SlideShare a Scribd company logo

Docker SDN (software-defined-networking) JUG

Download as PPTX, PDF
Piotr Kieszczyński
Piotr Kieszczyński

Piotr Kieszczynski gave a presentation on network solutions for Docker. Some key points: - Docker's default network assigns each container a static IP on the Linux bridge docker0, but outside traffic cannot reach containers. - Solutions like port mapping, host networking, and connecting containers allow external access but require IP management. - Projects like Weave, Calico, Flannel, SocketPlane, and Pipework automate networking between containers and hosts using overlays like GRE tunnels or OVS. - Docker 1.7 includes a new libnetwork for container networking with a common network model and tools to manage networks.

Technology
1 of 35
Docker - SDN 1
Who is this guy? But seriously - who is this guy? 1 2
Hello! I AM PIOTR KIESZCZYNSKI I am here because I love giving presentations. You can find me at @pkieszcz 3
Workrafrolic ◦ Linux since Mandrake 6 ◦ Automate all the things (600+ semi automated hosts…) ◦ AWS automation starts with CLI ◦ CI ◦ HPC (grid networks) ◦ Kerberos v5 (major error / minor error) ◦ System Administrator @ Seamless Poland FEW WORDS ABOUT MYSELF Personal stuff ◦ Sailing ◦ TV series ◦ Swimming ◦ Music festivals 4
ERS360 / TS / SEQR https://seamless.se/ SEAMLESS POLAND 5
https://www.seqr.com/int/ SEQR 6
Network solutions for Docker Docker networking is: ◦ Still in early stages (not anymore?!) ◦ The default network assigned is a port on Linux bridge docker0 ◦ docker inspect -- format='{{.NetworkSettings}}' 53720b3581be 7
Network solutions for Docker What network solutions do we have now? ◦ Docker specific networking (--net=container, - p and socket) ◦ Bridge + DHCP + VLAN ◦ OVS ◦ Flannel ◦ Weave ◦ Project Calico ◦ SocketPlane ◦ More and more incoming… ◦ Docker 1.7 libnetwork 8
Docker0 bridge ◦ Default network is automatically created when no additional options “--net“ or “-P” are specified ◦ Each container is addressed by a static IP address assigned by Docker ◦ Similar to what we have as default in KVM or VirtualBox ◦ Host can reach container with IP on the bridge ◦ However outside traffic cannot reach the container 9
Docker0 bridge # iptables -L -t nat -n … Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 … # brctl show bridge name bridge id STP enabled interfaces docker0 8000.56847afe9799 no veth05a3408 vethd88b38d 10
Port mapping ◦ Providing access to the container from outside by allocating a DNAT port in the range 49153-65535 ◦ Using Linux bridge docker0, but adds iptables rules for the DNAT ◦ docker run -P -itd nginx 11
Host and container ◦ Give full access of the host network to container using --net=host ◦ docker run --net=host --name c1 -itd ubuntu ◦ docker exec c1 ifconfig eth0 ◦ Give full access to network of the container XX to a new container YY with -- net=container:XX ◦ docker run --net=container:nginx --name c2 -itd ubuntu ◦ docker exec c2 ifconfig eth0 12
How it’s done “manually” sudo mkdir -p /var/run/netns sudo modprobe ip_nat_ftp nf_conntrack_ftp #Create a bridge start_bridge () { # args: BRIDGE_NAME sudo brctl addbr $1 &>/dev/null || return sudo ip link set $1 up echo Created bridge: $1 } 13
start_container () { hostname=$1 image=$2 port=$3 container=${hostname%%.*} pid=$(docker inspect -f '{{.State.Pid}}' $container 2>/dev/null) if [ "$?" = "1" ] then if [ -n "$port" ] then netopts="--publish=$port:22" else netopts="--net=none" fi docker run --name=$container --hostname=$hostname --dns=10.1.1.1 --dns-search=example.com "$netopts" -d $image elif [ "$pid" = "0" ] then docker start $container >/dev/null else return fi pid=$(docker inspect -f '{{.State.Pid}}' $container) sudo rm -f /var/run/netns/$container sudo ln -s /proc/$pid/ns/net /var/run/netns/$container echo Container started: $container } How it’s done “manually” #2 14
create_interface () { # # Given an interface name "www-eth0", create both an interface with # that name and also a peer that is connected to it. Place the peer # in the container "www" and give it the name "eth0" there. # interface=$1 container=${interface%%-*} short_name=${interface##*-} sudo ip link add $interface type veth peer name P &>/dev/null || return give_interface_to_container P $container $short_name echo Created interface: $interface } give_interface_to_container () { # args: OLD_NAME CONTAINER NEW_NAME sudo ip link set $1 netns $2 sudo ip netns exec $2 ip link set dev $1 name $3 sudo ip netns exec $2 ip link set $3 up } How it’s done “manually” #3 15
