SlideShare a Scribd company logo

Docker Networking Overview

Download as PPTX, PDF
Sreenivas Makam
Sreenivas Makam

The document provides an overview of Docker networking as of version 17.06. It begins with introductions of the presenter and some key terminology used. It then discusses why container networking is needed and compares features of container and VM networking. The major components of Docker networking including network drivers, IPAM, Swarm networking, service discovery, and load balancing are outlined. Concepts of CNI/CNM standards and IP address management are explained. Examples of different network drivers such as bridge, overlay, macvlan are provided. The document also covers Docker networking concepts such as default networks, Swarm mode, service discovery, and load balancing. It concludes with some debugging commands and a reference slide.

Technology
1 of 28
DOCKER NETWORKING OVERVIEW ( As of Docker 17.06 version) Presenter’s Name: Sreenivas Makam Presented At: Cisco Systems Presentation Date: July 5th, 2017
About me  Senior Engineering Manager at Cisco Systems Data Center group  Author of “Mastering CoreOS” https://www.packtpub.com/networking- and-servers/mastering-coreos/ )  Docker Captain(https://www.docker.com/community/docker-captains )  Blog: https://sreeninet.wordpress.com/  Projects: https://github.com/smakam  LinkedIn: https://in.linkedin.com/in/sreenivasmakam  Twitter: @srmakam
Terminology  Unmanaged containers ─ No orchestration ─ Created using “docker run”  Managed services ─ Orchestration using Swarm ─ Created using “docker service create”  Legacy Swarm refers to pre Docker 1.12 Swarm mode  Swarm refers to post Docker 1.12 Swarm mode Note:  All examples in this slide deck use Docker version 17.06 and below.  Primary focus is on Docker Linux Networking
Why we need Container Networking?  Containers need to talk to external world.  Reach Containers from external world to use the service that Containers provides.  Allows Containers to talk to host machine.  Inter-container connectivity in same host and across hosts.  Discover services provided by containers automatically.  Load balance traffic between different containers in a service  Provide secure multi-tenant services
Feature Container VM Isolation Network isolation achieved using Network namespace. Separate networking stack per VM Service Typically, Services gets separate IP and maps to multiple containers Multiple services runs in a single VM Service Discovery and Load balancing Microservices done as Containers puts more emphasis on integrated Service discovery Service Discovery and Load balancing typically done outside Scale As Container scale on a single host can run to hundreds, host networking has to be very scalable. Host networking scale needs are not as high Implementation Docker Engine and Linux bridge Hypervisor and Linux/OVS bridge Compare Container Networking with VM Networking
Docker Networking components Docker Networking Network Drivers (Bridge, Host, Overlay, Macvlan, External plugins) IPAM Swarm Networking(Raft Mgmt , Gossip control , Vxlan data planes) Service Discovery Load balancing(Routing Mesh, HRM) Encryption (Control & Data plane)
CNI and CNM – Standards for Container Networking • Project started by Docker. • Keep networking as a library separate from the Container runtime. • Networking implementation will be done as a plugin implemented by drivers. • IP address assignment for the Containers is done using local IPAM drivers and plugins. • Supported local drivers are bridge, overlay, macvlan, ipvlan. Supported remote drivers are Weave, Calico, Contiv etc. • Project started by CoreOS. Used by Cloudfoundry, Mesos and Kubernetes. • The CNI interface calls the API of the CNI plugin to set up Container networking. • The CNI plugin calls the IPAM plugin to set up the IP address for the container. • Available CNI plugins are Bridge, macvlan, ipvlan, and ptp. Available IPAM plugins are host-local and DHCP. • External CNI plugins examples – Flannel, Weave, Contiv etc CNM CNI
Sandbox — A Sandbox contains the configuration of a container's network stack. In Docker example, Container network namespace is the equivalent of Sandbox. Endpoint — An Endpoint joins a Sandbox to a Network. Eth0 and veth are the endpoints in above example. Network — Multiple endpoints share a network. In other words, only endpoints located in same network can talk to each other. In above example, docker0 is the bridge network. CNM constructs CNM usage in Docker Picture from Docker white paper CNM and Libnetwork Sandbox Network Endpoint
Compare Docker Network driver types Driver/ Features Bridge User defined bridge Host Overlay Macvlan/ipvl an Connectivity Same host Same host Same host Multi-host Multi-host Service Discovery and DNS Using “links”. DNS using /etc/hosts Done using DNS server in Docker engine Done using DNS server in Docker engine Done using DNS server in Docker engine Done using DNS server in Docker engine External connectivity NAT NAT Use Host gateway No external connectivity Uses underlay gateway Namespace Separate Separate Same as host Separate Separate Swarm mode 1 No support yet No support yet No support yet Supported No support yet Encapsulation No double encap No double encap No double encap Double encap using Vxlan No double encap Application North, South external access North, South external access Need full networking control, isolation not needed Container connectivity across hosts Containers needing direct underlay networking 1 – 17.06 introduces Swarm mode for all network drivers
