Piotr Kieszczynski gave a presentation on network solutions for Docker. Some key points:
- Docker's default network assigns each container a static IP on the Linux bridge docker0, but outside traffic cannot reach containers.
- Solutions like port mapping, host networking, and connecting containers allow external access but require IP management.
- Projects like Weave, Calico, Flannel, SocketPlane, and Pipework automate networking between containers and hosts using overlays like GRE tunnels or OVS.
- Docker 1.7 includes a new libnetwork for container networking with a common network model and tools to manage networks.
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental Vlan network drivers introduced in 1.11.
Tutorial on using CoreOS Flannel for Docker networkingLorisPack Project
Flannel is an overlay based networking technique for networking Docker containers on CoreOS platforms. This tutorial explains the theory, setup instructions and limtations of the mechanism.
Building a network emulator with Docker and Open vSwitchGoran Cetusic
A short description of container namespaces, Linux virtual Ethernet interfaces and how to use them in Docker and Open vSwitch to create a self-contained network with hundreds of nodes on a single host machine.
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental Vlan network drivers introduced in 1.11.
Tutorial on using CoreOS Flannel for Docker networkingLorisPack Project
Flannel is an overlay based networking technique for networking Docker containers on CoreOS platforms. This tutorial explains the theory, setup instructions and limtations of the mechanism.
Building a network emulator with Docker and Open vSwitchGoran Cetusic
A short description of container namespaces, Linux virtual Ethernet interfaces and how to use them in Docker and Open vSwitch to create a self-contained network with hundreds of nodes on a single host machine.
Introduction to Docker Networking options. We give in-depth description of the different options with single host examples. See our other presentations for multi-host, IPv6, and CoreOS Flannel descriptions.
Docker Network Overview and legacy "--link"Avash Mulmi
Some basic introduction to Docker network and using Docker network to link containers instead of legacy "--link" option commonly used in Docker.
Suitable for anyone trying to learn basic of Docker networking. :)
This is a followup to our Docker networking tutorial. This slidedeck describes the options for deploying Docker container in a multi-host cluster environment. We introduce the LorisPack toolkit for connecting and isolating pods of containers deployed across multiple hosts.
Docker 1.9 introduced a new networking architecture that uses VXLAN overlays to connect distinct Docker hosts. I will go over the new architecture, its advantages, and use-cases, and demo how it can enable scaling applications with Compose and Swarm.
Docker Online Meetup #29: Docker Networking is Now GA Docker, Inc.
At DockerCon in June, we first announced experimental support for Docker Networking. As of the 1.9 release of Docker, we are excited to announce that Docker Networking is generally available to define how your Dockerized apps connect together.
Docker Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They can seamlessly communicate with each other wherever they are - thus enabling true distributed applications.
And Networking is pluggable, so you can use any third-party networking driver to power your networks without having to make any changes to your application.
Read more: http://blog.docker.com/2015/11/docker-multi-host-networking-ga/
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
This presentation reminds Docker networking, exposes Software Defined Network basic paradigms, and then proposes a mixed-up implementation taking benefits of a coupled use of these two technologies. Implementation model proposed could be a good starting point to create multi-tenant PaaS platforms.
As a bonus, OpenStack Neutron internal design is presented.
You can also have a look on our previous presentation related to enterprise patterns for Docker:
http://fr.slideshare.net/ArnaudMAZIN/docker-meetup-paris-enterprise-docker
How Caffeine Supplements can be a great way to help athletesSprayable Inc
Caffeine supplements have numerous benefits for athletes. Many athletes and trainers believe caffeine can enhance an athlete’s physical and mental performance.
Introduction to Docker Networking options. We give in-depth description of the different options with single host examples. See our other presentations for multi-host, IPv6, and CoreOS Flannel descriptions.
Docker Network Overview and legacy "--link"Avash Mulmi
Some basic introduction to Docker network and using Docker network to link containers instead of legacy "--link" option commonly used in Docker.
Suitable for anyone trying to learn basic of Docker networking. :)
This is a followup to our Docker networking tutorial. This slidedeck describes the options for deploying Docker container in a multi-host cluster environment. We introduce the LorisPack toolkit for connecting and isolating pods of containers deployed across multiple hosts.
Docker 1.9 introduced a new networking architecture that uses VXLAN overlays to connect distinct Docker hosts. I will go over the new architecture, its advantages, and use-cases, and demo how it can enable scaling applications with Compose and Swarm.
Docker Online Meetup #29: Docker Networking is Now GA Docker, Inc.
At DockerCon in June, we first announced experimental support for Docker Networking. As of the 1.9 release of Docker, we are excited to announce that Docker Networking is generally available to define how your Dockerized apps connect together.
Docker Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They can seamlessly communicate with each other wherever they are - thus enabling true distributed applications.
