SlideShare a Scribd company logo

Container Networking Introduction

Cloud 66
Cloud 66

This document introduces container networking and some of the challenges it poses. It discusses how Docker's default bridge networking works but has limitations around port constraints and lack of "real IP networking". Overlay networks are presented as an alternative but have drawbacks around state, isolation between networks, and requiring developers to be networking experts. Project Calico is then introduced as an open source project that aims to enable scalable, simple and secure IP networking for containers through features like equal cost multi-path routing and rich micro-service policy frameworks.

Technology
1 of 15
Download to read offline
@projectcalico Sponsored by CONTAINER NETWORKING AN INTRODUCTION Ed Harrison @eepyaich 2nd February 2016
@projectcalico Host Host Networking – why do I care? Application A service Host Yet another service … and another application … … another application  A service … another application
@projectcalico Doesn’t Docker sort this out for me? Host [10.0.0.1] Application [172.17.0.2] A service [172.17.0.3] … another [172.17.0.4] Docker Bridge  Simple  Works “out of the box”  Easily understood  … but not “real IP networking”  Onerous port assignment constraints on applications  Requires app developers to be aware of constraints IP:10.0.0.1:80IP:10.0.0.1:80IP:10.0.0.1:8080
@projectcalico What about multiple hosts, then? Overlay networks  Connect each container to a virtual Layer 2 segment  Separate “overlay” domain over “underlay” network with GRE, MPLS, VXLAN, or proprietary tunneling protocols  Allows for isolation between networks  But…  Lots of state – 1,000 machines => full mesh of 499,500 tunnels!  Breaking out of virtual network sandboxes requires NAT / router  Requires app developers to be networking experts Host [10.0.0.1] Host [10.0.0.2] 192.168.0.1 192.168.0.2 192.168.0.5 192.168.0.3192.168.0.4 172.17.0.2 172.17.0.3 192.168.0.0/16 172.17.0.0/16 10.0.0.0/24
@projectcalico  Remember these “3 tier applications”? What about security then?
@projectcalico Getting Medieval
@projectcalico Isolating Prod / Dev / Test
@projectcalico The ideal security model Port 3306 Port 80
@projectcalico Metaswitch Networks | Proprietary and confidential | © 2014 | 9
@projectcalico
@projectcalico The Internet Model Router Host Host Host Host RouterRouter IP IP IP IP … … …
@projectcalico Project Calico HostHost Router Workload Workload Workload Workload RouterRouter IP IP IP IP Plugin … … …
@projectcalico An open source project to enable scalable, simple and secure IP networking in a data center / cloud environment What is Calico? SimpleScalable Secure Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Rich micro-service policy framework
@projectcalico Life Before and after Calico Before Calico After Calico Scale challenges above few hundred servers / thousands of workloads Scale to millions of workloads with minimal CPU and network overhead Troubleshooting connectivity issues can take hours What is happening is “obvious” – traceroute, ping, etc., work as expected EXITOn/off ramps + NAT to break out of overlay Path from workload to non-virtual device or public internet (or even between data centers) is just a route High availability / load balancing across links requires LB function (virtual or physical) and/or app-specific logic Equal Cost Multi-Path (ECMP) & Anycast just work, enabling scalable resilience and full utilization of physical links C C N A CCNA or equivalent required to understand end-to-end networking, deploy applications Basic IP networking knowledge only required
@projectcalico Get Involved  Main project website: www.projectcalico.org  Github  github.com/projectcalico  Mailing list, Slack info:  projectcalico.org/contact/  freenode IRC: #calico  Download & try it out  We welcome your feedback and contributions  Follow us @projectcalico

Recommended

Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
Metaswitch Project Calico
Metaswitch Project CalicoMetaswitch Project Calico
Metaswitch Project CalicoAndrew Kennedy
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
An introduction to starter
An introduction to starterAn introduction to starter
An introduction to starterCloud 66
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project CalicoAndrew Kennedy
 

Recommended

Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
Metaswitch Project Calico
Metaswitch Project CalicoMetaswitch Project Calico
Metaswitch Project CalicoAndrew Kennedy
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
An introduction to starter
An introduction to starterAn introduction to starter
An introduction to starterCloud 66
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project CalicoAndrew Kennedy
 
Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introductionHazzim Anaya
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Andrew Randall
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and DockerAndrew Kennedy
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeBen Hall
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetesAnirban Sen Chowdhary
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsLibbySchulze1
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Open-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildOpen-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildPacket
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Sanjeev Rampal
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerSanjeev Rampal
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoAndrew Randall
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsDocker, Inc.
 
Drive into calico architecture
Drive into calico architectureDrive into calico architecture
Drive into calico architectureAnirban Sen Chowdhary
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadJeremy Schulman
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of ThingsAll Things Open
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016Apcera
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
How (and why!) we built Packet
How (and why!) we built Packet How (and why!) we built Packet
How (and why!) we built Packet Bob Sokol
 

More Related Content

What's hot

Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introductionHazzim Anaya
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Andrew Randall
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and DockerAndrew Kennedy
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeBen Hall
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsLibbySchulze1
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Open-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildOpen-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildPacket
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Sanjeev Rampal
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerSanjeev Rampal
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoAndrew Randall
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsDocker, Inc.
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadJeremy Schulman
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of ThingsAll Things Open
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016Apcera
 

What's hot (20)

Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introduction
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and Docker
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetes
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vms
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
 
Open-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildOpen-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam Rothschild
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on Docker
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no video
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
 
Drive into calico architecture
Drive into calico architectureDrive into calico architecture
Drive into calico architecture
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of Things
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016
 