Bridge Driver  Used by “docker0” bridge and user-defined bridges.  “docker0” bridge is created by default. User has the choice to change “docker0” bridge options by specifying them in Docker daemon config.  User-defined bridges can be created using “docker network create” with “bridge” driver.  Used for connectivity between containers in same host and for external North<->South connectivity.  Services running inside Containers can be exposed by NAT/port forwarding.  External access is provided by masquerading. docker run -d -p 8080:80 --network bridge --name web nginx Picture from Docker white paper
Docker Container Networking – Bridge driver
 Used for container connectivity across hosts.  Before Docker 1.12 version, Overlay driver needed external KV store. After 1.12, external KV store is not needed.  Containers connected to overlay network also get connected to “docker_bwbridge” for external access.  Vxlan is used for encapsulation. docker network create --driver overlay onet docker run -ti --name client --network onet smakam/myubuntu:v4 bash docker run -d --name web --network onet nginx Overlay Driver Picture from Docker white paper
 Macvlan allows a single physical interface to have multiple mac and ip addresses using macvlan sub- Interfaces  Macvlan driver allows for containers to directly connect to underlay network. Works well for connectivity to legacy applications.  Provides connectivity within a single host as well as across hosts. docker network create -d macvlan -- subnet=192.168.0.0/16 --ip-range=192.168.2.0/24 -o macvlan_mode=bridge -o parent=eth1 macvlan1 docker run -d --name web1 --network macvlan1 nginx docker run -d --name web2 --network macvlan1 nginx Macvlan driver Picture from Docker white paper
 Extends functionality of Docker networking by using plugins to implement networking control and data plane.  Docker provides batteries included approach where user has a choice of using Docker network drivers or plugins provided by other vendors.  Using plugins, switch vendors can get Docker integrated with their custom switches having special features or with custom features like policy based networking.  Docker network plugins follow CNM(libnetwork) model.  Docker 1.13.1+ included support for global scoped network plugins that allows network plugins to work in Swarm mode.  Following network plugins are available now: ◦ Contiv – Network plugin from Cisco. Supports L2 and L3 physical topology. Integrates with Cisco ACI. Also provides policy based networking. ◦ Calico – Follows Layer3 rather than overlay approach. Uses policy based networking. ◦ Weave – Follows Overlay approach ◦ Kuryr – Uses openstack Neutron to provide container networking Docker Network plugins
 Docker does the IP address management by providing subnets for networks and IP addresses for containers.  For default “bridge” network, custom subnet can be specified in Docker daemon options.  Users can specify their own subnet while creating networks and specify IP when creating containers. Following example illustrates this. docker network create --subnet=172.19.0.0/16 mynet docker run --ip 172.19.0.22 -it --network mynet smakam/myubuntu:v4 bash  Using remote IPAM plugin, IP addresses can be managed by external application instead by Docker.  Remote IPAM plugin can be specified using “--ipam-driver” option while creating Docker network. Infoblox is an example of external Docker IPAM plugin.  Docker also supports assignment of IPV6 addresses for Containers. IP Address management
Default Networks created by Docker  “bridge” is the default Bridge network  “docker_gwbridge” is used by multi-host networks to connect to outside world  “host” network is used for having containers in host namespace  “ingress” network is used for routing mesh  “none” network is used when Containers don’t need any networking  “Scope” signifies if the network is local to host or across the Swarm cluster
 In this mode, Swarm is not integrated with Docker engine and it runs as a separate container.  Needs separate KV store like Consul, etcd.  Supported in Docker prior to version 1.12  This is a legacy mode that is deprecated currently Legacy Swarm mode https://www.slideshare.net/Docker/docker-online-meetup-28-productionready-docker-swarm
 Orchestration supported by Docker from 1.12 version.  Using Raft protocol, Managers maintain state of Swarm nodes as well as services running on them.  Gossip protocol is used by workers to establish control plane between them. Only workers in same network exchange state associated with that network.  Control plane is encrypted by default. Data plane can be optionally encrypted using “--opt encrypted” when creating network.  No separate KV store is needed with Swarm mode.  Prior to Docker 17.06, Swarm mode was supported only with Overlay driver. Post 17.06, all network drivers are supported with Swarm mode. Swarm Mode https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/#manager-nodes