And Networking is pluggable, so you can use any third-party networking driver to power your networks without having to make any changes to your application.
Read more: http://blog.docker.com/2015/11/docker-multi-host-networking-ga/
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
This presentation reminds Docker networking, exposes Software Defined Network basic paradigms, and then proposes a mixed-up implementation taking benefits of a coupled use of these two technologies. Implementation model proposed could be a good starting point to create multi-tenant PaaS platforms.
As a bonus, OpenStack Neutron internal design is presented.
You can also have a look on our previous presentation related to enterprise patterns for Docker:
http://fr.slideshare.net/ArnaudMAZIN/docker-meetup-paris-enterprise-docker
How Caffeine Supplements can be a great way to help athletesSprayable Inc
Caffeine supplements have numerous benefits for athletes. Many athletes and trainers believe caffeine can enhance an athlete’s physical and mental performance.
Are Caffeine Pills Bad For Your Health?Sprayable Inc
Caffeine has become trendy, but are caffeine pills bad for our health? How much caffeine can we consume and how much should we be putting into our system?
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIB Solutions
Today's data center managers are burdened by a lack of aligned information of multiple layers. Work-flow events like 'job starts' aligned with performance metrics and events extracted from log facilities are low-hanging fruit that is on the edge to become use-able due to open-source software like Graphite, StatsD, logstash and alike.
This talk aims to show off the benefits of merging multiple layers of information within an InfiniBand cluster by using use-cases for level 1/2/3 personnel.
Keynote at Dockercon Europe Amsterdam Dec 4th, 2014.
Speeding up development with Docker.
Summary of some interesting web scale microservice architectures.
Please send me updates and corrections to the architecture summaries @adrianco
Thanks Adrian
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker, Inc.
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental VLAN network drivers introduced in 1.11.
Docker 1.11 Meetup: Networking ShowcaseDocker, Inc.
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental Vlan network drivers introduced in 1.11.
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
Docker Networking presentation at ONS2016.
Docker Macvlan and Ipvlan Networking Drivers Experimental Readme:
github.com/docker/docker/blob/master/experimental/vlan-networks.md
Kernel requirements for Ipvlan mode is v4.2+, Macvlan mode is v3.19.
If using Virtualbox to test with, use NAT mode interfaces unless you have multiple MAC addresses working in your setup. Use the 172.x.x.x subnet and gateway used by the VBox NAT network. Vmware Fusion works out of the box.
Here is a screenshot of a VirtualBox NAT interface:
https://www.dropbox.com/s/w1rf61n18y7q4f1/Screenshot%202016-03-20%2001.55.13.png?dl=0
Deeper Dive in Docker Overlay NetworksDocker, Inc.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay.
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
Container Network Interface: Network Plugins for Kubernetes and beyondKubeAcademy
With the rise of modern containers comes new problems to solve – especially in networking. Numerous container SDN solutions have recently entered the market, each best suited for a particular environment. Combined with multiple container runtimes and orchestrators available today, there exists a need for a common layer to allow interoperability between them and the network solutions.
As different environments demand different networking solutions, multiple vendors and viewpoints look to a specification to help guide interoperability. Container Network Interface (CNI) is a specification started by CoreOS with the input from the wider open source community aimed to make network plugins interoperable between container execution engines. It aims to be as common and vendor-neutral as possible to support a wide variety of networking options — from MACVLAN to modern SDNs such as Weave and flannel.
CNI is growing in popularity. It got its start as a network plugin layer for rkt, a container runtime from CoreOS. Today rkt ships with multiple CNI plugins allowing users to take advantage of virtual switching, MACVLAN and IPVLAN as well as multiple IP management strategies, including DHCP. CNI is getting even wider adoption with Kubernetes adding support for it. Kubernetes accelerates development cycles while simplifying operations, and with support for CNI is taking the next step toward a common ground for networking. For continued success toward interoperability, Kubernetes users can come to this session to learn the CNI basics.
This talk will cover the CNI interface, including an example of how to build a simple plugin. It will also show Kubernetes users how CNI can be used to solve their networking challenges and how they can get involved.
KubeCon schedule link: http://sched.co/4VAo
Chris Swan's presentation on Docker Networking from Container.Camp in London 12 September 2014
A look at how stock Docker does networking, and how containers can be connected together. Introduction to libchan and pipework projects, and a look at container internetworking using Open vSwitch and kernel VXLAN. Docker can also be used as a place to run layer 4-7 network application services like SSL termination, proxying, load balancing, content caching and intrusion detection.
Chris Swan ONUG Academy - Container Networks TutorialCohesive Networks
Slides from Chris Swan's ONUG Academy "Hands-On Container Networks" on May 12, 2015
This hands on session will begin by looking at how Docker modifies a Linux host to enable containers to be connected to a network. It will then go through how applications running in containers can be connected together, and the different options for interconnectivity on a host and between hosts. Finally we will take a look at running network application services inside of containers.