bridge_add_interface () { bridge=$1 interface=$2 sudo brctl addif $bridge $interface &>/dev/null || return sudo ip link set dev $interface up echo Bridged interface: $interface } How it’s done “manually” #4 16
Build it “manually” #!/bin/bash start_container example.com ubuntu create_interface h1-eth1 bridge_add_interface homeA h1-eth1 sudo ip netns exec example ip addr add 10.11.1.1/32 dev eth0 sudo ip netns exec example ip route add 10.1.1.1/32 dev eth0 sudo ip netns exec example ip route add default via 10.1.1.1 17
Why it sucks “literally” ◦ BASH is for stuff that just “works” ◦ Doesn’t scale at all ◦ You have to manually change stuff ◦ No error handling ◦ IP “management” ◦ No need for reinventing the wheel ◦ Routing, NATs and VLANs ◦ This stuff won’t work on CoreOS (doh!) ◦ Many other possible reasons 18
CoreOS (cloud-init) #brigde - name: 20-br800.netdev runtime: true content: | [NetDev] Name=br800 Kind=bridge #vlan - name: 00-vlan800.netdev runtime: true content: | [NetDev] Name=vlan800 Kind=vlan [VLAN] Id=800 19
CoreOS (cloud-init) #2 #subinterface - name: 10-eth1.network runtime: true content: | [Match] Name=eth1 [Network] DHCP=yes VLAN=vlan800 #attach - name: 30-attach.network runtime: true content: | [Match] Name=vlan800 [Network] Bridge=br800 20
DHCP + VLAN + Brigde vconfig add eth0 100 brctl add br100 brctl addif br100 eth0.100 ip link add c1-eth1 type veth peer name P dhclient on container (issue with --priviliged) or DOCKER_OPTS=’-e lxc’ then docker run with --lxc.config.* docker run --net="none" --lxc-conf="lxc.network.type = veth" --lxc- conf="lxc.network.ipv4 = 192.168.20.30/24" --lxc-conf="lxc.network.ipv4.gateway = 192.168.20.1" --lxc-conf="lxc.network.link = br800" --lxc-conf="lxc.network.name = eth0" --lxc-conf="lxc.network.flags = up" -d 21
DHCP issue? Requires trunk! auto eth0.200 iface eth0.200 inet static address 10.0.1.1 netmask 255.255.255.0 iface eth0.201 inet6 static address 10.0.2.1 netmask 255.255.255.0 iface eth0.202 inet6 static address 10.0.3.1 netmask 255.255.255.0 22
DHCP issue? For each subnet... subnet 10.0.1.0 netmask 255.255.255.0 { range 10.0.1.10 10.0.1.20; # you might point some other address # within that subnet that should be advertised as router # it does not have to be your linux box option routers 10.0.1.1; option broadcast-address 10.0.1.255; authoritative; } 23
Weave 24
Weave 25
Description Extra daemon Kinda slow Builds GRE tunnel between hosts Manual IP management Weave Run weave launch C=$(weave run 10.2.1.1/24 -t - i ubuntu) weave launch $HOST1 C=$(weave run 10.2.1.2/24 -t - i ubuntu) 26
Description Supports policy No VLANs No Subnets You have to specify IP manually Projet Calico Run docker run -e CALICO_IP=XXX -itd ubuntu ./calicoctl node -- ip=172.17.8.101 --name workload-a --tid busybox ./calicoctl profile add PROF_A ./calicoctl profile PROF_A add workload-a 27
Flannel (CoreOS) 28
Description Shipped with CoreOS Randomly attaches subnets (randomly) to each flannel host Overrides --bip for docker daemon so every container will be created just in this subnet No VLAN support No extra parameters with docker run How it’s related to the task? Flannel (CoreOS) Config { "Network": "10.0.0.0/8", "SubnetLen": 24, "SubnetMin": "10.10.0.0", "SubnetMax": "10.99.0.0", "Backend": {"Type" : "udp", "Port": 7890} } 29
Description Built by French docker DevOps guy (jpetazzo) Supports some overrides Supports DHCP / VLAN Pipework Run docker run -name web1 -d apache pipework br1 web1 192.168.12.23/20 pipework br1 $CONTAINERID 192.168.4.25/20@192.168.4.1 pipework eth1 $CONTAINERID dhcp pipework ovsbr0 $(docker run -d zerorpcworker) dhcp @10 30
Description Consul CoreOS support DHCP OVS VLANs Strange IP management (best solution for the task?) SocketPlane Run socketplane network create web 10.2.0.0/16 socketplane run -n web -itd ubuntu 31
RPI fanbois ◦ Hypriot team done a GREAT job ◦ Easy docker for your RaspberryPI ◦ Contest (1000+ httpd on RPIv2) ◦ I’ll show you mine, if you show me yours 32
Fresh improvements 33
Docker 1.7 libnetwork (near and bright future included) What libnetwork gives us ◦ https://github.com/docker/docker/issues/9983 ◦ Container Network Model ◦ docker net tool (join/create/destroy..) 34
Thanks! ANY QUESTIONS? You can find me at @pkieszcz (social media jazz) iFixStuff.io piotr.kieszczynski@gmail.com 35