Service Discovery  Service discovery is provided by DNS server available in Docker engine.  For unmanaged containers, container name resolves to container IP. Alias names can be also be used.  For services using service IP(endpoint mode=vip), service name resolves to service IP which in turn forwards the request to containers. In this case, ipvs based L4 load balancing is done.  For services using direct DNS(endpoint mode=dnsrr), service name directly resolves to container IP. In this case, DNS round robin load balancing is done.  Service Discovery is network scoped. Only containers in same network can discover each other.
 For unmanaged containers, load balancing is done using simple round robin load balancing. Using aliases, a single alias can load balance to multiple unmanaged containers .  Docker takes care of load balancing internal services to the containers associated with the services.  For services using service IP(endpoint mode=vip), ipvs and iptables are used to load balance. This provides L4 based load balancing. Ipvs is Linux kernel load balancing feature.  For services using direct DNS(endpoint mode=dnsrr), DNS round robin balancing is used.  For services exposed externally, Docker uses routing mesh to expose the service on all Swarm nodes. Routing mesh uses “ingress” network to connect all nodes.  For HTTP based load balancing, HRM(HTTP Routing mesh) can be used. This is supported only with Docker EE. Load balancing Picture from Docker white paper
Swarm Networking - Sample application detail  The application will be deployed in 2 node Swarm cluster.  “client” service has 1 client container task. “vote” service has multiple vote container tasks. Client service is used to access multi-container voting service. This application is deployed in a multi-node Swarm cluster.  “vote” services can be accessed from “client” service as well as from outside the swarm cluster. docker network create -d overlay overlay1 docker service create --replicas 1 --name client --network overlay1 smakam/myubuntu:v4 sleep infinity docker service create --name vote --network overlay1 --mode replicated --replicas 2 --publish mode=ingress,target=80,published=8080 instavote/vote
Swarm Networking - Application access flow “Client” service accessing “vote” service using “overlay” network Accessing “vote” service using “ingress” network externally
Swarm Application - Networking detail  Sandboxes and “vote” containers are part of “ingress” network and it helps in routing mesh.  “client” and “vote” containers are part of “overlay1” network and it helps in service connectivity.  All containers are part of the default “docker_gwbridge” network. This helps for external access when services gets exposed using publish mode “host”
Compare Docker and Kubernetes Networking Feature Docker Kubernetes Abstraction Container Pod Standard CNM CNI Service discovery Embedded DNS Kube-dns Internal load balancing Iptables and ipvs Iptables and Kube- proxy External load balancing Routing mesh Nodeport External plugins Weave, Calico, Contiv Flannel, Weave, Calico, Contiv Note: Implementation differences are not captured
Docker Network debug commands  Basic Swarm debugging: Docker node ls  Service and Container debugging: Docker service logs <service name/id> Docker service inspect <service name/id> Docker container logs <container name/id> Docker container inspect <container name/id>  Network debugging: Docker network inspect <network name/id> Use “-v” option for verbose output
Troubleshooting using debug container • All Linux networking tools are packaged inside “nicolaka/netshoot”(https://github.com/nicolaka/netshoot) container. This can be used for debugging. • Using this debug container avoids installation of any debug tools inside the container or host. • Linux networking tools like tcpdump, netstat can be accessed from container namespace or host namespace. Capture port 80 packets in the Container: docker run -ti --net container:<containerid> nicolaka/netshoot tcpdump –i eth0 –n port 80 Capture vxlan packets in the host: docker run -ti --net host nicolaka/netshoot tcpdump –i eth1 –n port 4789 • Debug container can also be used to get inside container namespace, network namespace and do debugging. Inside the namespace, we can run commands like “ifconfig”, “ip route”, “brctl show” to debug further. Starting nsenter using debug container: docker run -it --rm -v /var/run/docker/netns:/var/run/docker/netns --privileged=true nicolaka/netshoot Getting inside container or network namespace: nsenter –net /var/run/docker/netns/<networkid> sh
References  White paper on Docker networking  HRM and UCP White paper  Docker Networking Dockercon 2017 presentation  Docker blogs by me  Docker Networking – common issues and troubleshooting techniques
DEMO

