfqdn: db.weave.local
and can communicate over regular IP based protocols
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
Container NetworkingDocker Weave
IP Allocation Subnet per Host Subnet per App
Routing NAT L2 Routing
Ports IPTables As they should be
Service Discovery Environment Variables DNS
Multi Host Not Supported Supported
WeaveBut wait, there’s more…
mesh of peers, that gossip with each other
eth0: 10.2.1.2 eth0: 10.2.1.3
eth0: 10.2.1.4eth0: 10.2.1.1
eth0: 10.2.1.2 eth0: 10.2.1.3
eth0: 10.2.1.4eth0: 10.2.1.1
mesh of peers, with least cost routing
start containers, on different clouds…
Weave 0.10.0
eth0: 10.2.1.2 eth0: 10.2.1.3 eth0: 10.2.1.4eth0: 10.2.1.1
encrypted traffic for application isolation
eth0: 10.2.1.2eth0: 10.2.1.1 eth0: 10.2.1.2eth0: 10.2.1.1
$ weave launch -password secret123
$ weave launch -password 321terces
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
containers can migrate, from host to host
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
h2eth0: 45.79.90.4
h1eth0: 45.79.82.5
name: weavednsport: 53
name: weavednsport: 53
eth0: 10.2.1.1port: 5000name: webfqdn: web.weave.local
containers can migrate, and maintain the same IP Address
eth0: 10.0.0.2name: weaveport: 6783peer: 45.79.82.5
eth0: 10.0.0.1name: weaveport: 6783peer: 45.79.90.4
WeaveAnd coming soon
eth0: 45.79.82.5
fast data path
eth0: 10.0.0.1name: weaveport: 6783
eth0: 10.2.1.1port: 5000
OVS kernel
module
eth0: 45.79.82.5
weave
IP Address Management
eth0: 10.0.0.1name: weaveport: 6783iprange: 10.0.0.1/16
$ weave launch -iprange 10.0.0.1/16 $ weave run -d …
eth0: 10.0.0.2
Scope
Weave Scope
![Docker Networking with Container Orchestration Engines [Docker Meetup Santa Clara | April 2016]](https://img.pdfslide.net/doc/110x75/589d91871a28abfb088b738d/docker-networking-with-container-orchestration-engines-docker-meetup-santa.jpg)