Syllabus
Learn what Docker does to your Linux host on installation.
Connect applications running across multiple containers using configuration metadata and compositing tools.
Understand the different Docker networking modes (host, container, none).
Using Pipework to customise network configuration.
Connecting containers across VMs using Open vSwitch.
Using containers for application network services sush as proxies, load balancers and for TLS termination
Learning Objective 1: Understand how containers relate to the host network, and the consequences that has for services running within containers
Learning Objective 2: Understand the different ways that containers can be networked and internetworked.
Learning Objective 3: Use containers to run network application services.
About the topic:
Containers aren’t a new thing, but the Docker project has made them a hot topic as organisations look at new ways to build, ship and run their applications. This brings new challenges for the network as containers are likely to be ten times as numerous as virtual machines. At the same time there is regulatory pressure to move away from the flat LAN model and deliver greater separation and segregation. This presentation will look at how these two forces are coming together, firstly by examining how containers are networked and some of the new approaches and challenges that come with that. This will be followed by a look at how overlay networks are being deployed to achieve ‘microsegmentation’, and ultimately drive a shift towards application centric networking. Of course these forces will collide, bringing us to contained networks of containers.
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
This session covers a bunch of tips and tricks for getting the most out of Docker. The tips were inspired by suggestions, blogs, and presentations and everyday challenges encountered by other Docker Captains but also the members of the Docker community. Come and see the unobvious and unexpected in terms of orchestration, image creation and management, also networking and volumes!
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
Rootless mode is a technique to harden containers by running the container engine as a non-root user. The support for rootless mode has been merged into Docker since v19.03 (2019) and in Kubernetes since v1.22 (2021). However, setting up Rootless Kubernetes has been more challenging than setting up Rootless Docker due to its complexity. This session presents Usernetes Generation 2, a Kubernetes distribution that wraps Kubernetes in Rootless Docker for ease of setting up multi-node Rootless Kubernetes clusters. Unlike the original Usernetes (Generation 1) that was based on "Kubernetes The Hard Way", Usernetes Generation 2 supports kubeadm. Usernetes Generation 2 is similar to `kind` and `minikube`, however, unlike them Usernetes Generation 2 supports forming real multi-node clusters using Flannel (VXLAN) and it can be potentially used for production clusters. https://github.com/rootless-containers/usernetes
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
2. Who is this guy?
But seriously - who is this guy?
1
2
3. Hello!
I AM PIOTR KIESZCZYNSKI
I am here because I love giving presentations.
You can find me at @pkieszcz
3
4. Workrafrolic
◦ Linux since Mandrake 6
◦ Automate all the things
(600+ semi automated
hosts…)
◦ AWS automation starts
with CLI
◦ CI
◦ HPC (grid networks)
◦ Kerberos v5 (major error /
minor error)
◦ System Administrator @
Seamless Poland
FEW WORDS ABOUT MYSELF
Personal stuff
◦ Sailing
◦ TV series
◦ Swimming
◦ Music festivals
4
7. Network solutions for Docker
Docker networking is:
◦ Still in early stages (not anymore?!)
◦ The default network assigned is a
port on Linux bridge docker0
◦ docker inspect --
format='{{.NetworkSettings}}'
53720b3581be
7
8. Network solutions for Docker
What network solutions do we have now?
◦ Docker specific networking (--net=container, -
p and socket)
◦ Bridge + DHCP + VLAN
◦ OVS
◦ Flannel
◦ Weave
◦ Project Calico
◦ SocketPlane
◦ More and more incoming…
◦ Docker 1.7 libnetwork
8
9. Docker0 bridge
◦ Default network is automatically created when
no additional options “--net“ or “-P” are
specified
◦ Each container is addressed by a static IP
address assigned by Docker
◦ Similar to what we have as default in KVM or
VirtualBox
◦ Host can reach container with IP on the
bridge
◦ However outside traffic cannot reach the
container
9
10. Docker0 bridge
# iptables -L -t nat -n
…
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
…
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no veth05a3408
vethd88b38d
10
11. Port mapping
◦ Providing access to the container from
outside by allocating a DNAT port in the
range 49153-65535
◦ Using Linux bridge docker0, but adds iptables
rules for the DNAT
◦ docker run -P -itd nginx
11
12. Host and container
◦ Give full access of the host network to
container using --net=host
◦ docker run --net=host --name c1 -itd ubuntu
◦ docker exec c1 ifconfig eth0
◦ Give full access to network of the container
XX to a new container YY with --
net=container:XX
◦ docker run --net=container:nginx --name c2 -itd ubuntu
◦ docker exec c2 ifconfig eth0
12
13. How it’s done “manually”
sudo mkdir -p /var/run/netns
sudo modprobe ip_nat_ftp nf_conntrack_ftp
#Create a bridge
start_bridge () { # args: BRIDGE_NAME
sudo brctl addbr $1 &>/dev/null || return
sudo ip link set $1 up
echo Created bridge: $1
}
13
14. start_container () {
hostname=$1
image=$2
port=$3
container=${hostname%%.*}
pid=$(docker inspect -f '{{.State.Pid}}' $container 2>/dev/null)
if [ "$?" = "1" ]
then
if [ -n "$port" ]
then netopts="--publish=$port:22"
else netopts="--net=none"
fi
docker run --name=$container --hostname=$hostname
--dns=10.1.1.1 --dns-search=example.com "$netopts"
-d $image
elif [ "$pid" = "0" ]
then
docker start $container >/dev/null
else
return
fi
pid=$(docker inspect -f '{{.State.Pid}}' $container)
