SlideShare a Scribd company logo

Docker meetup oct14

Download as PPTX, PDF
Vipin Jain
Vipin Jain

This document discusses policy-based container networking using Contiv.io. It describes how network policies can be applied between containers within service tiers, between tiers, and for all containers in a tier. Policies can enforce security, provide network services, enable analytics, manage infrastructure usage and IP allocation. The Contiv plugin maps policy intents to Docker constructs like networks and endpoints to instantiate policies and render networking for containers. A demonstration of using Docker Compose with Contiv's plugin to set up a multi-tier application with network policies is described.

Technology
1 of 8
Policy Based Container Networking Contiv.io Vipin Jain
Ocean of Applications Cluster Applications can be grouped e.g. a scale-out micro service tiers Relationship exists between groups and applications within group
Where to apply network policies? Between containers within a service tier Between service tiers All containers in a service tier External Service Tier = Policy Domain Policy Global Tenant Scope:
What exactly can a network policy be? • Security:  Scoped white/black list rules on specific protocol/ports  In/Out policy to/from outside the cluster  Permit/Deny Inter-Container traffic within service tier • Network Services for Apps:  Virtual or Physical Service appliances (LB, FW, etc.) • Analytics/Diagnostics:  Netflow for certain application traffic  Copy traffic to/from a specific application • Physical Infrastructure Usage:  Bandwidth, Latency, etc. • IP Allocation Management (IPAM) Policy  Auto-allocation, DHCP-based, integration with IPAM tools • Etc.
Rendering Networking Policies Docker Composition + Policy Intent Node1 Node2 Node-n Contiv Master Docker Remote Plugin
Mapping them to Docker Constrcuts CNM Endpoint CNM Network Compose Service Node1 Node-n
Demonstration (Docker + Contiv) – Setup Web Contiv Plugin Host-1 Contiv Master Host-2 DB Web DB Application Intent Tenant-1: External  Web:80  DB:6379 Tenant-2: External  Web:80  DB:Port $ docker-compose up Launch Multi-tier Application 1 Docker Swarm Automated Network, Policy Creation2 Automated Workload Creation and Scheduling 3 Policy Instantiation4 One Click Application Deployment with Policy Instantiation Contiv Plugin
Thank You - Enjoy your Docker Containers!

Recommended

Policy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingPolicy Driven Deployment for Container Networking
Policy Driven Deployment for Container Networking
Docker, Inc.
 
Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3
Sukhesh Halemane
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on Kubernetes
Jonh Wendell
 
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
Stephanie Swart
 
Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnative
Frederik Mogensen
 
Master Thesis-Wireless-Projects
Master Thesis-Wireless-ProjectsMaster Thesis-Wireless-Projects
Master Thesis-Wireless-Projects
Phdtopiccom
 
Bluetooth 5
Bluetooth 5Bluetooth 5
Bluetooth 5
harsh parekh
 
Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...
APNIC
 

Recommended

Policy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingPolicy Driven Deployment for Container Networking
Policy Driven Deployment for Container Networking
Docker, Inc.
 
Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3
Sukhesh Halemane
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on Kubernetes
Jonh Wendell
 
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
Stephanie Swart
 
Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnative
Frederik Mogensen
 
Master Thesis-Wireless-Projects
Master Thesis-Wireless-ProjectsMaster Thesis-Wireless-Projects
Master Thesis-Wireless-Projects
Phdtopiccom
 
Bluetooth 5
Bluetooth 5Bluetooth 5
Bluetooth 5
harsh parekh
 
Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...
APNIC
 
Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing
Corley S.r.l.
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon
 
Code review - networkshop44
Code review - networkshop44Code review - networkshop44
Code review - networkshop44
Jisc
 
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemIoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
Mark Heckler
 
210-455 exam questions
210-455 exam questions210-455 exam questions
210-455 exam questions
examgood
 
UMTS Network Simulation Projects
UMTS Network Simulation ProjectsUMTS Network Simulation Projects
UMTS Network Simulation Projects
Phdtopiccom
 
master-thesis-ns3-projects
master-thesis-ns3-projectsmaster-thesis-ns3-projects
master-thesis-ns3-projects
Phdtopiccom
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
Kuberton
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeez
NetBeez, Inc.
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
ICT PRISTINE
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as Scale
Ram Vennam
 
Calico 3
Calico 3Calico 3
Calico 3
Anirban Sen Chowdhary
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestrator
Gianluca Arbezzano
 
PhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhD Thesis Network Simulator Projects
PhD Thesis Network Simulator Projects
Phdtopiccom
 
LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance
Phdtopiccom
 
IPv17 extra
IPv17 extraIPv17 extra
IPv17 extra
Vasily Prosin
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca Arbezzano
Gianluca Arbezzano
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Altoros
 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshop
Eduard Grasa
 
NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016
NetBeez, Inc.
 
Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for Microservices
Sukhesh Halemane
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 

More Related Content

What's hot

Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing
Corley S.r.l.
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon
 
Code review - networkshop44
Code review - networkshop44Code review - networkshop44
Code review - networkshop44
Jisc
 
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemIoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
Mark Heckler
 
210-455 exam questions
210-455 exam questions210-455 exam questions
210-455 exam questions
examgood
 
UMTS Network Simulation Projects
UMTS Network Simulation ProjectsUMTS Network Simulation Projects
UMTS Network Simulation Projects
Phdtopiccom
 
master-thesis-ns3-projects
master-thesis-ns3-projectsmaster-thesis-ns3-projects
master-thesis-ns3-projects
Phdtopiccom
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
Kuberton
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeez
NetBeez, Inc.
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
ICT PRISTINE
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as Scale
Ram Vennam
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestrator
Gianluca Arbezzano
 
PhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhD Thesis Network Simulator Projects
PhD Thesis Network Simulator Projects
Phdtopiccom
 
LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance
Phdtopiccom
 
IPv17 extra
IPv17 extraIPv17 extra
IPv17 extra
Vasily Prosin
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca Arbezzano
Gianluca Arbezzano
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Altoros
 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshop
Eduard Grasa
 
NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016
NetBeez, Inc.
 

What's hot (20)

Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
Code review - networkshop44
Code review - networkshop44Code review - networkshop44
Code review - networkshop44
 
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemIoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
 
210-455 exam questions
210-455 exam questions210-455 exam questions
210-455 exam questions
 
UMTS Network Simulation Projects
UMTS Network Simulation ProjectsUMTS Network Simulation Projects
UMTS Network Simulation Projects
 
master-thesis-ns3-projects
master-thesis-ns3-projectsmaster-thesis-ns3-projects
master-thesis-ns3-projects
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeez
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as Scale
 
Calico 3
Calico 3Calico 3
Calico 3
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestrator
 
PhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhD Thesis Network Simulator Projects
PhD Thesis Network Simulator Projects
 
LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance
 
IPv17 extra
IPv17 extraIPv17 extra
IPv17 extra
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca Arbezzano
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshop
 
NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016
 

Viewers also liked

Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for Microservices
Sukhesh Halemane
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Cloud Native SDN
Cloud Native SDNCloud Native SDN
Cloud Native SDN
Romana Project
 
Containerizing Traditional Applications
Containerizing Traditional ApplicationsContainerizing Traditional Applications
Containerizing Traditional Applications
Jim Bugwadia
 
Production Challenges for Container Networking
Production Challenges for Container NetworkingProduction Challenges for Container Networking
Production Challenges for Container Networking
Vipin Jain
 
Multi-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize AutomationMulti-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize Automation
Jim Bugwadia
 
Simplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaSimplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romana
Juergen Brendel
 
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Jim Bugwadia
 
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessContainer Networking Challenges for Production Readiness
Container Networking Challenges for Production Readiness
Vipin Jain
 
Enterprise Cloud Native
Enterprise Cloud NativeEnterprise Cloud Native
Enterprise Cloud Native
Cloud Best Practices Network
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep dive
Madhu Venugopal
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with Nirmata
Damien Toledo
 
BRKSDN-2115
BRKSDN-2115 BRKSDN-2115
BRKSDN-2115
Rohit Agarwalla
 
Come With Golang
Come With GolangCome With Golang
Come With Golang
尚文 曾
 
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno [INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
Nexus FrontierTech
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
IO Visor Project
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
Andrew Randall
 
Jenkins vs gogs
Jenkins vs gogsJenkins vs gogs
Jenkins vs gogs
Aaron King
 
Cloud Native Applications Maturity Model
Cloud Native Applications Maturity ModelCloud Native Applications Maturity Model
Cloud Native Applications Maturity Model
Jim Bugwadia
 
Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1
Robert Stern
 

Viewers also liked (20)

Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for Microservices
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Cloud Native SDN
Cloud Native SDNCloud Native SDN
Cloud Native SDN
 
Containerizing Traditional Applications
Containerizing Traditional ApplicationsContainerizing Traditional Applications
Containerizing Traditional Applications
 
Production Challenges for Container Networking
Production Challenges for Container NetworkingProduction Challenges for Container Networking
Production Challenges for Container Networking
 
Multi-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize AutomationMulti-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize Automation
 
Simplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaSimplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romana
 
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
 
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessContainer Networking Challenges for Production Readiness
Container Networking Challenges for Production Readiness
 
Enterprise Cloud Native
Enterprise Cloud NativeEnterprise Cloud Native
Enterprise Cloud Native
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep dive
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with Nirmata
 
BRKSDN-2115
BRKSDN-2115 BRKSDN-2115
BRKSDN-2115
 
Come With Golang
Come With GolangCome With Golang
Come With Golang
 
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno [INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
Jenkins vs gogs
Jenkins vs gogsJenkins vs gogs
Jenkins vs gogs
 
