Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Docker Networking Deep Dive
Next
Download to read offline and view in fullscreen.

7

Share

Download to read offline

Docker Networking : 0 to 60mph slides

Download to read offline

An in-depth look into Docker Networking. We will cover all the networking features natively available in Docker and take you through hands-on exercises designed to help you learn the skills you need to deploy and maintain Docker containers in your existing network environment.

Led by Docker Networking Pros:
Madhu Venugopal
Jana Radhakrishnan

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Docker Networking : 0 to 60mph slides

  1. 1. Docker Networking Workshop Jana Radhakrishnan Nicola Kabar
  2. 2. Docker Networking Model Architecture Design Considerations Advantages Agenda Evolution + Under the Hood Drivers DNS Routing Load Balancing Demos Deployment Models Exercises + Roadmap
  3. 3. Container Networking Model Design, Architecture, and Key Advantages
  4. 4. • Traditional Networking is incredibly vast and complex • But, Networking is inherent part of distributed applications • Make it developer-friendly & application driven. Why is Networking important?
  5. 5. “We'll do for Networking, What Docker did for Compute.” — Moby
  6. 6. • Make "network" a first class object • Distributed application portability • Secure control and data paths • Provide a pluggable networking stack • Span networks across multiple hosts • Support multiple OS platforms Goals
  7. 7. Design Philosophy • Users First: • Application Developers • IT/Network Ops • Plugin API Design • Batteries Included but Swappable
  8. 8. Container Networking Model • Endpoint • Network • Sandbox
  9. 9. Create Network Create Container Defer to Driver Defer to Driver
  10. 10. Library for creating and managing network stacks for containers Driver-based networking Implements the Container Network Model Native service discovery and load balancing What’s libnetwork?
  11. 11. • Pluggability  Flexibility • Docker Native UX and API  User Friendly • Distributed  Scalability + Performance • Decentralized  Highly-Available • Out-of-the-Box Support with Docker Datacenter Key Advantages
  12. 12. Use-Case: Microservices Segmentation
  13. 13. Q&A
  14. 14. Break
  15. 15. Docker Networking Evolution
  16. 16. Docker Networking Timeline 1.7 1.8 1.9 1.10 1.11 Libnetwork(CNM) - Multihost Networking - Plugins - IPAM - Network UX/API Service Discovery Distributed DNS - Aliases - DNS Round Robin LB 1.12
  17. 17. Under the Hood of Bridge Networking
  18. 18. Bridge Networking Under the Hood • netns • Iptables • NAT • IP management • Routing • userland proxy eth0 docker0 C1 eth0 eth0 C2 • Iptables • NAT • User proxy • Routing eth0
  19. 19. Demo 1 : Bridge Networking
  20. 20. Under the Hood of Multihost Networking
  21. 21. KV Store Docker Host Docker Host Docker Host C1 C2 C3 C4 C5 C6 C7 C8 C9
  22. 22. Overlay Networking Under the Hood 1. VXLAN==>DataTransport • Virtual eXtensible Local Area Networks • L2 Network over an L3 network ( overlay ) • RFC7348 • Invisible to the container • Host as VXLAN Tunnel End Point (VTEP) • Point-to-Multi-Point Tunnels • Proxy-ARP
  23. 23. Overlay Networking Under the Hood 2. Key-Value Store • Network ID • Subnets • Nodes • VXLAN ID
  24. 24. Overlay Networking Under the Hood 3. Network Namespaces • A Linux Bridge per Subnet per Overlay Network per Host • A VXLAN interface per Overlay Network per Host • 1 Linux Bridge per Host for default traffic (docker_gwbridge) • Lazy creation ( Only if container is attached to network)
  25. 25. Overlay Networking Under the Hood C1 C2 C3 C5 C4 br0 Veth Veth Veth Host NIC VXLAN Host NIC br0 Veth Veth VXLAN Docker Host 1 Docker Host 2
  26. 26. Demo 2 : Overlay Networking
  27. 27. Under the Hood of embedded DNS