Recommended

Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
Docker Basics
Docker BasicsDocker Basics
Docker BasicsDuckDuckGo
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Docker Networking
Docker NetworkingDocker Networking
Docker NetworkingKingston Smiler
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionEric Gustafson
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 

Recommended

Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Introduction to Docker Compose
Introduction to Docker ComposeIntroduction to Docker Compose
Introduction to Docker ComposeAjeet Singh Raina
 
Docker Basics
Docker BasicsDocker Basics
Docker BasicsDuckDuckGo
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
Docker Networking
Docker NetworkingDocker Networking
Docker NetworkingKingston Smiler
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionEric Gustafson
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker, Inc.
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!
 
Docker introduction (1)
Docker introduction (1)Docker introduction (1)
Docker introduction (1)Gourav Varma
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Herofazalraja
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Simplilearn
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersYajushi Srivastava
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Docker architecture-04-1
Docker architecture-04-1Docker architecture-04-1
Docker architecture-04-1Mohammadreza Amini
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics CodeOps Technologies LLP
 
Docker swarm
Docker swarmDocker swarm
Docker swarmAlberto Guimarães Viana
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with dockerBangladesh Network Operators Group
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with KubernetesEastBanc Tachnologies
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes BasicsEueung Mulyana
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 

More Related Content

What's hot

Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!
 
Docker introduction (1)
Docker introduction (1)Docker introduction (1)
Docker introduction (1)Gourav Varma
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Herofazalraja
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Simplilearn
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersYajushi Srivastava
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 

What's hot (20)

Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
 
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...
 
Docker introduction (1)
Docker introduction (1)Docker introduction (1)
Docker introduction (1)
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Hero
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and Containers
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Docker architecture-04-1
Docker architecture-04-1Docker architecture-04-1
Docker architecture-04-1
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 
Docker swarm
Docker swarmDocker swarm
Docker swarm
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with Docker
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 

Similar to Docker Networking Overview

Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerThierry Gayet
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingDocker, Inc.
 
Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker, Inc.
 
Docker meetup
Docker meetupDocker meetup
Docker meetupsyed1
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with DockerDaniel Finneran
 
Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Dan Mackin
 
MySQL | My SQL docker containerization | Docker Network
MySQL | My SQL docker containerization | Docker NetworkMySQL | My SQL docker containerization | Docker Network
MySQL | My SQL docker containerization | Docker Networkshrenikp
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with DockerAndrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with DockerAndrey Hristov
 
Deploying Microservice on Docker
Deploying Microservice on DockerDeploying Microservice on Docker
Deploying Microservice on DockerKnoldus Inc.
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
Lessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networkingLessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networkingTony Georgiev
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 PresentationSreenivas Makam
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Ajeet Singh Raina
 

Similar to Docker Networking Overview (20)

Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on Docker
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slides
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with Docker
 
Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)Docker Networking - Boulder Linux Users Group (BLUG)
Docker Networking - Boulder Linux Users Group (BLUG)
 
