Redes em container

•

0 likes•34 views

A maioria dos times de infraestrutura já estão adotando containers em seus ambientes de desenvolvimento e de testes. Contudo, ainda é notável a dificuldade para esta tecnologia chegar no ambiente de produção. Uma das maiores dificuldades está na parte de redes. No mundo de containers este tópico fica ainda mais complicado, onde continuamente containers são criados e destruídos, movidos entre máquinas e até entre datacenters. Nesta talk, será explicado de forma detalhada e prática sobre o funcionamento da rede usada pelo Docker. Além disso, será abordado algumas soluções e como são os detalhes de implementação para garantir a segurança e performance em ambientes críticos.

Technology

Globalcode – Open4education
Trilha – Containers
Redes em Container
Guilherme Oki

Globalcode – Open4education
Agenda
• Infra Tradicional vs Infra Moderna
• Containers
• Rede
• Padrões de redes em container
• Tipos de rede no docker
• Bridge
• Overlay
• MACVLAN
• Demos
• Redes tradicionais vs SDN
• Drivers de rede
• Flannel
• Calico

Globalcode – Open4education
Quem sou eu?
● IT Automation Engineer na Stone Pagamentos
● Defensor do Open Source
● Entusiasta da cultura e desenvolvimento ágil
● Apaixonado pela cultura devops

Globalcode – Open4education
Livros que estou lendo...
@guilhermeoki

Globalcode – Open4education
Livros muito bons
Site Reliability Engineering: How Google Runs Production Systems
Continuous Delivery - Reliable Software Releases Through Build, Test And Deployment Automation
The Illustrated Network How TCP/IP works in a modern network
The Art of Unix Programming
Linux Kernel Development
Systems Performance Enterprise and the Cloud
Clean Code
The Pragmatic Programmer from journeyman to master
The Linux Programming Interface
The Phoenix Project
The Open Organization igniting passion and performance
Time Management for System Administrators
The Lean Startup
Management 3.0 leading agile developers developing agile leaders
High Output Management

Globalcode – Open4education
Infraestrutura Tradicional
Physical Network
Physical Storage
Physical Compute
VMM
Virtual Machine
Applications

Globalcode – Open4education
Infraestrutura Moderna
Tipo 1
Tipo 2
Virtualization
SaaS
IaaS
PaaS
Storage
Networking

Globalcode – Open4education
Containers
“CONTAINERS ARE NOT A REAL THING” - Jess Frazelle
Cgroups
Namespaces
Filesystem
Virtual Machine
Containers
First Class Objects

Globalcode – Open4education
Container Code
int flags = CLONE_NEWNS | CLONE_NEWCGROUP | CLONE_NEWPID | CLONE_NEWIPC |
CLONE_NEWNET | CLONE_NEWUTS;
child_pid = clone(child, stack + STACK_SIZE, flags | SIGCHLD, &config);
Namespaces
PID UTS IPC NET MNT

Globalcode – Open4education
Redes Layer 2
Source MAC
Destination MAC
VLAN ID

Globalcode – Open4education
Redes - Layer 3
Source MAC
Destination MAC
VLAN ID
Source IP
Destination IP

Globalcode – Open4education
Container Network Standard
Drivers Nativos Outros Drivers
Host
Bridge
Overlay
MACVLAN
None
Calico
Cilium
Weave
Contiv
Kuryr

Globalcode – Open4education
Container Network Standard
IPAM

Globalcode – Open4education
Docker Network - Network Namespaces
“Docker networking is Linux networking” - Docker docs
iptables bridges veths network ns

Globalcode – Open4education
Docker Network - Network Namespaces

Globalcode – Open4education
Docker Network - Bridges

Globalcode – Open4education
DEMO - Linux Bridges

Globalcode – Open4education
Redes - Tradicionais vs SDN
Router
Management Plane
Control Plane
Data Plane
Management Plane
Control Plane
Data Plane

Globalcode – Open4education
Redes - VXLAN

Globalcode – Open4education
Docker Network - Overlay

Globalcode – Open4education
DEMO - Docker overlay

Globalcode – Open4education
Network Driver - MACVLAN

Globalcode – Open4education
DEMO - Docker MACVLAN

Globalcode – Open4education
Network Driver -Flannel
Container
10.0.0.2
Container
10.0.1.2
docker0 docker0
flannel0 flannel0
eth0
192.168.1.2
eth0
192.168.1.3

Globalcode – Open4education
Network Driver - Calico
BIRD
Felix
BIRD
Felix
Container Container
iptables
routes
iptables
routes

Similar to Redes em container

TDC2018FLN | Trilha Containers - Redes em containers

tdc-globalcode

Docker Platform and Ecosystem Nov 2015

Patrick Chanezon

Akka.Net and .Net Core - The Developer Conference 2018 Florianopolis

Alexandre Brandão Lustosa

Alex Dias: how to build a docker monitoring solution

Outlyer

DockerCon SF 2015: Keynote Day 1

Docker, Inc.

Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17. To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk. Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as: 1. Network security 2. Access control 3. Tamper management and trust 4. Denial of service and SLAs 5. Vulnerabilities Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats. Watch the webinar on BrightTalk: http://bit.ly/2bpdswg

5 Ways to Secure Your Containers for Docker and Beyond

Black Duck by Synopsys

Adventures with acs and odl

Hugo Trippaers

Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

Thomas Graf

Build your own container-based system with the Moby project Docker Community Edition—an open source product that lets you build, ship, and run containers—is an assembly of modular components built from an upstream open source project called Moby. Moby provides a “Lego set” of dozens of components, the framework for assembling them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas. Patrick Chanezon and Mindy Preston explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud, or bare-metal scenarios. Patrick and Mindy explore Moby’s framework, components, and tooling, focusing on two components: LinuxKit, a toolkit to build container-based Linux subsystems that are secure, lean, and portable, and InfraKit, a toolkit for creating and managing declarative, self-healing infrastructure. Along the way, they demo how to use Moby, LinuxKit, InfraKit, and other components to quickly assemble full-blown container-based systems for several use cases and deploy them on various infrastructures.

Oscon 2017: Build your own container-based system with the Moby project

Patrick Chanezon

In two years, Docker hit the sweet spot for devs and ops, with tools for building, shipping, and running distributed apps architected as a set of collaborating microservices packaged as Linux containers. One area of the Docker ecosystem that saw a lot of innovation in the past year is container orchestration systems. This session compares and contrasts various Docker orchestration systems (Swarm, Machine, and Compose), the batteries included with Docker itself, Mesos, Kubernetes, CoreOS/Fleet, Deis, Cloud Foundry, and Tutum. It includes a demo of how to deploy a Java 8 app with MongoDB on several of these systems. The goal of the session is to give you a framework to help evaluate how these systems can meet your particular requirements. Demo code at https://github.com/chanezon/docker-tips/blob/master/orchestration-networking/README.md

Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...

Patrick Chanezon

Learn how you bring secure, scalable, available and open software defined networking to Docker containers managed by OpenStack. This session will cover how Docker virtual networks function, how to plumb them into the virtual network fabric and reliably assign information such as IP addresses, virtual interfaces and more. In addition, this session will also cover how to securely wrap Docker containers using security policies and encryption.

Docker Networking in OpenStack: What you need to know now

PLUMgrid

SDN Demystified, by Dean Pemberton [APNIC 38]

APNIC

DockerCon 16 General Session Day 1

Docker, Inc.

Dockercon 16 Recap

Lee Calcote

ContainerDayVietnam2016: Kubernetes State-of-the-art Container Management Pla...

Docker-Hanoi

Historically, sharing a Linux server entailed all kinds of untenable compromises. In addition to the security concerns, there was simply no good way to keep one application from hogging resources and messing with the others. The classic “noisy neighbor” problem made shared systems the bargain-basement slums of the Internet, suitable only for small or throwaway projects. Serious use-cases traditionally demanded dedicated systems. Over the past decade virtualization (in conjunction with Moore’s law) has democratized the availability of what amount to dedicated systems, and the result is hundreds of thousands of websites and applications deployed into VPS or cloud instances. It’s a step in the right direction, but still has glaring flaws. Most of these websites are just piles of code sitting on a server somewhere. How did that code got there? How can it can be scaled? Secured? Maintained? It’s anybody’s guess. There simply isn’t enough SysAdmin talent in the world to meet the demands of managing all these apps with anything close to best practices without a better model. Containers are a whole new ballgame. Unlike VMs, you skip the overhead of running an entire OS for every application environment. There’s also no need to provision a whole new machine to have a place to deploy, meaning you can spin up or scale your application with orders of magnitude more speed and accuracy.