  28. 28. Embedded DNS Under the Hood • DNS listener per container • Distributed ( for both bridge and overlay) • Proxy for external DNS services • Can be used with DNSSEC engine DNS Server DNS Resolver DNS Resolver DNS requests
  29. 29. Demo 3 : DNS Demo
  30. 30. Break
  31. 31. Networking Exercises
  32. 32. • 2 VMS per attendee • Ubuntu 15 based with Docker 1.12! • Received SSH pem/ppk and VM info • Go ahead and SSH Into one of the machines. Lab Access
  33. 33. Pre-Defined Networks bridge (default) --> containers in local docker0 bridge null --> containers without any network interfaces host --> containers use same interfaces as host ( same netns)
  34. 34. - Run `docker network ls` to list all the networks on the host - Run `docker network inspect <network_name>` to inspect a network - You can easily remove a network with `docker network rm <network_name>` No need to remove any network… but you can try  Exercise 0: Explore Docker Networks
  35. 35. - Start a container with `none` network and explore `ifconfig` - docker run -it --net=none mrjana/lab - Try to ping www.docker.com - Are the results expected? - What are the key use-cases and disadvantages of using `none` networks? Exercise 1: Pre-Defined Networks
  36. 36. - Start a container with `host` network and explore `ifconfig` - docker run -it --net=host mrjana/lab - Run a `tcpdump -i eth0 port 22` and explore the results? - Are the results expected? - What are the key use-cases and disadvantages of using `Host` networking? Exercise 2: Pre-Defined Networks
  37. 37. - Create a custom bridge network and call it `mynet` - docker network create -d bridge mynet - Start two containers with the mynet network and name them c1 and c2 - docker run -itd --net=mynet –name c1 mrjana/lab - docker run -itd --net=mynet –name c2 mrjana/lab - Run `ping c1` from c2 container. - Run a `nslookup c1` from c2 container and explore the results? Exercise 3: User-Defined Networks
  38. 38. - Start two containers with the `mynet` network and name them c3 with network-alias=foo and c4 with network-alias=bar. - docker run -itd --net=mynet –name c3 –net-alias foo mrjana/lab - docker run -itd --net=mynet –name c4 –net-alias bar mrjana/lab - Run `ping c3` from c4 container. - Run `ping foo` from c4 container. What do you observe? - Lets create another container c5 that is part of the foo network alias. - Run `ping foo` from c4 container. What do you observe? - Run a `nslookup foo` from c4 container and explore the results? Exercise 4: Aliases and Loadbalancing
  39. 39. - Create another network and name it `myothernet` - Start two more containers: container c6 on the `mynet` network and c7 on the `myothernet` network. - docker run -itd --net=mynet –name c6 mrjana/lab - docker run -itd --net=myothernet –name c7 mrjana/lab - Now let’s create another container `c8` on the `mynet` network. - docker run -itd --net=mynet –name c8 mrjana/lab - Now, connect c8 to myothernet - docker network connect myothernet c8 - Try and ping c6 and c7 from c8. - Can you ping c7 from c6 ? Exercise 5: Multi-Network Container Connection
  40. 40. Thank you!
  • Gudimetla

    May. 15, 2020
  • kinjonggun

    May. 30, 2018
  • allengaller

    Feb. 13, 2017
  • Colin_123

    Dec. 8, 2016
  • l3iying

    Sep. 6, 2016
  • PingHan1

    Jul. 13, 2016
  • linekin

    Jul. 7, 2016

An in-depth look into Docker Networking. We will cover all the networking features natively available in Docker and take you through hands-on exercises designed to help you learn the skills you need to deploy and maintain Docker containers in your existing network environment. Led by Docker Networking Pros: Madhu Venugopal Jana Radhakrishnan

Views

Total views

1,265

On Slideshare

0

From embeds

0

Number of embeds

45

Actions

Downloads

119

Shares

0

Comments

0

Likes

7

×