• Like

AWS Chicago User Group presentation: Connecting Docker Containers over the Internet

  • 1,431 views
Uploaded on

CEO Patrick Kerpan's Chicago AWS meetup presentation "Connecting Docker Containers over the Internet" …

CEO Patrick Kerpan's Chicago AWS meetup presentation "Connecting Docker Containers over the Internet"

From the AWS Chicago user group on Aug 20th, 2014 "Compute & Networking"

"Building Docker Networks inside AWS" - Patrick Kerpan, CEO at CohesiveFT @pjktech

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,431
On Slideshare
0
From Embeds
0
Number of Embeds
13

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. copyright 2014 Connecting Docker Containers Over the Internet and across the Amazon Cloud Aug 2014 1 Thursday, July 31, 14
  • 2. copyright 2014 2 VNS3Virtualizes 6 Network Functions •Allows control, mobility & agility by separating network location and network identity ! •Control over end to end encryption, IP addressing and network topology Router Switch Firewall VPN Concentrator" IPsec/SSL Protocol" Redistributor Scriptable SDN Thursday, July 31, 14
  • 3. copyright 2014 3 Add Additional FunctionalityVia Software Containers Isolated Docker containers withinVNS3 3.5 allows customers to embed features and functions safely and securely into their Cloud Network.! Router Switch Firewall Protocol! Redistributor VPN! Concentrator Scriptable! SDN VNS3 Core Components Proxy Reverse Proxy Content Caching Load Balancer IDS Custom Container Thursday, July 31, 14
  • 4. copyright 2014 4 VNS3 - now more than L3 overlay Container 1 Container Interface HOST 1 Container 2 Container Interface CloudVM Adapter Tunnel Adapter VNS3 Docker Interface Container 1 Container Interface HOST 2 Container 2 Container Interface CloudVM Adapter Tunnel Adapter VNS3 Docker Interface Cloud A Cloud B Thursday, July 31, 14
  • 5. copyright 2014 VNS3 Resource Utilization “then” and “now” 5 HOST 1 CloudVM Adapter Tunnel Adapter Container 1 Container Interface HOST 1 Container 2 Container Interface CloudVM Adapter Tunnel Adapter VNS3 Docker Interface AWS m1.small c1.medium or equivalent running L3 overlay AWS m3.medium or larger running L3 overlay plus customer controlled L4-7 functions. Thursday, July 31, 14
  • 6. copyright 2014 Cloud Overlay Networking Chicago, IL USA! Remote Subnet: 192.168.3.0/24 1 Customer Remote Office VNS3 1 VNS3 2 VNS3 Overlay Network Subnet: 172.31.0.0/22 Overlay IP: 192.168.79.1 Overlay IP: 192.168.79.X Overlay IP: 192.168.79.2 Overlay IP: 192.168.79.Y Cloud Server A Cloud Server B Cloud Server C Cloud Server D Active IPsec Tunnel 192.168.3.0/24 - 172.31.1.0/24 Firewall / IPsec ! Cisco 5505 User Workstation LAN IP: 192.168.3.100 User Workstation LAN IP: 192.168.3.50 Public IP: 184.73.174.250! Overlay IP: 192.168.79.253 Public IP: 54.246.224.156! Overlay IP: 192.168.79.252 Peered US East 1 Europe
  • 7. copyright 2014 6 Connecting Docker Containers withVNS3 Container 1 Container Interface HOST 1 Container 2 Container Interface CloudVM Adapter Tunnel Adapter VNS3 Docker Interface Container 1 Container Interface HOST 2 Container 2 Container Interface CloudVM Adapter Tunnel Adapter VNS3 Docker Interface AWS East AWS EU Send secure network traffic from Container at 198.51.100.3 in AWS East to Container at 198.51.100.18 in AWS EU viaVNS3 encrypted routers. Thursday, July 31, 14
  • 8. copyright 2014 LaunchVNS3 and configure container networking • Setup Container Network on instance #1 as 198.51.100.0/28 • Setup container network on instance #2 as 198.51.100.16/28 7 Thursday, July 31, 14
  • 9. copyright 2014 Advertise a route from the manager to its container network • VNS3 Manager #1exposes a route to container network #1 (198.51.100.0/28) andVNS3 • Manager exposes a route to container network #2 (198.51.100.16/28) 8 Thursday, July 31, 14
  • 10. copyright 2014 Configure firewall to port forward and allow inter-container traffic as desired. 9 Thursday, July 31, 14
  • 11. copyright 2014 Deploy Dockerfiles or LXC images to yourVNS3 mesh and then allocate running container “instances” 10 Thursday, July 31, 14
  • 12. copyright 2014 Communicate between docker containers on host 1 in Cloud A and host 2 in Cloud B 11 Thursday, July 31, 14
  • 13. copyright 2014 SSH into the containers - and transfer traffic safely and easily 12 Thursday, July 31, 14
  • 14. copyright 2014 1. Connectivity - More connectivity choices including remote users ‘road warrior’ use case 2. Integration - Instance-based appliance fully integrates with your existing network platform 3. Security - Customer controlled keys for end-to-end data in motion encryption 4. Tried and True - 200+ million device hours secured to date 5. Automation - Cloud network creation via full documented API or UI 6. Freedom - Customer applications can use protocols typically blocked like UDP multicast 7. Control - Custom IP addressing and network topology 8. Federation - Create an overlay network across multiple cloud regions or clouds 9. Compliance -VNS3 overcomes key HIPAA and PCI obstacles 10. Flexibility - Docker Containers allow easy addition of new network functions to yourVNS3 Connectivity, Integration and Security for Cloud Applications Top 10 Reasons to UseVNS3 13 Thursday, July 31, 14