Containers > VMs

David Timothy Strauss

A Summary about Hykes' Keynote on Dockercon 2015

Henry Huang

All Things Open SDN, NFV and Open Daylight

Mark Hinkle

The realization of network softwarization, an overarching buzzword to encompass all software-centric developments from the Software-Defined Networking (SDN) and Network Function Virtualization (NFV) trends, is being enabled through a set of innovations in high-speed data plane design and implementation. Recent efforts include te-architecting the hardware-software interfaces and exposing programmatic interfaces (e.g., OpenFlow), programmable hardware-based pipelines (e.g. Protocol Independent Switch Architecture – PISA) along suitabe programming languages (e.g., P4), and multiple advances on low overhead virtualization and fast packet processing libraries (e.g. DPDK, FD.io) for Linux based general purpose processor platforms. This talk provides an overview of relevant ongoing work and discusses the trade-offs of each design and implementation choice of software-defined dataplanes regarding Programmability, Performance, and Portability.

IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...

Christian Esteve Rothenberg

Developers are no longer just coders in the background but are front and center of an organization’s digital transformation efforts. While technology is driving change with open source projects, new tooling, containers and clouds offerings galore, it's still about people and organizational culture. Join us as we discover how developers are the real emerging technology today and the most important assets of all. Session link: http://www.openslava.sk/2017/#/sessions/1

Openslava 2017 - Are developers the real emerging technology?

Eric D. Schabell

Similar to Redes em container (20)

TDC2018FLN | Trilha Containers - Redes em containers

Docker Platform and Ecosystem Nov 2015

Akka.Net and .Net Core - The Developer Conference 2018 Florianopolis

Alex Dias: how to build a docker monitoring solution

DockerCon SF 2015: Keynote Day 1

5 Ways to Secure Your Containers for Docker and Beyond

Adventures with acs and odl

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

Oscon 2017: Build your own container-based system with the Moby project

Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...

Docker Networking in OpenStack: What you need to know now

SDN Demystified, by Dean Pemberton [APNIC 38]

DockerCon 16 General Session Day 1

Dockercon 16 Recap

ContainerDayVietnam2016: Kubernetes State-of-the-art Container Management Pla...

Containers > VMs

A Summary about Hykes' Keynote on Dockercon 2015

All Things Open SDN, NFV and Open Daylight

IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...

Openslava 2017 - Are developers the real emerging technology?

Recently uploaded

(Explainable) Data-Centric AI: what are you explaininhg, and to whom?

Paolo Missier

Working together SRE & Platform Engineering

Marcus Vechiato

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

FIDO Alliance

In the ever-evolving landscape of data management, Zero-ETL is an approach that is reshaping how businesses handle and integrate their data. This webinar explores Zero-ETL, a paradigm shift from the traditional Extract, Transform, Load (ETL) process, offering a more streamlined, efficient, and real-time data integration method. We will begin with an introduction to the concept of Zero-ETL, including how it allows direct access to data in its native environment and real-time data transformation, providing up-to-date information with significantly reduced data redundancy. Next, we'll take you through several demonstrations showing how Zero-ETL can deliver real-time data and enable the free movement of data between systems. We will also discuss the various tools that support all aspects of Zero-ETL, providing attendees with an understanding of how they can adopt this innovative approach in their organizations. Lastly, the session will conclude with an interactive Q&A segment, allowing participants to gain deeper insights into how Zero-ETL can be tailored to their specific business needs and how they can get started today. Join us to discover how Zero-ETL can elevate your organization's data strategy.

The Zero-ETL Approach: Enhancing Data Agility and Insight

Safe Software

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

2024 May Patch Tuesday

Ivanti

ADP Passwordless Journey Case Study.pptx

FIDO Alliance

Syngulon’s technology expands the capacity for selection of microorganisms. The ability to select individual microbes with a behavior of interest is essential, whether for simple cloning at the bench, or for industry-scale production. Synthetic biology uses the concept of “bioengineering” to improve or modify existing genetic systems to create microbes with desired behaviors, and Syngulon uses this approach to develop its selection technologies. This selection technology is based on bacteriocins, ribosomally-produced peptides naturally made by most bacteria to kill competitive microbial species. These bacteriocins can have a limited or wide target range against other microbial species. This technology offers advantageous over antibiotic selection for several reasons: it avoids the use of antibiotics in the first place, helping to reduce the spread of antibiotic resistant microbes. The technology also increases product yield; as bacteriocins are generally smaller peptides, they do not impose a heavy metabolic burden on the producing cell. They can have a wide target specificity, helping to avoid genetic drift. Finally, our system is 100% plasmid-based (e.g. without chromosomal mutations), making it applicable for use in any E. coli strains.

