Thanks for your patience and for voting in the poll. We have a majority that would prefer Thursday, presently. I am changing the event details to reflect that. See you all on Thursday 12/18 6:30 at Hacker Dojo ! cheers, DJ [update: 2pm 12/15] Folks we've hit a logistical snag and have to pick another date to host our meetup. I have created a doodle poll for all the RSVPed members to vote on. Please take a minute and vote on the date that works best. http://doodle.com/i7r3r4fxkteyfu6h Apologies for the inconvenience ! We will try to make up for it giving away some holiday gifts from one of our sponsors. best, DJ Hi folks, We will be doing deeper dives on Weave/Flannel. We will have an open discussion on how weave differs from using OVS as your networking solution for containers. We will also do a hands on tutorial as well and hopefully this time we plan to make sure that those that want to follow the hands on tutorial will have adequate time to setup their environments via an interactive Google Hangouts session a week in advance to the meetup. This venue can accommodate more people and we will have pizzas (we will try to ensure some folks can go for a second helping :D ). Please try and plan to get there by 6.30pm. Tentative Schedule (to be updated as we get closer): 6.30pm-7.15pm : Talk on Weave 7.15pm - 8.00pm : Talk on Flannel 8.00pm - 8.30pm : Networking/Hands on experiments/Flash talks We would like thank Srini Seetharaman for helping us find us our next venue and for offering to speak on one of the topics as well. Looking forward to seeing you all.

1. Docker Networking Meetup #2 - Mountain View
Docker Networking
Weave and Flannel
Dhananjay DJ Sampath
wifi: HD-Guest
pass: hackerdojo

2. Docker Networking Meetup #2 - Mountain View
Weave
● Weaveworks inc. (previously called Zettio)
● Network plane for Docker continers
● Previously built RabbitMQ
● Recently secured funding lead by Accel Venture
Partners

3. Docker Networking Meetup #2 - Mountain View
What is Weave?
● Weave allows you to connect docker
containers across multiple hosts together
● It gives you a flat network for your container
environment independent of which host they
are located (AWS, GCE etc.)

4. Docker Networking Meetup #2 - Mountain View
How do they do it?
Physical
Host
veth 2
veth 1
weave
router
UID UID UID UID UID
MAC MAC MAC MAC MAC

5. Docker Networking Meetup #2 - Mountain View
Weave Encap
● Router performs batching
● Name, meta-data is used for matching
● Weave peers don’t have to know all mac
addresses (aggregation)
● No ARP explosion
All of this over TCP/IP and
through your firewalls

6. Docker Networking Meetup #2 - Mountain View
Crypto (NaCl libraries)
● Encrypt data connections both TCP and UDP
● NaCl - Go implementation
● Diffie Hellman to exchange keys between hosts
● User provided password is SHA-256ed and added to the ephemeral
session key
● Prevent basic sniffing, MITM attacks

7. Docker Networking Meetup #2 - Mountain View
DNS
● Name based look up is available (recent commit)
● Distributed DNS service (like skydns, consul etc)
● Minimal config, Minimal Sync, Minimal app mods

8. Docker Networking Meetup #2 - Mountain View
Hands on - Basic Weave Topology
HOST 1
$ weave launch
$ C=$(weave run 10.0.1.1/24 -t -i ubuntu)
HOST 2
$ weave launch $HOST1
$ C=$(weave run 10.0.1.2/24 -t -i ubuntu)
Host 1 Host 2
PORT: 6783TCP; UDP

9. Docker Networking Meetup #2 - Mountain View
Attaching weave to existing containers
Host 1 Host 2
PORT: 6783TCP; UDP
$ C=$(docker run -d -t -i ubuntu)
$ weave attach 10.0.1.1/24 $C
$ weave detach 10.0.1.1/24 $C
C1
C2

10. Docker Networking Meetup #2 - Mountain View
Services
Host 1 Host 2
PORT: 6783TCP; UDP
$ weave expose 10.0.1.102/24
Service export
$ iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2211
-j DNAT --to-destination 10.0.1.1:4422
C1
C2

11. Docker Networking Meetup #2 - Mountain View
Password based protection
$ weave launch -password wEaVe
Multi-cloud, Multi-hop, Container mobility, Fault tolerance
and DNS are other features.

12. Docker Networking Meetup #2 - Mountain View
DNS
$ sudo weave launch
$ sudo weave launch-dns 10.1.0.3/16
$ sudo weave run 10.1.1.25/24 -ti -h shell.weave.local debian /bin/bash
$ SHELL2=$(sudo weave run 10.1.1.26/24 -ti -h shell2.weave.local debian
/bin/bash)
$ docker attach $SHELL2
# ping shell

13. Docker Networking Meetup #2 - Mountain View
Github/Code
https://github.com/zettio/weave#readme

14. Docker Networking Meetup #2 - Mountain View
Performance
CORE OS - Flannel
Weave - ?

15. Docker Networking
Tutorial Continued
Srini Seetharaman
srini@lorispack.io
November, 2014

16. Flannel

17. •Lightweight OS based on Gentoo Linux
•Has a distributed key-value store at the core
•Read-only rootfs. Writeable /etc
o All services are in containers
CoreOS

18. •One subnet per machine, like Kubernetes
o Host 1: 10.10.10.0/24
o Host 2: 10.10.11.0/24
•No Docker port-based mapping
•Containers reach each other through IP
Flannel
18

20. 1. Build flannel on each host
2. Set key in etcd for network config
3. Start flannel
Instructions to Run Flannel
20
$ curl -L http://127.0.0.1:4001/v2/keys/coreos.com/network/config
-XPUT -d value='{
"Network": "10.0.0.0/8",
"SubnetLen": 20,
"SubnetMin": "10.10.0.0",
"SubnetMax": "10.99.0.0",
"Backend": {"Type": "udp",
"Port": 7890}}
$ source /run/flannel/subnet.env
$ docker -d --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU}

21. • Three CoreOS hosts
Our Setup
21
192.168.2.116192.168.2.112
flannelflannel
bashnginx
192.168.2.119
flannel
bash

22. •IP address overlap not possible
o VxLAN not used to create container groups
•User-space encapsulation and forwarding
o Potential performance bottleneck
Limitations
22

23. Docker Networking Meetup #2 - Mountain View
Hackathons
● once every 2 months
● help folks get environments setup, discuss projects and start submitting
bug fixes in the projects
● build out your open source portfolio on github
● connect with Bay Area NVirters, Go-Lang, Python groups to build skills and
hack on the new infrastructure stack !
● Motivation: Cool projects, Free food ! Why not !? :D