MySQL | My SQL docker containerization | Docker Network
MySQL | My SQL docker containerization | Docker NetworkMySQL | My SQL docker containerization | Docker Network
MySQL | My SQL docker containerization | Docker Network
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in Docker
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
 
Docker 101
Docker 101Docker 101
Docker 101
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
Deploying Microservice on Docker
Deploying Microservice on DockerDeploying Microservice on Docker
Deploying Microservice on Docker
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Lessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networkingLessons learned in reaching multi-host container networking
Lessons learned in reaching multi-host container networking
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
 

More from Sreenivas Makam

GKE Tip Series - Usage Metering
GKE Tip Series - Usage MeteringGKE Tip Series - Usage Metering
GKE Tip Series - Usage MeteringSreenivas Makam
 
GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run Sreenivas Makam
 
Kubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystemKubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystemSreenivas Makam
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
 
How Kubernetes helps Devops
How Kubernetes helps DevopsHow Kubernetes helps Devops
How Kubernetes helps DevopsSreenivas Makam
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingSreenivas Makam
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsSreenivas Makam
 
Docker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverDocker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverSreenivas Makam
 
Compare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudCompare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudSreenivas Makam
 
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesDocker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesSreenivas Makam
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
CoreOS Overview and Current Status
CoreOS Overview and Current StatusCoreOS Overview and Current Status
CoreOS Overview and Current StatusSreenivas Makam
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumSreenivas Makam
 
Docker 1.9 Feature Overview
Docker 1.9 Feature OverviewDocker 1.9 Feature Overview
Docker 1.9 Feature OverviewSreenivas Makam
 

More from Sreenivas Makam (18)

GKE Tip Series - Usage Metering
GKE Tip Series - Usage MeteringGKE Tip Series - Usage Metering
GKE Tip Series - Usage Metering
 
GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run GKE Tip Series how do i choose between gke standard, autopilot and cloud run
GKE Tip Series how do i choose between gke standard, autopilot and cloud run
 
Kubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystemKubernetes design principles, patterns and ecosystem
Kubernetes design principles, patterns and ecosystem
 
My kubernetes toolkit
My kubernetes toolkitMy kubernetes toolkit
My kubernetes toolkit
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKE
 
How Kubernetes helps Devops
How Kubernetes helps DevopsHow Kubernetes helps Devops
How Kubernetes helps Devops
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
 
Docker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverDocker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driver
 
Compare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudCompare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloud
 
Docker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notesDocker Mentorweek beginner workshop notes
Docker Mentorweek beginner workshop notes
 
Devops in Networking
Devops in NetworkingDevops in Networking
Devops in Networking
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and Kubernetes
 
CoreOS Overview and Current Status
CoreOS Overview and Current StatusCoreOS Overview and Current Status
CoreOS Overview and Current Status
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and Tutum
 
Docker 1.9 Feature Overview
Docker 1.9 Feature OverviewDocker 1.9 Feature Overview
Docker 1.9 Feature Overview
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Docker Networking Overview