Syngulon - Selection technology May 2024.pdf

Syngulon

Overview of Hyperledger Foundation

Hyperleger Tokyo Meetup

State of the Smart Building Startup Landscape 2024!

Memoori

Introduction to FIDO Authentication and Passkeys.pptx

FIDO Alliance

At Skynet Technologies, our team of accessibility experts performs automated, semi-automated, and manual audits of websites and web applications as per WCAG 2.2 level AA, ADA, and section 508. Based on evaluations of the accessibility compliance level of the website’s UI, design, source code, navigation, interactive elements, and overall usability, we will provide a digital accessibility evaluation report with in-depth details of potential accessibility barriers and remediation recommendations. Get a manual website WCAG audit (2.0, 2.1, 2.2 level AA) for a small website: 10 pages: $2,500 within 7 business days 30 pages: $7,500 within 14 business days 50 pages: $12,500 within 28 business days For medium websites: 100 pages: $25,000 within 6 weeks For larger websites or audits of all pages, please reach out hello@skynettechnologies.com.

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Skynet Technologies

In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency. The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming. Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost. This webinar will review: - Why companies are building unified Trust Centers for a robust privacy program. - How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks. - How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes. - How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc

Google I/O Extended 2024 Warsaw

GDSC PJATK

Ruby has a lot of standard libraries from Ruby 1.8. I promote them democratically with GitHub today via default and bundled gems. So, I'm working to extract them for Ruby 3.4 continuously and future versions. It's long journey for me. After that, some versions may suddenly happen LoadError at require when running bundle exec or bin/rails, for example matrix or net-smtp. We need to learn what's difference default/bundled gems with standard libraries. In this presentation, I will introduce what's the difficult to extract bundled gems from default gems and the details of the functionality that Ruby's require and bundle exec with default/bundled gems. You can learn how handle your issue about standard libraries.

Long journey of Ruby Standard library at RubyKaigi 2024

Hiroshi SHIBATA

Generative AI refers to a class of machine learning algorithms that are designed to generate new data samples that are similar to those in the training data. Unlike traditional AI models that are trained to recognize patterns and make predictions, generative AI models have the ability to create entirely new data based on the patterns they have learned. This is achieved through techniques such as generative adversarial networks (GANs), variational autoencoders (VAEs), and transformer architectures, among others.

Generative AI Use Cases and Applications.pdf

alexjohnson7307

Oauth 2.0 Introduction and Flows with MuleSoft

shyamraj55

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Leah Henrickson

This our Twelfth semiannual report on the global Cryptocurrency mining industry. Bitcoin is the world’s largest special purpose supercomputer. And it is globally decentralized. Millions of nodes all run the same open-source code to secure the Bitcoin network, create value, and put new transactions onto the distributed ledger. The latest Top500 list has just been announced at the ISC 2024 conference in Hamburg, and once again the Frontier supercomputer with 1.2 Exaflops peak performance is number one on the list. If assigned to SHA-256 hashing, Frontier would provide only the equivalent hash rate of about three cabinets of the latest high-end Bitcoin mining systems, costing less than 0.1% of Frontier’s cost. Michael Saylor, Chairman of MicroStrategy, has pointed out that GPUs are two orders of magnitude slower than the 5-nanometer technology of custom ASICs used for Bitcoin mining today. He makes the point that the Bitcoin network is unassailable by all of the hyperscale computing resources combined in AWS, Google, and Microsoft Azure cloud data centers today.

TopCryptoSupers 12thReport OrionX May2024

Stephen Perrenod

Intro to Passkeys and the State of Passwordless.pptx

FIDO Alliance

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...

ScyllaDB

Recently uploaded (20)

(Explainable) Data-Centric AI: what are you explaininhg, and to whom?

Working together SRE & Platform Engineering

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

The Zero-ETL Approach: Enhancing Data Agility and Insight

2024 May Patch Tuesday

ADP Passwordless Journey Case Study.pptx

Syngulon - Selection technology May 2024.pdf

Overview of Hyperledger Foundation

State of the Smart Building Startup Landscape 2024!

