This document summarizes information from DockerCon 2016, including new features in Docker 1.12 such as Swarm Mode, an integrated clustering system. Swarm Mode uses technologies like SwarmKit for orchestration, Raft for consensus, and gossip protocols for node communication. It also details the new networking model in Docker 1.12 which gives containers IP addresses on ingress, overlay, and docker_gwbridge networks. A new Distributed Application Bundle format is introduced to package multi-service applications.

1. DockerCon 2016
--recap
Tuna
http://www.meetup.com/docker-hanoi/

2. What’ve we got here
• Docker 1.12 (currently rc4, planned to be GA in July)
• Swarm Mode
• SwarmKit
• Networking model
• Distributed Application Bundle
• Security out of the box
• Container `healthcheck` in Dockerfile
• Plugin subcommands
• Docker for Mac (&Windows – but I’m not using Windows anymore)
• Docker for AWS and Azure beta
• Other announcements

3. Docker 1.12
• Docker Swarm Mode
• CLI - new objects
• Service
• Node
• Plugin
• Stack
• Deploy
• Installation:
• Linux: curl -fsSL
https://experimental.docker.c
om/ | sh
• Mac & Win: download
packages

4. Swarm Mode
• Technologies
• Swarm Kit (orchestration)
• https://github.com/docker/swarmkit
• Raft consensus group (manager leader election)
• https://raft.github.io/raft.pdf
• Gossip network (worker-to-worker internal communication)
• http://web.mit.edu/vdb/www/6.977/l-shah.pdf
• Linux IPVS (in-kernel Layer 4 multi-protocol load balancer)
• http://www.linuxvirtualserver.org/software/ipvs.html
• Routing packets inside the kernel -> high performance container-aware load balancing
• gRPC (inter-node communication)
• http://www.grpc.io
• Protobufs (transmitting data)
• https://github.com/google/protobuf

5. Swarm Mode
• Features
• Resiliency
• Swarm mode will continuously check and reconcile the environment when things go
awry
• Self-healing (containers are crashed)
• Self-Organizing (nodes are crashed)
• Rolling Update
• --update-delay, --update-parallelism
• Replicated or Global Services
• R: any number of containers will be spread across the available hosts.
• G: schedule one instance the same container on every host in the swarm.
• Constraints

6. Swarm Mode internal
• Manager
• Orchestrate the cluster
• Perform the health-check
• Service API requests
• Schedule tasks to workers to
always reach the desired state.
• Workers
• Execute the tasks (container
actually, suppose to support rkt
format)

7. Swarm Mode internal
• Managers and workers use two
different communication models.
• Managers – RAFT
• Leader follower model.
• Keep one leader all the time.
• Workers - GOSSIP network protocol
• Generate broadcast message in a
specific overlay network once new
container gets generated.
• Internal communication inside specific
overlay network, not global.

8. SwarmKit – take a quick look inside the code
what happens whenever a new service is created.

9. RAFT
• http://thesecretlivesofdata.com/raft/
• Leader election
• Log replication

10. Docker 1.12 Networking model
• Every container has an IP address on three overlay networks:
• Ingress (only with published container)
• docker_gwbridge
• user-defined overlay

11. Docker 1.12 Networking model
• Ingress Networking
• Used to expose services to be available externally to the swarm.
• Swarm manager can automatically assign a PublishedPort or you can
configure manually. (range: 30000 – 32767)
• Every node in the cluster listens on this port and routes traffic to the service’s
containers.
• Only services has a port published (-p) require the ingress network. Others
are not attached to the ingress network.

12. Docker 1.12 Networking model
• Docker_gwbridge
• Is added only for non-internal networks
• Internal networks can be created with --internal flag.
• This network allows the containers to have external connectivity outside of
their cluster.
• User-defined Overlay network
• Others – default networks
• https://docs.docker.com/v1.10/engine/userguide/networking/dockernetwork
s/

13. Docker 1.12 Networking model
• Routing Mesh
• Linux IVPS
• DNS-based service
discovery
• Every node listens on 80
• Transparently reroute the
traffic between nodes.

14. Distributed Application Bundle (DAB)
• A single file declares a stack of
services.
• Service
• Versioning
• Still experimental, lots of
unsupported keys.