  • 1. DOCKER NETWORKING OVERVIEW ( As of Docker 17.06 version) Presenter’s Name: Sreenivas Makam Presented At: Cisco Systems Presentation Date: July 5th, 2017
  • 2. About me  Senior Engineering Manager at Cisco Systems Data Center group  Author of “Mastering CoreOS” https://www.packtpub.com/networking- and-servers/mastering-coreos/ )  Docker Captain(https://www.docker.com/community/docker-captains )  Blog: https://sreeninet.wordpress.com/  Projects: https://github.com/smakam  LinkedIn: https://in.linkedin.com/in/sreenivasmakam  Twitter: @srmakam
  • 3. Terminology  Unmanaged containers ─ No orchestration ─ Created using “docker run”  Managed services ─ Orchestration using Swarm ─ Created using “docker service create”  Legacy Swarm refers to pre Docker 1.12 Swarm mode  Swarm refers to post Docker 1.12 Swarm mode Note:  All examples in this slide deck use Docker version 17.06 and below.  Primary focus is on Docker Linux Networking
  • 4. Why we need Container Networking?  Containers need to talk to external world.  Reach Containers from external world to use the service that Containers provides.  Allows Containers to talk to host machine.  Inter-container connectivity in same host and across hosts.  Discover services provided by containers automatically.  Load balance traffic between different containers in a service  Provide secure multi-tenant services
  • 5. Feature Container VM Isolation Network isolation achieved using Network namespace. Separate networking stack per VM Service Typically, Services gets separate IP and maps to multiple containers Multiple services runs in a single VM Service Discovery and Load balancing Microservices done as Containers puts more emphasis on integrated Service discovery Service Discovery and Load balancing typically done outside Scale As Container scale on a single host can run to hundreds, host networking has to be very scalable. Host networking scale needs are not as high Implementation Docker Engine and Linux bridge Hypervisor and Linux/OVS bridge Compare Container Networking with VM Networking
  • 6. Docker Networking components Docker Networking Network Drivers (Bridge, Host, Overlay, Macvlan, External plugins) IPAM Swarm Networking(Raft Mgmt , Gossip control , Vxlan data planes) Service Discovery Load balancing(Routing Mesh, HRM) Encryption (Control & Data plane)
  • 7. CNI and CNM – Standards for Container Networking • Project started by Docker. • Keep networking as a library separate from the Container runtime. • Networking implementation will be done as a plugin implemented by drivers. • IP address assignment for the Containers is done using local IPAM drivers and plugins. • Supported local drivers are bridge, overlay, macvlan, ipvlan. Supported remote drivers are Weave, Calico, Contiv etc. • Project started by CoreOS. Used by Cloudfoundry, Mesos and Kubernetes. • The CNI interface calls the API of the CNI plugin to set up Container networking. • The CNI plugin calls the IPAM plugin to set up the IP address for the container. • Available CNI plugins are Bridge, macvlan, ipvlan, and ptp. Available IPAM plugins are host-local and DHCP. • External CNI plugins examples – Flannel, Weave, Contiv etc CNM CNI
  • 8. Sandbox — A Sandbox contains the configuration of a container's network stack. In Docker example, Container network namespace is the equivalent of Sandbox. Endpoint — An Endpoint joins a Sandbox to a Network. Eth0 and veth are the endpoints in above example. Network — Multiple endpoints share a network. In other words, only endpoints located in same network can talk to each other. In above example, docker0 is the bridge network. CNM constructs CNM usage in Docker Picture from Docker white paper CNM and Libnetwork Sandbox Network Endpoint
  • 9. Compare Docker Network driver types Driver/ Features Bridge User defined bridge Host Overlay Macvlan/ipvl an Connectivity Same host Same host Same host Multi-host Multi-host Service Discovery and DNS Using “links”. DNS using /etc/hosts Done using DNS server in Docker engine Done using DNS server in Docker engine Done using DNS server in Docker engine Done using DNS server in Docker engine External connectivity NAT NAT Use Host gateway No external connectivity Uses underlay gateway Namespace Separate Separate Same as host Separate Separate Swarm mode 1 No support yet No support yet No support yet Supported No support yet Encapsulation No double encap No double encap No double encap Double encap using Vxlan No double encap Application North, South external access North, South external access Need full networking control, isolation not needed Container connectivity across hosts Containers needing direct underlay networking 1 – 17.06 introduces Swarm mode for all network drivers
