For the Docker Online Meetup #42, Ajeet will shared his key takeaways and the best ways to use Docker 1.12 Service Discovery. Ajeet Singh Raina is currently working as Technical Lead Engineer in the Enterprise Solution Group at Dell India R&D and has solid understanding of a diverse range of IT infrastructure, system management, system integration engineering and quality assurance. Ajeet has a great passion for upcoming trends and technologies. He loves contributing towards Open source space through writing and blogging @ http://www.collabnix.com.

1. Service Discovery under Docker 1.12
Presenter Name : Ajeet Singh Raina
Presented Date: Aug 31, 2016
Presented at: Docker Online Meetup

2. 2
ABOUT ME
#Contribution:
- Frequent Blogger – http://www.collabnix.com
- @Docker Captain
- Article Writing @ OSFY India
- Dell Community ( Containerizing Dell Legacy Application)
#Inside Dell:
- Project Lead Engineer(Global Solution Engineering)
- Worked in VMware, CGI , Dell R&D
- Solaris Lead Engineer ( Wiki Moderator)
• (t) – ajeetsraina (f) - Docker Public Group Moderator
#Reviewed Publications:
- Puppet for Containerization
- PowerCLI Cookbook
#Technology : Open Source Linux, Docker, Hadoop, Puppet

3. 3
Agenda
• What’s new in Docker 1.12 Swarm Mode? – A Quick Recap
• Evolution of Service Discovery
• Definition of Service – An Approach to Service Discovery
• How Service Discovery works?
• A Quick Demo of Service Discovery
• Key Takeaways

4. 4
What’s new in Docker 1.12?

5. 5
Evolution of Service Discovery
Docker 1.9
/etc/hosts and /etc/resolv.conf
~ for the cluster service.
Disadvantage:
- Corrupted /etc/hosts
- Lacking of Load-Balancing
Feature
Complex way of Service
Discovery
Docker 1.10/1.11
- Embedded DNS
--network-alias=ALIAS
--link=CONTAINER_NAME:ALIAS
--dns=[IP_ADDRESS...]
--dns-search=DOMAIN
- Service Discovery through
External Discovery backend
like Consul, zookeeper etc.
Docker 1.12
- No External Service Discovery
Backend Required
- Service Discovery plumbed directly
into $docker service
- Service ~ A First Class Citizen
- Network is scope of discoverability.
- Service Discovery by Unqualified
names.(Un-FQDN)
- Provided by Embedded DNS
- Highly Available
- Ability to discover both the services
and tasks
-.

6. 6
What is Service?
- A central structure and the primary root of user interaction with the Swarm System
- The definition of the tasks to execute on the worker nodes
- Tasks => workloads (container workloads as of now), Unikernel & VMs(in future)
Types
Global Services ( $docker service create –mode=global)
Replicated Services ( $docker service create –replicas 5)

7. Understanding Service Discovery
Cluster
node1
node3
node2
node4
node5
node6
node7
DB
DB
DBAPI
API
API
Web
Web
Web
API

8. Understanding Service Discovery
A Typical Swarm Cluster
node1
node3
node2
node4
node5
node6
node7
DB
DB
DBAPI
API
API
Web
Web
Web
API

9. 9
Service Discovery
helps services find and talk to each other
Serviceа Serviceb
address

10. 10
Service Discovery
helps service find and talk to each other
Serviceа Serviceb
Serviceb
Serviceb
Serviceb
Serviceb
Serviceb
Serviceb
Scaling
Scaling

11. DNS Request
generated by
container
11
How Embedded DNS resolve unqualified names?
$nslookup wordpressapp
$ping wordpressapp
$dig wordpressdb
Socket is created inside
the container
namespace
Send to random
UDP/TCP port
listening in Docker
daemon
Loopback address is
trapped
DNS Server identifies the
request via sockets
DNS Server is aware of the
context of the container
running that particular
service
Looks at /etc/resolv.conf
inside the container
$cat /etc/resolv.conf
nameserver 127.0.0.11
options ndots:0

12. Creating a new
overlay network
12
Demonstrating Service Discovery under Swarm Mode
$docker network create
-d overlay collabnet
--subnet 10.0.3.0
--opt encrypted
Creating a service
DNSRR VIP
$docker service create
–endpoint-mode dnsrr
-–name wordpressapp
--replicas 5
--network collabnet
$docker service create
-–name wordpressapp
--replicas 5
--publish 80:80/tcp
--network collabnet
Virtual IP (VIP)
Assignment to each
Service
$ docker service inspect
--format=='{{json
.Endpoint.VirtualIPs}}'
wordpressapp
{"NetworkID":"9eyjm4uv4ynmz
0aubfqxise29","Addr":"10.0.0.4/2
4"}]
VIP maps to DNS alias
The VIP(a private non-
routable IP which uses IPVS
LB) maps to a DNS alias
based upon the service
name.
DNS shared via
GOSSIP
Containers share DNS
mappings for the service
via GOSSIP
Service Discovery via
service Name
Any container on the
network can access the
service via its service
name

13. 13
Demo

14. 14

15. 15
Network - the scope of Service Discoverability
Master-1 Node-1 Node-3Node-2
collabnet
wordpress
db.1
VIP(10.0.0.2)
wordpress
app.1
wordpress
app.5
wordpress
app.4
wordpress
app.2
wordpress
app.3
VIP(10.0.0.4)Wordpressapp
Wordpressdb
collabnet1
Wordpressdb
1.1
Wordpressdb1 VIP(10.0.1.2)
Services

16. 16

17. 17
Key Takeaways
Service Discovery:
• Service is now a first class citizen and plumbed directly into $docker service .
• Services can be published using two modes: VIP and DNSRR
• You can resolve a particular service by using its Unqualified names.
• You don't need to expose service-specific ports to make the service available to other services on the same
overlay network.
• Virtual IP is not going to change even if you scale out the services or bring down the containers running that
service.
• Trying to do: $ping VIP doesn’t work and is as designed. Technically, IPVS is a TCP/UDP load-balancer, while ping
uses ICMP and hence IPVS is not going to load-balance the ping request.
• For VIP based services the reason ping works on the local node is because the VIP is added a 2nd IP address on
the overlay network interface.
• When you use DNS-RR mode, services don't have a VIP allocated. Instead service names resolves to one of the
backend container IPs randomly.
• Service Discovery is scoped within a network.