sudo rm -f /var/run/netns/$container
sudo ln -s /proc/$pid/ns/net /var/run/netns/$container
echo Container started: $container
}
How it’s done “manually” #2
14
15. create_interface () {
#
# Given an interface name "www-eth0", create both an interface with
# that name and also a peer that is connected to it. Place the peer
# in the container "www" and give it the name "eth0" there.
#
interface=$1
container=${interface%%-*}
short_name=${interface##*-}
sudo ip link add $interface type veth peer name P &>/dev/null || return
give_interface_to_container P $container $short_name
echo Created interface: $interface
}
give_interface_to_container () { # args: OLD_NAME CONTAINER NEW_NAME
sudo ip link set $1 netns $2
sudo ip netns exec $2 ip link set dev $1 name $3
sudo ip netns exec $2 ip link set $3 up
}
How it’s done “manually” #3
15
17. Build it “manually”
#!/bin/bash
start_container example.com ubuntu
create_interface h1-eth1
bridge_add_interface homeA h1-eth1
sudo ip netns exec example ip addr add
10.11.1.1/32 dev eth0
sudo ip netns exec example ip route add
10.1.1.1/32 dev eth0
sudo ip netns exec example ip route add default
via 10.1.1.1
17
18. Why it sucks “literally”
◦ BASH is for stuff that just “works”
◦ Doesn’t scale at all
◦ You have to manually change stuff
◦ No error handling
◦ IP “management”
◦ No need for reinventing the wheel
◦ Routing, NATs and VLANs
◦ This stuff won’t work on CoreOS (doh!)
◦ Many other possible reasons
18
23. DHCP issue?
For each subnet...
subnet 10.0.1.0 netmask 255.255.255.0 {
range 10.0.1.10 10.0.1.20;
# you might point some other address
# within that subnet that should be advertised as router
# it does not have to be your linux box
option routers 10.0.1.1;
option broadcast-address 10.0.1.255;
authoritative;
}
23
26. Description
Extra daemon
Kinda slow
Builds GRE tunnel between
hosts
Manual IP management
Weave
Run
weave launch
C=$(weave run 10.2.1.1/24 -t -
i ubuntu)
weave launch $HOST1
C=$(weave run 10.2.1.2/24 -t -
i ubuntu)
26
27. Description
Supports policy
No VLANs
No Subnets
You have to specify IP
manually
Projet Calico
Run
docker run -e
CALICO_IP=XXX -itd ubuntu
./calicoctl node --
ip=172.17.8.101 --name
workload-a --tid busybox
./calicoctl profile add PROF_A
./calicoctl profile PROF_A add
workload-a
27
29. Description
Shipped with CoreOS
Randomly attaches subnets
(randomly) to each flannel
host
Overrides --bip for docker
daemon so every container
will be created just in this
subnet
No VLAN support
No extra parameters with
docker run
How it’s related to the task?
Flannel (CoreOS)
Config
{
"Network": "10.0.0.0/8",
"SubnetLen": 24,
"SubnetMin": "10.10.0.0",
"SubnetMax": "10.99.0.0",
"Backend": {"Type" : "udp",
"Port": 7890}
}
29
30. Description
Built by French docker
DevOps guy (jpetazzo)
Supports some overrides
Supports DHCP / VLAN
Pipework
Run
docker run -name web1 -d
apache
pipework br1 web1
192.168.12.23/20
pipework br1 $CONTAINERID
192.168.4.25/20@192.168.4.1
pipework eth1
$CONTAINERID dhcp
pipework ovsbr0 $(docker run
-d zerorpcworker) dhcp @10
30
32. RPI fanbois
◦ Hypriot team done a GREAT job
◦ Easy docker for your RaspberryPI
◦ Contest (1000+ httpd on RPIv2)
◦ I’ll show you mine, if you show me yours
32
34. Docker 1.7 libnetwork (near and bright future included)
What libnetwork gives us
◦ https://github.com/docker/docker/issues/9983
◦ Container Network Model
◦ docker net tool (join/create/destroy..)
34