  • 10. Bridge Driver  Used by “docker0” bridge and user-defined bridges.  “docker0” bridge is created by default. User has the choice to change “docker0” bridge options by specifying them in Docker daemon config.  User-defined bridges can be created using “docker network create” with “bridge” driver.  Used for connectivity between containers in same host and for external North<->South connectivity.  Services running inside Containers can be exposed by NAT/port forwarding.  External access is provided by masquerading. docker run -d -p 8080:80 --network bridge --name web nginx Picture from Docker white paper
  • 11. Docker Container Networking – Bridge driver
  • 12.  Used for container connectivity across hosts.  Before Docker 1.12 version, Overlay driver needed external KV store. After 1.12, external KV store is not needed.  Containers connected to overlay network also get connected to “docker_bwbridge” for external access.  Vxlan is used for encapsulation. docker network create --driver overlay onet docker run -ti --name client --network onet smakam/myubuntu:v4 bash docker run -d --name web --network onet nginx Overlay Driver Picture from Docker white paper
  • 13.  Macvlan allows a single physical interface to have multiple mac and ip addresses using macvlan sub- Interfaces  Macvlan driver allows for containers to directly connect to underlay network. Works well for connectivity to legacy applications.  Provides connectivity within a single host as well as across hosts. docker network create -d macvlan -- subnet=192.168.0.0/16 --ip-range=192.168.2.0/24 -o macvlan_mode=bridge -o parent=eth1 macvlan1 docker run -d --name web1 --network macvlan1 nginx docker run -d --name web2 --network macvlan1 nginx Macvlan driver Picture from Docker white paper
  • 14.  Extends functionality of Docker networking by using plugins to implement networking control and data plane.  Docker provides batteries included approach where user has a choice of using Docker network drivers or plugins provided by other vendors.  Using plugins, switch vendors can get Docker integrated with their custom switches having special features or with custom features like policy based networking.  Docker network plugins follow CNM(libnetwork) model.  Docker 1.13.1+ included support for global scoped network plugins that allows network plugins to work in Swarm mode.  Following network plugins are available now: ◦ Contiv – Network plugin from Cisco. Supports L2 and L3 physical topology. Integrates with Cisco ACI. Also provides policy based networking. ◦ Calico – Follows Layer3 rather than overlay approach. Uses policy based networking. ◦ Weave – Follows Overlay approach ◦ Kuryr – Uses openstack Neutron to provide container networking Docker Network plugins
  • 15.  Docker does the IP address management by providing subnets for networks and IP addresses for containers.  For default “bridge” network, custom subnet can be specified in Docker daemon options.  Users can specify their own subnet while creating networks and specify IP when creating containers. Following example illustrates this. docker network create --subnet=172.19.0.0/16 mynet docker run --ip 172.19.0.22 -it --network mynet smakam/myubuntu:v4 bash  Using remote IPAM plugin, IP addresses can be managed by external application instead by Docker.  Remote IPAM plugin can be specified using “--ipam-driver” option while creating Docker network. Infoblox is an example of external Docker IPAM plugin.  Docker also supports assignment of IPV6 addresses for Containers. IP Address management
  • 16. Default Networks created by Docker  “bridge” is the default Bridge network  “docker_gwbridge” is used by multi-host networks to connect to outside world  “host” network is used for having containers in host namespace  “ingress” network is used for routing mesh  “none” network is used when Containers don’t need any networking  “Scope” signifies if the network is local to host or across the Swarm cluster
  • 17.  In this mode, Swarm is not integrated with Docker engine and it runs as a separate container.  Needs separate KV store like Consul, etcd.  Supported in Docker prior to version 1.12  This is a legacy mode that is deprecated currently Legacy Swarm mode https://www.slideshare.net/Docker/docker-online-meetup-28-productionready-docker-swarm
  • 18.  Orchestration supported by Docker from 1.12 version.  Using Raft protocol, Managers maintain state of Swarm nodes as well as services running on them.  Gossip protocol is used by workers to establish control plane between them. Only workers in same network exchange state associated with that network.  Control plane is encrypted by default. Data plane can be optionally encrypted using “--opt encrypted” when creating network.  No separate KV store is needed with Swarm mode.  Prior to Docker 17.06, Swarm mode was supported only with Overlay driver. Post 17.06, all network drivers are supported with Swarm mode. Swarm Mode https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/#manager-nodes
