This document discusses Docker networking features in version 1.12, including load balancing with IPVS and VTEP, embedded DNS, and round robin load balancing of containers. It also covers Docker libnetwork and networking drivers like overlay and host. Encryption of overlay networks with IPSEC is mentioned. Limitations of using swarm-scoped networks with `docker create` and `docker run` are noted. Load balancing at L4 and L7 using IPVS on the VTEP is discussed, as well as integration with other load balancers and Kubernetes L7 proxy.

1. Docker1.12
overs_5121

2. @overs_5121
NTT SIC
docker OSS

3. DockerCon16

4. h:ps://hd35468.wordpress.com/2016/06/27/docker-loadbalancer/

5. VTEP
IPVS
Container Container Container
NAT
Docker

6. Docker 1.12.0 commit ID 8eab29e

8. LB
Container Container Container

9. $ docker network ls
NETWORK ID NAME DRIVER SCOPE
1890dcf6f290 bridge bridge local
4a1038a14ad0 docker_gwbridge bridge local
aabd231a94ce host host local
3nebibe5c0zf ingress overlay swarm
91fe5e69b7a6 none null local

10. libnetwork!
Docker libnetwork
h:ps://github.com/docker/libnetwork

11. Docker
veth macvlan ipvlan
VXLAN

12. ID
• ID : $ docker inspect | grep SandboxID
• ID : $ docker inspect |grep EndpointID
• ID : $ docker network ls
/var/run/docker/netns/
ip netns

13. VTEP
IPVS
Container Container Container
NAT
=
Docker
Ingress

14. VTEP
IPVS
Container Container Container
NAT -A DOCKER-INGRESS -p tcp -m tcp --dport 8080 -j
DNAT --to-descnacon 172.18.0.2:8080
IPVS namespace

15. VTEP
IPVS
Container Container Container
NAT
-> ip-10-255-0-7.ap-northeast-1 Masq 1 0 0
-> ip-10-255-0-8.ap-northeast-1 Masq 1 0 0
-> ip-10-255-0-9.ap-northeast-1 Masq 1 0 0
-> ip-10-255-0-10.ap-northeast- Masq 1 0 1
-> ip-10-255-0-11.ap-northeast- Masq 1 0 0
-> ip-10-255-0-12.ap-northeast- Masq 1 0 0

16. VTEP
IPVS
Container Container Container
NAT
VXLAN

17. Container Container Container
Embedded DNS
127.0.0.11
Embedded
DNS
VTEP
Round Robbin

18. Container Container Container
Embedded DNS
127.0.0.11
Embedded
DNS
VTEP
Round Robbin
swarm mode

19. ILB

20. ILB
vtep fdb

21. • docker 1.12
•
•
$ docker run -itd --net=backend busybox
docker: Error response from daemon: swarm-scoped network (backend) is not
compacble with `docker create` or `docker run`. This network can be only used docker
service.
See 'docker run --help'.

22. OverlayDriver IPSEC

23. Ipsec over VXLAN
$ docker network created -d overlay --opt encrypted <nw_name>
IPSEC
VTEP
IPVS
Container Container Container
NAT

24. • ILB IPVS
• L4 L7 (k8s
L7 )
• LB (ELB )
• IPVS VTEP
• swarm mode
• docker swarm