1.
Docker Networking
LAKSHMAN KUMAR

2.
Agenda
• Docker networking with bridge
• libnetwork overview
• libnetwork goals
• libnetwork components
• libnetwork deployments
• Demo

3.
Docker with linux bridge
• On startup Docker creates a Ethernet Bridge docker0 on the Linux Kernel
• docker0 creates a virtual subnet on the Docker host
• Docker creates a pair of virtual Ethernet interface on each container
• One of the Ethernet interface is the eth0 in the container
• Another Ethernet interface will have a unique name in the form of veth* (e.g.vethxxxx) and is
bind to docker0
• So linux bridge do a simple MAC level forwarding and its independent protocol
 without libnetwork networking handled by Docker Engine and libcontainer
•Docker Engine was responsible for providing the configuration for the container's networking stack.
•Libcontainer would then use this information to create the necessary networking devices

4.
libnetwork overview
• Modularize the networking logic in Docker Engine and libcontainer into a
single, reusable library
• "libnetwork" is a library that can provide native support for Docker
container and its function is to connect containers.
• Got open sourced in April
• libnetwork experimental in Docker 1.7
• Library for creating and managing network stacks for containers
• driver-based networking implements the container network model

5.
Goals of libnetwork
•Make network and service as top class object
- controller.NewNetwork()
•Provide a pluggable network stack
•span network across multiple hosts (using overlay taking b/w containers in
different host)

6.
Container network model

7.
Components of Container network model
Endpoint
An Endpoint joins a Sandbox to a Network. An implementation of an Endpoint could be a veth pair, an Open vSwitch
internal port or similar. An Endpoint can belong to only one network but may only belong to one Sandbox.
SandBox
A Sandbox contains the configuration of a container's network stack. This includes management of the container's
interfaces, routing table and DNS settings. An implementation of a Sandbox could be a Linux Network Namespace. A
Sandbox may contain many endpoints from multiple networks.
Network
A Network is a group of Endpoints that are able to communicate with each-other directly. An implementation of a Network
could be a Linux bridge, a VLAN, etc. Networks consist of many endpoints.
Cluster

8.
CNM Objects
• NetworkController object provides the entry-point into libnetwork that exposes simple APIs
for the users (such as Docker Engine) to allocate and manage Networks. libnetwork supports
multiple active drivers (both inbuilt and remote). NetworkController allows user to bind a
particular driver to a given network.
• libnetwork provides a RESTful API to perform CRUD on network and endpoints
• Endpoint represents a Service Endpoint. It provides the connectivity for services exposed by a
container in a network with other services provided by other containers in the network.
• Sandbox object represents container's network configuration such as ip-address, mac-address,
routes, DNS entries.
- Sandbox object is created when the user requests to create an endpoint on a network.

9.
Drivers
•Drivers implement the driver API
•drivers provides the actual implementation that makes network work.
•Bridge driver
- created a linux bridge for each network
- creates veth pair for each endpoint
- one end is attached to the bridge the other appears as etho inside the container
- iptables rules created for NAT
•Overlay driver

10.
References
Libnetwork overview: https://github.com/docker/libnetwork
Libnetwork configuration: https://github.com/docker/libnetwork/tree/master/docs
https://www.youtube.com/watch?v=LNUhVfufjZw