Recommended

Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
Hervé Leclerc
 
Weave Networking on Docker
Weave Networking on DockerWeave Networking on Docker
Weave Networking on DockerStylight
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Docker network
Docker networkDocker network
Docker network
Mohammadreza Amini
 
Tutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networkingTutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networking
LorisPack Project
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
Weaveworks
 
Building a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitchBuilding a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitch
Goran Cetusic
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep dive
Madhu Venugopal
 

Recommended

Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
Hervé Leclerc
 
Weave Networking on Docker
Weave Networking on DockerWeave Networking on Docker
Weave Networking on DockerStylight
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Docker network
Docker networkDocker network
Docker network
Mohammadreza Amini
 
Tutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networkingTutorial on using CoreOS Flannel for Docker networking
Tutorial on using CoreOS Flannel for Docker networking
LorisPack Project
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
Weaveworks
 
Building a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitchBuilding a network emulator with Docker and Open vSwitch
Building a network emulator with Docker and Open vSwitch
Goran Cetusic
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep dive
Madhu Venugopal
 
青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
Zhichao Liang
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
syed1
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
LorisPack Project
 
Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"
Avash Mulmi
 
Docker networking
Docker networkingDocker networking
Docker networking
Alvaro Saurin
 
Installation Openstack Swift
Installation Openstack SwiftInstallation Openstack Swift
Installation Openstack Swift
ymtech
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker Containers
Attila Kanto
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
snrism
 
Docker command
Docker commandDocker command
Docker command
Eric Ahn
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
Eueung Mulyana
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
LorisPack Project
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリング
Yuji ODA
 
Docker Multihost Networking
Docker Multihost Networking Docker Multihost Networking
Docker Multihost Networking
Nicola Kabar
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS intro
Timo Derstappen
 
Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA
Docker, Inc.
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
Adrien Blind
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
Timo Derstappen
 
CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015
Brandon Philips
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
Kingston Smiler
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
Matthew Jones
 
How Supplements for Energy can help Women
How Supplements for Energy can help WomenHow Supplements for Energy can help Women
How Supplements for Energy can help Women
Sprayable Inc
 
How Caffeine Supplements can be a great way to help athletes
How Caffeine Supplements can be a great way to help athletesHow Caffeine Supplements can be a great way to help athletes
How Caffeine Supplements can be a great way to help athletes
Sprayable Inc
 

More Related Content

What's hot

青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
Zhichao Liang
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
syed1
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
LorisPack Project
 
Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"
Avash Mulmi
 
Docker networking
Docker networkingDocker networking
Docker networking
Alvaro Saurin
 