Cloud Native Applications Maturity Model
Cloud Native Applications Maturity ModelCloud Native Applications Maturity Model
Cloud Native Applications Maturity Model
 
Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1
 

Similar to Docker meetup oct14

TFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott SneddonTFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott Sneddon
Colorado Internet Society (CO ISOC)
 
Mb openstack-nov2013v7
Mb openstack-nov2013v7Mb openstack-nov2013v7
Mb openstack-nov2013v7
Mohammad Banikazemi
 
Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and Chains
Daniel Krook
 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Canada
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
PINGXIONG3
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
Sanjeev Rampal
 
Design of network
Design of networkDesign of network
Design of network
Aniruddh Brahmbhatt
 
652.ppt
652.ppt652.ppt
652.ppt
nandhini333637
 
Open stackatlantagrouppolicy
Open stackatlantagrouppolicyOpen stackatlantagrouppolicy
Open stackatlantagrouppolicy
Mohammad Banikazemi
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
NGINX, Inc.
 
Stephen Wallo
Stephen WalloStephen Wallo
Stephen Wallo
AFCEA International
 
INT_Ch17.pptx
INT_Ch17.pptxINT_Ch17.pptx
INT_Ch17.pptx
NguyenLong773850
 
Netkit
NetkitNetkit
Netkit
dambatbul
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Network Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronNetwork Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack Neutron
Sumit Naiksatam
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
 
Requirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirementsRequirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirements
csk selva
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
Aruba, a Hewlett Packard Enterprise company
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
Amazon Web Services
 

Similar to Docker meetup oct14 (20)

TFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott SneddonTFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott Sneddon
 
Mb openstack-nov2013v7
Mb openstack-nov2013v7Mb openstack-nov2013v7
Mb openstack-nov2013v7
 
Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and Chains
 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
Design of network
Design of networkDesign of network
Design of network
 
652.ppt
652.ppt652.ppt
652.ppt
 
Open stackatlantagrouppolicy
Open stackatlantagrouppolicyOpen stackatlantagrouppolicy
Open stackatlantagrouppolicy
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Stephen Wallo
Stephen WalloStephen Wallo
Stephen Wallo
 
INT_Ch17.pptx
INT_Ch17.pptxINT_Ch17.pptx
INT_Ch17.pptx
 
Netkit
NetkitNetkit
Netkit
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Network Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronNetwork Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack Neutron
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
Requirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirementsRequirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirements
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 

Recently uploaded

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 

Recently uploaded (20)

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 

Docker meetup oct14

  • 1. Policy Based Container Networking Contiv.io Vipin Jain
  • 2. Ocean of Applications Cluster Applications can be grouped e.g. a scale-out micro service tiers Relationship exists between groups and applications within group
  • 3. Where to apply network policies? Between containers within a service tier Between service tiers All containers in a service tier External Service Tier = Policy Domain Policy Global Tenant Scope:
  • 4. What exactly can a network policy be? • Security:  Scoped white/black list rules on specific protocol/ports  In/Out policy to/from outside the cluster  Permit/Deny Inter-Container traffic within service tier • Network Services for Apps:  Virtual or Physical Service appliances (LB, FW, etc.) • Analytics/Diagnostics:  Netflow for certain application traffic  Copy traffic to/from a specific application • Physical Infrastructure Usage:  Bandwidth, Latency, etc. • IP Allocation Management (IPAM) Policy  Auto-allocation, DHCP-based, integration with IPAM tools • Etc.
  • 5. Rendering Networking Policies Docker Composition + Policy Intent Node1 Node2 Node-n Contiv Master Docker Remote Plugin
  • 6. Mapping them to Docker Constrcuts CNM Endpoint CNM Network Compose Service Node1 Node-n
  • 7. Demonstration (Docker + Contiv) – Setup Web Contiv Plugin Host-1 Contiv Master Host-2 DB Web DB Application Intent Tenant-1: External  Web:80  DB:6379 Tenant-2: External  Web:80  DB:Port $ docker-compose up Launch Multi-tier Application 1 Docker Swarm Automated Network, Policy Creation2 Automated Workload Creation and Scheduling 3 Policy Instantiation4 One Click Application Deployment with Policy Instantiation Contiv Plugin
  • 8. Thank You - Enjoy your Docker Containers!

Editor's Notes

  1. Send comments to: vipijain@cisco.com
  2. Let us assume there is a cluster of host running thousands of application instances as docker containers It is very likely that the application instances are not random i.e. they work cohesively and can be grouped And there exists a consumption relationship between service tiers
  3. Network policies can be applied to capture the relationship between the services or between the application within a service
  4. Network policies can be applied to capture the relationship between the services or between the application within a service
  5. Docker composition results
  6. Send comments to: vipijain@cisco.com