Similar to Container Networking Introduction

Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
How (and why!) we built Packet
How (and why!) we built Packet How (and why!) we built Packet
How (and why!) we built Packet Bob Sokol
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
 
Building The Right Network
Building The Right NetworkBuilding The Right Network
Building The Right NetworkCisco Canada
 
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationDocker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationAdrien Blind
 
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...mCloud
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysAdam Johnson
 
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...DaoliCloud Ltd
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Brad Eckert
 
2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in production2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in productionSandor Szuecs
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCohesive Networks
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
 
'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPS'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPSACA IT-Solutions
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITDocker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITStijn Wijndaele
 
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...Gilles Fedak
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Ryan Koop
 
Integrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementIntegrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementJoel W. King
 

Similar to Container Networking Introduction (20)

Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
 
How (and why!) we built Packet
How (and why!) we built Packet How (and why!) we built Packet
How (and why!) we built Packet
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
 
Building The Right Network
Building The Right NetworkBuilding The Right Network
Building The Right Network
 
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationDocker cloud hybridation & orchestration
Docker cloud hybridation & orchestration
 
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization Overlays
 
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in production2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in production
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centre
 
'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPS'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPS
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITDocker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-IT
 
DevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKDevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDK
 
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014
 
Building a Digital Telco
Building a Digital TelcoBuilding a Digital Telco
Building a Digital Telco
 
Integrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementIntegrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud management
 
ACI Hands-on Lab
ACI Hands-on LabACI Hands-on Lab
ACI Hands-on Lab
 

More from Cloud 66

An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content) An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content) Cloud 66
 
How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?Cloud 66
 
Cloud66 workshop handouts
Cloud66 workshop handoutsCloud66 workshop handouts
Cloud66 workshop handoutsCloud 66
 
Workshop presentation
Workshop presentationWorkshop presentation
Workshop presentationCloud 66
 
Docker at Digital Ocean
Docker at Digital OceanDocker at Digital Ocean
Docker at Digital OceanCloud 66
 
An introduction to habitus
An introduction to habitusAn introduction to habitus
An introduction to habitusCloud 66
 

More from Cloud 66 (6)

An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content) An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content)
 
How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?
 
Cloud66 workshop handouts
Cloud66 workshop handoutsCloud66 workshop handouts
Cloud66 workshop handouts
 
Workshop presentation
Workshop presentationWorkshop presentation
Workshop presentation
 
Docker at Digital Ocean
Docker at Digital OceanDocker at Digital Ocean
Docker at Digital Ocean
 
An introduction to habitus
An introduction to habitusAn introduction to habitus
An introduction to habitus
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Container Networking Introduction

  • 1. @projectcalico Sponsored by CONTAINER NETWORKING AN INTRODUCTION Ed Harrison @eepyaich 2nd February 2016
  • 2. @projectcalico Host Host Networking – why do I care? Application A service Host Yet another service … and another application … … another application  A service … another application
  • 3. @projectcalico Doesn’t Docker sort this out for me? Host [10.0.0.1] Application [172.17.0.2] A service [172.17.0.3] … another [172.17.0.4] Docker Bridge  Simple  Works “out of the box”  Easily understood  … but not “real IP networking”  Onerous port assignment constraints on applications  Requires app developers to be aware of constraints IP:10.0.0.1:80IP:10.0.0.1:80IP:10.0.0.1:8080
  • 4. @projectcalico What about multiple hosts, then? Overlay networks  Connect each container to a virtual Layer 2 segment  Separate “overlay” domain over “underlay” network with GRE, MPLS, VXLAN, or proprietary tunneling protocols  Allows for isolation between networks  But…  Lots of state – 1,000 machines => full mesh of 499,500 tunnels!  Breaking out of virtual network sandboxes requires NAT / router  Requires app developers to be networking experts Host [10.0.0.1] Host [10.0.0.2] 192.168.0.1 192.168.0.2 192.168.0.5 192.168.0.3192.168.0.4 172.17.0.2 172.17.0.3 192.168.0.0/16 172.17.0.0/16 10.0.0.0/24
  • 5. @projectcalico  Remember these “3 tier applications”? What about security then?
  • 8. @projectcalico The ideal security model Port 3306 Port 80
  • 9. @projectcalico Metaswitch Networks | Proprietary and confidential | © 2014 | 9
  • 11. @projectcalico The Internet Model Router Host Host Host Host RouterRouter IP IP IP IP … … …
  • 12. @projectcalico Project Calico HostHost Router Workload Workload Workload Workload RouterRouter IP IP IP IP Plugin … … …
  • 13. @projectcalico An open source project to enable scalable, simple and secure IP networking in a data center / cloud environment What is Calico? SimpleScalable Secure Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Rich micro-service policy framework
  • 14. @projectcalico Life Before and after Calico Before Calico After Calico Scale challenges above few hundred servers / thousands of workloads Scale to millions of workloads with minimal CPU and network overhead Troubleshooting connectivity issues can take hours What is happening is “obvious” – traceroute, ping, etc., work as expected EXITOn/off ramps + NAT to break out of overlay Path from workload to non-virtual device or public internet (or even between data centers) is just a route High availability / load balancing across links requires LB function (virtual or physical) and/or app-specific logic Equal Cost Multi-Path (ECMP) & Anycast just work, enabling scalable resilience and full utilization of physical links C C N A CCNA or equivalent required to understand end-to-end networking, deploy applications Basic IP networking knowledge only required
  • 15. @projectcalico Get Involved  Main project website: www.projectcalico.org  Github  github.com/projectcalico  Mailing list, Slack info:  projectcalico.org/contact/  freenode IRC: #calico  Download & try it out  We welcome your feedback and contributions  Follow us @projectcalico