Installation Openstack Swift
Installation Openstack SwiftInstallation Openstack Swift
Installation Openstack Swift
ymtech
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker Containers
Attila Kanto
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
snrism
 
Docker command
Docker commandDocker command
Docker command
Eric Ahn
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
Eueung Mulyana
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
LorisPack Project
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリング
Yuji ODA
 
Docker Multihost Networking
Docker Multihost Networking Docker Multihost Networking
Docker Multihost Networking
Nicola Kabar
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS intro
Timo Derstappen
 
Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA
Docker, Inc.
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
Adrien Blind
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
Timo Derstappen
 
CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015
Brandon Philips
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
Kingston Smiler
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
Matthew Jones
 

What's hot (20)

青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes 青云CoreOS虚拟机部署kubernetes
青云CoreOS虚拟机部署kubernetes
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
 
Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"Docker Network Overview and legacy "--link"
Docker Network Overview and legacy "--link"
 
Docker networking
Docker networkingDocker networking
Docker networking
 
Installation Openstack Swift
Installation Openstack SwiftInstallation Openstack Swift
Installation Openstack Swift
 
Networking in Docker Containers
Networking in Docker ContainersNetworking in Docker Containers
Networking in Docker Containers
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
 
Docker command
Docker commandDocker command
Docker command
 
Learning kubernetes
Learning kubernetesLearning kubernetes
Learning kubernetes
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
 
CoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリングCoreOSによるDockerコンテナのクラスタリング
CoreOSによるDockerコンテナのクラスタリング
 
Docker Multihost Networking
Docker Multihost Networking Docker Multihost Networking
Docker Multihost Networking
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS intro
 
Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
 
CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
 

Viewers also liked

How Supplements for Energy can help Women
How Supplements for Energy can help WomenHow Supplements for Energy can help Women
How Supplements for Energy can help Women
Sprayable Inc
 
How Caffeine Supplements can be a great way to help athletes
How Caffeine Supplements can be a great way to help athletesHow Caffeine Supplements can be a great way to help athletes
How Caffeine Supplements can be a great way to help athletes
Sprayable Inc
 
Are Caffeine Pills Bad For Your Health?
Are Caffeine Pills Bad For Your Health?Are Caffeine Pills Bad For Your Health?
Are Caffeine Pills Bad For Your Health?
Sprayable Inc
 
Borang a2
Borang a2Borang a2
Borang a2
DARKNEZZZZZ
 
vijay parmarcv_2014
vijay parmarcv_2014 vijay parmarcv_2014
vijay parmarcv_2014 vijay parmar
 
CV - SiaAiza
CV - SiaAizaCV - SiaAiza
CV - SiaAizaAiza Sia
 
REM - CAMEL TTB INITATIVES- 2010 IN-1
REM - CAMEL TTB INITATIVES- 2010 IN-1REM - CAMEL TTB INITATIVES- 2010 IN-1
REM - CAMEL TTB INITATIVES- 2010 IN-1Jared M. Sigler
 
Bebidas frescas
Bebidas frescasBebidas frescas
Bebidas frescas
yeissondair
 
Agüeros creencias
Agüeros creenciasAgüeros creencias
Agüeros creencias
Melissa Lesmes
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIB Solutions
 
Stress managment by fizza shaikh
Stress managment by fizza shaikhStress managment by fizza shaikh
Stress managment by fizza shaikh
Fizza Shaikh
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking Breakout
Docker, Inc.
 
Dockercon State of the Art in Microservices
Dockercon State of the Art in MicroservicesDockercon State of the Art in Microservices
Dockercon State of the Art in Microservices
Adrian Cockcroft
 

Viewers also liked (14)

How Supplements for Energy can help Women
How Supplements for Energy can help WomenHow Supplements for Energy can help Women
How Supplements for Energy can help Women
 
How Caffeine Supplements can be a great way to help athletes
How Caffeine Supplements can be a great way to help athletesHow Caffeine Supplements can be a great way to help athletes
How Caffeine Supplements can be a great way to help athletes
 
Are Caffeine Pills Bad For Your Health?
Are Caffeine Pills Bad For Your Health?Are Caffeine Pills Bad For Your Health?
Are Caffeine Pills Bad For Your Health?
 