Introduction to FIDO Authentication and Passkeys.pptx

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

Google I/O Extended 2024 Warsaw

Long journey of Ruby Standard library at RubyKaigi 2024

Generative AI Use Cases and Applications.pdf

Oauth 2.0 Introduction and Flows with MuleSoft

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

TopCryptoSupers 12thReport OrionX May2024

Intro to Passkeys and the State of Passwordless.pptx

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...

Redes em container

1. Globalcode – Open4education Trilha – Containers Redes em Container Guilherme Oki

2. Globalcode – Open4education Agenda • Infra Tradicional vs Infra Moderna • Containers • Rede • Padrões de redes em container • Tipos de rede no docker • Bridge • Overlay • MACVLAN • Demos • Redes tradicionais vs SDN • Drivers de rede • Flannel • Calico

3. Globalcode – Open4education Quem sou eu? ● IT Automation Engineer na Stone Pagamentos ● Defensor do Open Source ● Entusiasta da cultura e desenvolvimento ágil ● Apaixonado pela cultura devops

4. Globalcode – Open4education Livros que estou lendo... @guilhermeoki

5. Globalcode – Open4education Livros muito bons Site Reliability Engineering: How Google Runs Production Systems Continuous Delivery - Reliable Software Releases Through Build, Test And Deployment Automation The Illustrated Network How TCP/IP works in a modern network The Art of Unix Programming Linux Kernel Development Systems Performance Enterprise and the Cloud Clean Code The Pragmatic Programmer from journeyman to master The Linux Programming Interface The Phoenix Project The Open Organization igniting passion and performance Time Management for System Administrators The Lean Startup Management 3.0 leading agile developers developing agile leaders High Output Management

6. Globalcode – Open4education Infraestrutura Tradicional Physical Network Physical Storage Physical Compute VMM Virtual Machine Applications

7. Globalcode – Open4education Infraestrutura Moderna Tipo 1 Tipo 2 Virtualization SaaS IaaS PaaS Storage Networking

8. Globalcode – Open4education Containers

9. Globalcode – Open4education Containers “CONTAINERS ARE NOT A REAL THING” - Jess Frazelle Cgroups Namespaces Filesystem Virtual Machine Containers First Class Objects

11. Globalcode – Open4education Redes

12. Globalcode – Open4education Redes Layer 2 Source MAC Destination MAC VLAN ID

13. Globalcode – Open4education Redes - Layer 3 Source MAC Destination MAC VLAN ID Source IP Destination IP

14. Globalcode – Open4education Container Network Standard Drivers Nativos Outros Drivers Host Bridge Overlay MACVLAN None Calico Cilium Weave Contiv Kuryr

15. Globalcode – Open4education Container Network Standard IPAM

16. Globalcode – Open4education Docker Network - Network Namespaces “Docker networking is Linux networking” - Docker docs iptables bridges veths network ns

17. Globalcode – Open4education Docker Network - Network Namespaces

18. Globalcode – Open4education Docker Network - Bridges

19. Globalcode – Open4education DEMO - Linux Bridges

20. Globalcode – Open4education Redes - Tradicionais vs SDN Router Management Plane Control Plane Data Plane Management Plane Control Plane Data Plane

21. Globalcode – Open4education Redes - VXLAN

22. Globalcode – Open4education Redes - VXLAN

23. Globalcode – Open4education Docker Network - Overlay

24. Globalcode – Open4education

25. Globalcode – Open4education DEMO - Docker overlay

26. Globalcode – Open4education Network Driver - MACVLAN

27. Globalcode – Open4education DEMO - Docker MACVLAN

28. Globalcode – Open4education Network Driver -Flannel Container 10.0.0.2 Container 10.0.1.2 docker0 docker0 flannel0 flannel0 eth0 192.168.1.2 eth0 192.168.1.3

29. Globalcode – Open4education Network Driver - Calico BIRD Felix BIRD Felix Container Container iptables routes iptables routes

30. Globalcode – Open4education Dúvidas?

31. Globalcode – Open4education Obrigado!

Redes em container

Recommended

Recommended

More Related Content

Similar to Redes em container

Similar to Redes em container (20)

Recently uploaded

Recently uploaded (20)

Redes em container