Docker Networking Meetup - Intro to Weave/Flannel

Docker Networking Meetup #2 - Mountain View

Docker NetworkingWeave and Flannel

Dhananjay DJ Sampathwifi: HD-Guestpass: hackerdojo


Weave● Weaveworks inc. (previously called Zettio)

● Network plane for Docker continers

● Previously built RabbitMQ

● Recently secured funding lead by Accel Venture Partners


What is Weave?

● Weave allows you to connect docker containers across multiple hosts together

● It gives you a flat network for your container environment independent of which host they are located (AWS, GCE etc.)


How do they do it?

Physical Host

veth 2

veth 1weave router

UID UID UID UID UID

MAC MAC MAC MAC MAC


Weave Encap● Router performs batching

● Name, meta-data is used for matching

● Weave peers don’t have to know all mac addresses (aggregation)

● No ARP explosion

All of this over TCP/IP and

through your firewalls


Crypto (NaCl libraries)● Encrypt data connections both TCP and UDP

● NaCl - Go implementation

● Diffie Hellman to exchange keys between hosts

● User provided password is SHA-256ed and added to the ephemeral session key

● Prevent basic sniffing, MITM attacks


DNS● Name based look up is available (recent commit)

● Distributed DNS service (like skydns, consul etc)

● Minimal config, Minimal Sync, Minimal app mods


Hands on - Basic Weave Topology

HOST 1$ weave launch$ C=$(weave run 10.0.1.1/24 -t -i ubuntu)HOST 2$ weave launch $HOST1$ C=$(weave run 10.0.1.2/24 -t -i ubuntu)$ ping 10.0.1.1 (from 10.0.1.2)

Host 1 Host 2

PORT: 6783TCP; UDP


Attaching weave to existing containers

Host 1 Host 2

PORT: 6783TCP; UDP

$ C=$(docker run -d -t -i ubuntu)$ weave attach 10.0.1.1/24 $C$ weave detach 10.0.1.1/24 $C

C1

C2


Services

Host 1 Host 2

PORT: 6783TCP; UDP

$ weave expose 10.0.1.102/24

Service export$ iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2211 \ -j DNAT --to-destination 10.0.1.1:4422

C1

C2


Password based protection

$ weave launch -password wEaVe

Multi-cloud, Multi-hop, Container mobility, Fault tolerance and DNS are other features.


DNS

$ sudo weave launch

$ sudo weave launch-dns 10.1.0.3/16

$ sudo weave run 10.1.1.25/24 -ti -h shell.weave.local debian /bin/bash

$ SHELL2=$(sudo weave run 10.1.1.26/24 -ti -h shell2.weave.local debian

/bin/bash)

$ docker attach $SHELL2

# ping shell


Github/Codehttps://github.com/zettio/weave#readme

https://github.com/zettio/weave#readme

https://github.com/zettio/weave#readme


PerformanceCORE OS - Flannel

Weave - ?

Docker Networking Tutorial Continued

Srini Seetharaman [email protected]

November, 2014

mailto:%[email protected]

Flannel

•Lightweight OS based on Gentoo Linux

•Has a distributed key-value store at the core

•Read-only rootfs. Writeable /etc

o All services are in containers

CoreOS

•One subnet per machine, like Kuberneteso Host 1: 10.10.10.0/24o Host 2: 10.10.11.0/24

•No Docker port-based mapping

•Containers reach each other through IP

•Packets encapsulated using UDP, and soon VxLAN

Flannel

18

1. Build flannel on each host

2. Set key in etcd for network config

3. Start flannel

4. Start container with appropriate IP

Instructions to Run Flannel

20

$ curl -L http://127.0.0.1:4001/v2/keys/coreos.com/network/config -XPUT -d value='{ "Network": "10.0.0.0/8", "SubnetLen": 20, "SubnetMin": "10.10.0.0", "SubnetMax": "10.99.0.0", "Backend": {"Type": "udp", "Port": 7890}}

$ source /run/flannel/subnet.env $ docker -d --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU}

• Three CoreOS hosts

Our Setup

21

192.168.2.116192.168.2.112

flannelflannel

bashnginx

192.168.2.119

flannel

bash

•IP address overlap not possible

o VxLAN not used to create container groups

•User-space encapsulation and forwarding

o Potential performance bottleneck

Limitations

22


Hackathons● once every 2 months

● help folks get environments setup, discuss projects and start submitting bug fixes in the projects

● build out your open source portfolio on github

● connect with Bay Area NVirters, Go-Lang, Python groups to build skills and hack on the new infrastructure stack !

● Motivation: Cool projects, Free food ! Why not !? :D

Technology

Docker Networking Meetup - Intro to Weave/Flannel