henny resume updated
henny resume updatedhenny resume updated
henny resume updated
 
Borang a2
Borang a2Borang a2
Borang a2
 
vijay parmarcv_2014
vijay parmarcv_2014 vijay parmarcv_2014
vijay parmarcv_2014
 
CV - SiaAiza
CV - SiaAizaCV - SiaAiza
CV - SiaAiza
 
REM - CAMEL TTB INITATIVES- 2010 IN-1
REM - CAMEL TTB INITATIVES- 2010 IN-1REM - CAMEL TTB INITATIVES- 2010 IN-1
REM - CAMEL TTB INITATIVES- 2010 IN-1
 
Bebidas frescas
Bebidas frescasBebidas frescas
Bebidas frescas
 
Agüeros creencias
Agüeros creenciasAgüeros creencias
Agüeros creencias
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
 
Stress managment by fizza shaikh
Stress managment by fizza shaikhStress managment by fizza shaikh
Stress managment by fizza shaikh
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking Breakout
 
Dockercon State of the Art in Microservices
Dockercon State of the Art in MicroservicesDockercon State of the Art in Microservices
Dockercon State of the Art in Microservices
 

Similar to Docker SDN (software-defined-networking) JUG

Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
Laurent Bernaille
 
Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay Networks
Laurent Bernaille
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker, Inc.
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking Showcase
Docker, Inc.
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
Docker, Inc.
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Docker, Inc.
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Laurent Bernaille
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
KubeAcademy
 
Docker Setting for Static IP allocation
Docker Setting for Static IP allocationDocker Setting for Static IP allocation
Docker Setting for Static IP allocation
Ji-Woong Choi
 
Chris Swan at Container.Camp: Docker networking
Chris Swan at Container.Camp: Docker networkingChris Swan at Container.Camp: Docker networking
Chris Swan at Container.Camp: Docker networking
Cohesive Networks
 
Chris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks TutorialChris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks Tutorial
Cohesive Networks
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW Mininet
NCTU
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
videos
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
PROIDEA
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
Michelle Holley
 
OVS-NFV Tutorial
OVS-NFV TutorialOVS-NFV Tutorial
OVS-NFV Tutorial
Open Networking Perú (Opennetsoft)
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
Akihiro Suda
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on Docker
Ben Hall
 

Similar to Docker SDN (software-defined-networking) JUG (20)

Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay Networks
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking Showcase
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
 
Docker Setting for Static IP allocation
Docker Setting for Static IP allocationDocker Setting for Static IP allocation
Docker Setting for Static IP allocation
 
Chris Swan at Container.Camp: Docker networking
Chris Swan at Container.Camp: Docker networkingChris Swan at Container.Camp: Docker networking
Chris Swan at Container.Camp: Docker networking
 
Chris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks TutorialChris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks Tutorial
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW Mininet
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 
OVS-NFV Tutorial
OVS-NFV TutorialOVS-NFV Tutorial
OVS-NFV Tutorial
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on Docker
 