  • 19. Service Discovery  Service discovery is provided by DNS server available in Docker engine.  For unmanaged containers, container name resolves to container IP. Alias names can be also be used.  For services using service IP(endpoint mode=vip), service name resolves to service IP which in turn forwards the request to containers. In this case, ipvs based L4 load balancing is done.  For services using direct DNS(endpoint mode=dnsrr), service name directly resolves to container IP. In this case, DNS round robin load balancing is done.  Service Discovery is network scoped. Only containers in same network can discover each other.
  • 20.  For unmanaged containers, load balancing is done using simple round robin load balancing. Using aliases, a single alias can load balance to multiple unmanaged containers .  Docker takes care of load balancing internal services to the containers associated with the services.  For services using service IP(endpoint mode=vip), ipvs and iptables are used to load balance. This provides L4 based load balancing. Ipvs is Linux kernel load balancing feature.  For services using direct DNS(endpoint mode=dnsrr), DNS round robin balancing is used.  For services exposed externally, Docker uses routing mesh to expose the service on all Swarm nodes. Routing mesh uses “ingress” network to connect all nodes.  For HTTP based load balancing, HRM(HTTP Routing mesh) can be used. This is supported only with Docker EE. Load balancing Picture from Docker white paper
  • 21. Swarm Networking - Sample application detail  The application will be deployed in 2 node Swarm cluster.  “client” service has 1 client container task. “vote” service has multiple vote container tasks. Client service is used to access multi-container voting service. This application is deployed in a multi-node Swarm cluster.  “vote” services can be accessed from “client” service as well as from outside the swarm cluster. docker network create -d overlay overlay1 docker service create --replicas 1 --name client --network overlay1 smakam/myubuntu:v4 sleep infinity docker service create --name vote --network overlay1 --mode replicated --replicas 2 --publish mode=ingress,target=80,published=8080 instavote/vote
  • 22. Swarm Networking - Application access flow “Client” service accessing “vote” service using “overlay” network Accessing “vote” service using “ingress” network externally
  • 23. Swarm Application - Networking detail  Sandboxes and “vote” containers are part of “ingress” network and it helps in routing mesh.  “client” and “vote” containers are part of “overlay1” network and it helps in service connectivity.  All containers are part of the default “docker_gwbridge” network. This helps for external access when services gets exposed using publish mode “host”
  • 24. Compare Docker and Kubernetes Networking Feature Docker Kubernetes Abstraction Container Pod Standard CNM CNI Service discovery Embedded DNS Kube-dns Internal load balancing Iptables and ipvs Iptables and Kube- proxy External load balancing Routing mesh Nodeport External plugins Weave, Calico, Contiv Flannel, Weave, Calico, Contiv Note: Implementation differences are not captured
  • 25. Docker Network debug commands  Basic Swarm debugging: Docker node ls  Service and Container debugging: Docker service logs <service name/id> Docker service inspect <service name/id> Docker container logs <container name/id> Docker container inspect <container name/id>  Network debugging: Docker network inspect <network name/id> Use “-v” option for verbose output
  • 26. Troubleshooting using debug container • All Linux networking tools are packaged inside “nicolaka/netshoot”(https://github.com/nicolaka/netshoot) container. This can be used for debugging. • Using this debug container avoids installation of any debug tools inside the container or host. • Linux networking tools like tcpdump, netstat can be accessed from container namespace or host namespace. Capture port 80 packets in the Container: docker run -ti --net container:<containerid> nicolaka/netshoot tcpdump –i eth0 –n port 80 Capture vxlan packets in the host: docker run -ti --net host nicolaka/netshoot tcpdump –i eth1 –n port 4789 • Debug container can also be used to get inside container namespace, network namespace and do debugging. Inside the namespace, we can run commands like “ifconfig”, “ip route”, “brctl show” to debug further. Starting nsenter using debug container: docker run -it --rm -v /var/run/docker/netns:/var/run/docker/netns --privileged=true nicolaka/netshoot Getting inside container or network namespace: nsenter –net /var/run/docker/netns/<networkid> sh
  • 27. References  White paper on Docker networking  HRM and UCP White paper  Docker Networking Dockercon 2017 presentation  Docker blogs by me  Docker Networking – common issues and troubleshooting techniques
  • 28. DEMO

Editor's Notes

  1. https://www.weave.works/docs/net/latest/plugin-v2/ https://docs.docker.com/engine/extend/#installing-and-using-a-plugin
  2. https://github.com/infobloxopen/docker-infoblox
  3. Microsoft Confidential