Recently uploaded

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

Docker SDN (software-defined-networking) JUG

  • 2. Who is this guy? But seriously - who is this guy? 1 2
  • 3. Hello! I AM PIOTR KIESZCZYNSKI I am here because I love giving presentations. You can find me at @pkieszcz 3
  • 4. Workrafrolic ◦ Linux since Mandrake 6 ◦ Automate all the things (600+ semi automated hosts…) ◦ AWS automation starts with CLI ◦ CI ◦ HPC (grid networks) ◦ Kerberos v5 (major error / minor error) ◦ System Administrator @ Seamless Poland FEW WORDS ABOUT MYSELF Personal stuff ◦ Sailing ◦ TV series ◦ Swimming ◦ Music festivals 4
  • 5. ERS360 / TS / SEQR https://seamless.se/ SEAMLESS POLAND 5
  • 7. Network solutions for Docker Docker networking is: ◦ Still in early stages (not anymore?!) ◦ The default network assigned is a port on Linux bridge docker0 ◦ docker inspect -- format='{{.NetworkSettings}}' 53720b3581be 7
  • 8. Network solutions for Docker What network solutions do we have now? ◦ Docker specific networking (--net=container, - p and socket) ◦ Bridge + DHCP + VLAN ◦ OVS ◦ Flannel ◦ Weave ◦ Project Calico ◦ SocketPlane ◦ More and more incoming… ◦ Docker 1.7 libnetwork 8
  • 9. Docker0 bridge ◦ Default network is automatically created when no additional options “--net“ or “-P” are specified ◦ Each container is addressed by a static IP address assigned by Docker ◦ Similar to what we have as default in KVM or VirtualBox ◦ Host can reach container with IP on the bridge ◦ However outside traffic cannot reach the container 9
  • 10. Docker0 bridge # iptables -L -t nat -n … Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 … # brctl show bridge name bridge id STP enabled interfaces docker0 8000.56847afe9799 no veth05a3408 vethd88b38d 10
  • 11. Port mapping ◦ Providing access to the container from outside by allocating a DNAT port in the range 49153-65535 ◦ Using Linux bridge docker0, but adds iptables rules for the DNAT ◦ docker run -P -itd nginx 11
  • 12. Host and container ◦ Give full access of the host network to container using --net=host ◦ docker run --net=host --name c1 -itd ubuntu ◦ docker exec c1 ifconfig eth0 ◦ Give full access to network of the container XX to a new container YY with -- net=container:XX ◦ docker run --net=container:nginx --name c2 -itd ubuntu ◦ docker exec c2 ifconfig eth0 12
  • 13. How it’s done “manually” sudo mkdir -p /var/run/netns sudo modprobe ip_nat_ftp nf_conntrack_ftp #Create a bridge start_bridge () { # args: BRIDGE_NAME sudo brctl addbr $1 &>/dev/null || return sudo ip link set $1 up echo Created bridge: $1 } 13
  • 14. start_container () { hostname=$1 image=$2 port=$3 container=${hostname%%.*} pid=$(docker inspect -f '{{.State.Pid}}' $container 2>/dev/null) if [ "$?" = "1" ] then if [ -n "$port" ] then netopts="--publish=$port:22" else netopts="--net=none" fi docker run --name=$container --hostname=$hostname --dns=10.1.1.1 --dns-search=example.com "$netopts" -d $image elif [ "$pid" = "0" ] then docker start $container >/dev/null else return fi pid=$(docker inspect -f '{{.State.Pid}}' $container) sudo rm -f /var/run/netns/$container sudo ln -s /proc/$pid/ns/net /var/run/netns/$container echo Container started: $container } How it’s done “manually” #2 14
  • 15. create_interface () { # # Given an interface name "www-eth0", create both an interface with # that name and also a peer that is connected to it. Place the peer # in the container "www" and give it the name "eth0" there. # interface=$1 container=${interface%%-*} short_name=${interface##*-} sudo ip link add $interface type veth peer name P &>/dev/null || return give_interface_to_container P $container $short_name echo Created interface: $interface } give_interface_to_container () { # args: OLD_NAME CONTAINER NEW_NAME sudo ip link set $1 netns $2 sudo ip netns exec $2 ip link set dev $1 name $3 sudo ip netns exec $2 ip link set $3 up } How it’s done “manually” #3 15
  • 16. bridge_add_interface () { bridge=$1 interface=$2 sudo brctl addif $bridge $interface &>/dev/null || return sudo ip link set dev $interface up echo Bridged interface: $interface } How it’s done “manually” #4 16
  • 17. Build it “manually” #!/bin/bash start_container example.com ubuntu create_interface h1-eth1 bridge_add_interface homeA h1-eth1 sudo ip netns exec example ip addr add 10.11.1.1/32 dev eth0 sudo ip netns exec example ip route add 10.1.1.1/32 dev eth0 sudo ip netns exec example ip route add default via 10.1.1.1 17
  • 18. Why it sucks “literally” ◦ BASH is for stuff that just “works” ◦ Doesn’t scale at all ◦ You have to manually change stuff ◦ No error handling ◦ IP “management” ◦ No need for reinventing the wheel ◦ Routing, NATs and VLANs ◦ This stuff won’t work on CoreOS (doh!) ◦ Many other possible reasons 18
  • 19. CoreOS (cloud-init) #brigde - name: 20-br800.netdev runtime: true content: | [NetDev] Name=br800 Kind=bridge #vlan - name: 00-vlan800.netdev runtime: true content: | [NetDev] Name=vlan800 Kind=vlan [VLAN] Id=800 19
  • 20. CoreOS (cloud-init) #2 #subinterface - name: 10-eth1.network runtime: true content: | [Match] Name=eth1 [Network] DHCP=yes VLAN=vlan800 #attach - name: 30-attach.network runtime: true content: | [Match] Name=vlan800 [Network] Bridge=br800 20
  • 21. DHCP + VLAN + Brigde vconfig add eth0 100 brctl add br100 brctl addif br100 eth0.100 ip link add c1-eth1 type veth peer name P dhclient on container (issue with --priviliged) or DOCKER_OPTS=’-e lxc’ then docker run with --lxc.config.* docker run --net="none" --lxc-conf="lxc.network.type = veth" --lxc- conf="lxc.network.ipv4 = 192.168.20.30/24" --lxc-conf="lxc.network.ipv4.gateway = 192.168.20.1" --lxc-conf="lxc.network.link = br800" --lxc-conf="lxc.network.name = eth0" --lxc-conf="lxc.network.flags = up" -d 21
  • 22. DHCP issue? Requires trunk! auto eth0.200 iface eth0.200 inet static address 10.0.1.1 netmask 255.255.255.0 iface eth0.201 inet6 static address 10.0.2.1 netmask 255.255.255.0 iface eth0.202 inet6 static address 10.0.3.1 netmask 255.255.255.0 22
  • 23. DHCP issue? For each subnet... subnet 10.0.1.0 netmask 255.255.255.0 { range 10.0.1.10 10.0.1.20; # you might point some other address # within that subnet that should be advertised as router # it does not have to be your linux box option routers 10.0.1.1; option broadcast-address 10.0.1.255; authoritative; } 23
  • 26. Description Extra daemon Kinda slow Builds GRE tunnel between hosts Manual IP management Weave Run weave launch C=$(weave run 10.2.1.1/24 -t - i ubuntu) weave launch $HOST1 C=$(weave run 10.2.1.2/24 -t - i ubuntu) 26
  • 27. Description Supports policy No VLANs No Subnets You have to specify IP manually Projet Calico Run docker run -e CALICO_IP=XXX -itd ubuntu ./calicoctl node -- ip=172.17.8.101 --name workload-a --tid busybox ./calicoctl profile add PROF_A ./calicoctl profile PROF_A add workload-a 27
  • 29. Description Shipped with CoreOS Randomly attaches subnets (randomly) to each flannel host Overrides --bip for docker daemon so every container will be created just in this subnet No VLAN support No extra parameters with docker run How it’s related to the task? Flannel (CoreOS) Config { "Network": "10.0.0.0/8", "SubnetLen": 24, "SubnetMin": "10.10.0.0", "SubnetMax": "10.99.0.0", "Backend": {"Type" : "udp", "Port": 7890} } 29
  • 30. Description Built by French docker DevOps guy (jpetazzo) Supports some overrides Supports DHCP / VLAN Pipework Run docker run -name web1 -d apache pipework br1 web1 192.168.12.23/20 pipework br1 $CONTAINERID 192.168.4.25/20@192.168.4.1 pipework eth1 $CONTAINERID dhcp pipework ovsbr0 $(docker run -d zerorpcworker) dhcp @10 30
  • 31. Description Consul CoreOS support DHCP OVS VLANs Strange IP management (best solution for the task?) SocketPlane Run socketplane network create web 10.2.0.0/16 socketplane run -n web -itd ubuntu 31
  • 32. RPI fanbois ◦ Hypriot team done a GREAT job ◦ Easy docker for your RaspberryPI ◦ Contest (1000+ httpd on RPIv2) ◦ I’ll show you mine, if you show me yours 32
  • 34. Docker 1.7 libnetwork (near and bright future included) What libnetwork gives us ◦ https://github.com/docker/docker/issues/9983 ◦ Container Network Model ◦ docker net tool (join/create/destroy..) 34
  • 35. Thanks! ANY QUESTIONS? You can find me at @pkieszcz (social media jazz) iFixStuff.io piotr.kieszczynski@gmail.com 35