SlideShare a Scribd company logo

OpenShift v3 Internal networking details

Etsuji Nakai
Etsuji Nakai

OpenShift v3 uses an overlay VXLAN network to connect pods within a project. Traffic between pods on a node uses Linux bridges, while inter-node communication uses the VXLAN overlay network. Services are exposed using a service IP and iptables rules to redirect traffic to backend pods. For external access, services are associated with router pods using a DNS name, and traffic is load balanced to backend pods by HAProxy in the router pod.

1 of 8
Download to read offline
OpenShift v3 Internal networking details Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K. v1.2 2015/03/14
2 Disclaimer  The contents of this document is based on OpenShift Enterprise V3 Beta. Details may change in GA version.  Red Hat accepts no liability for the content of this document, or for the consequences of any actions taken on the basis of the information provided. Any views or opinions presented in this document are solely those of the author and do not necessarily represent those of Red Hat.
3 Inter-pod network OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.x.0/24 VXLAN Tunnel OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.y.0/24 VXLAN Tunnel 10.1.x.1 10.1.0.0/16 VXLAN Tunnel  VXLAN overlay network (subnet 10.1.0.0/16) is used as an interconnect of pods. – Subnet 10.1.x.0/24 is assigned to each node. – Gateway IP (10.1.x.1) is assigned to lbr0. 10.1.y.1
4 Service connection  A service is an aggregation of multiple pods, and it has a unique "service IP".  Traffic to service IP is handled as below: – First, redirected to the local openshift-node agent with local iptables rules. – Then, redirected (load balanced) to backend pods. (openshift-node agent knows the IPs of backend pods, and packets are routed via lbr0 interface.) Chain KUBE-PORTALS-CONTAINER (1 references) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 redir ports 41690 Chain KUBE-PORTALS-HOST (1 references) target prot opt source destination DNAT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 to:192.168.122.91:41690 Prerouting packes Output packes # lsof -i -P | grep 41690 openshift 988 root 16u IPv6 78852 0t0 TCP *:41690 (LISTEN) # ps -fwwp 988 UID PID PPID C STIME TTY TIME CMD root 988 1 0 16:44 ? 00:00:10 /usr/bin/openshift start node --images=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:$ {version} --kubeconfig=/var/lib/openshift/openshift.local.certificates/admin/.kubeconfig --master=https://192.168.122.90:8443 --loglevel=4 iptables rules for the redirection. openshift-node agent listening to the redirected port. # osc get services | grep hello hello-openshift-service <none> name=hello-openshift-label 172.30.17.160 27017 service IP and portservice IP and port
5 External connection  Since service IPs are private ones, they cannot be used for accessing from an external network. (Service IPs are used for inter-serivce communication.) – Packets from an externel network should be routed via a router pod. (HAporxy is running in it.)  A service which needs an external access is associated to a router with a specific hostname. Traffic to this hostname is handled as below: – DNS replies one of the nodes (accomodating a router pod), and packets are sent to that node. "hello-openshift-service": { "Name": "hello-openshift-service", "EndpointTable": { "10.1.0.8:8080": { "ID": "10.1.0.8:8080", "IP": "10.1.0.8", "Port": "8080" } }, "ServiceAliasConfigs": { "hello-openshift.cloudapps.example.com-": { "Host": "hello-openshift.cloudapps.example.com", "Path": "", "TLSTermination": "", "Certificates": null } } }, – Then, packets are DAT'ed to the router pod with local iptalbes. – HAproxy inside the router pod redirects (with load balancing) the packets to backend pods. HAproxy config inside the router pod.
6 In a nutshell...  Pods are directly interconnected via an overlay network. – Linux bridge lbr0 works as a gateway to the overlay network.  Openshift-node agents work as a proxy for service IPs.  Router pods work as a front-end LB for external access. openshift-node agent 10.1.0.0/16 VXLAN Tunnel lbr0 pod pod router pod iptables iptables openshift-node agent lbr0 pod pod router pod iptables iptables DNS round robin round robin least connection Inter-service access External access round robin least connection
7 Reference  Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 – http://www.slideshare.net/enakai/architecture-overview-kubernetes-with-red-hat- enterprise-linux-71  OpenShift V3 Training Overview – https://github.com/openshift/training
Thank you

Recommended

Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with Cloudforms
Michael Lessard
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
LinuxCon ContainerCon CloudOpen China
 
Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker Orchestration at Production Scale
Docker Orchestration at Production Scale
Docker, Inc.
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automate
Ilkka Tengvall
 
OpenShift Origin Internals
OpenShift Origin Internals OpenShift Origin Internals
OpenShift Origin Internals
OpenShift Origin
 
Openshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeOpenshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeMark Atwood
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
Alessandro Arrichiello
 

Recommended

Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with Cloudforms
Michael Lessard
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
LinuxCon ContainerCon CloudOpen China
 
Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker Orchestration at Production Scale
Docker Orchestration at Production Scale
Docker, Inc.
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automate
Ilkka Tengvall
 
OpenShift Origin Internals
OpenShift Origin Internals OpenShift Origin Internals
OpenShift Origin Internals
OpenShift Origin
 
Openshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeOpenshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeMark Atwood
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
Alessandro Arrichiello
 
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Debra Robertson
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Lakmal Warusawithana
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
Liran Cohen
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210
Che-Chia Chang
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
LinuxCon ContainerCon CloudOpen China
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
Sreenivas Makam
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Michelle Antebi
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
LinuxCon ContainerCon CloudOpen China
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
HungWei Chiu
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai Vallirajan
Neependra Khare
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
inwin stack
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
Sreenivas Makam
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
HungWei Chiu
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
Imesh Gunaratne
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
Kublr
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016
Phil Estes
 
OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantumopenstackindia
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
Yongyoon Shin
 

More Related Content

What's hot

Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Debra Robertson
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Lakmal Warusawithana
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
Liran Cohen
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210
Che-Chia Chang
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
LinuxCon ContainerCon CloudOpen China
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
Sreenivas Makam
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Michelle Antebi
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
LinuxCon ContainerCon CloudOpen China
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
HungWei Chiu
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai Vallirajan
Neependra Khare
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
inwin stack
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
Sreenivas Makam
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
HungWei Chiu
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
Imesh Gunaratne
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
Kublr
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016
Phil Estes
 

What's hot (20)

Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai Vallirajan
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016
 

Similar to OpenShift v3 Internal networking details

Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
Yongyoon Shin
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
upaa
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenes
inbroker
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
M.Qasim Arham
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networksOCTO Technology
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
Sungman Jang
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
Netforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebayNetforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebay
Aliasgar Ginwala
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
Adrien Blind
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
yfauser
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
Prasad Mukhedkar
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
Edwin Beekman
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
Ramses Ramirez
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
nshah061
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
Hervé Leclerc
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 

Similar to OpenShift v3 Internal networking details (20)

OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantum
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenes
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networks
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
 
Netforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebayNetforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebay
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
nested-kvm
nested-kvmnested-kvm
nested-kvm
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 

More from Etsuji Nakai

PRML11.2-11.3
PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
Etsuji Nakai
 
「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える
Etsuji Nakai
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Etsuji Nakai
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
Etsuji Nakai
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービス
Etsuji Nakai
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモ
Etsuji Nakai
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOps
Etsuji Nakai
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English Learning
Etsuji Nakai
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
Etsuji Nakai
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門
Etsuji Nakai
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container Engine
Etsuji Nakai
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2
Etsuji Nakai
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application Developers
Etsuji Nakai
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with Jupyter
Etsuji Nakai
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginners
Etsuji Nakai
 
Life with jupyter
Life with jupyterLife with jupyter
Life with jupyter
Etsuji Nakai
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQN
Etsuji Nakai
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきか
Etsuji Nakai
 
PRML7.2
PRML7.2PRML7.2
PRML7.2
Etsuji Nakai
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
Etsuji Nakai
 

More from Etsuji Nakai (20)

PRML11.2-11.3
PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
 
「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービス
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモ
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOps
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English Learning
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container Engine
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application Developers
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with Jupyter
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginners
 
Life with jupyter
Life with jupyterLife with jupyter
Life with jupyter
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQN
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきか
 
PRML7.2
PRML7.2PRML7.2
PRML7.2
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
 

Recently uploaded

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 

Recently uploaded (20)

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 

OpenShift v3 Internal networking details

  • 1. OpenShift v3 Internal networking details Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K. v1.2 2015/03/14
  • 2. 2 Disclaimer  The contents of this document is based on OpenShift Enterprise V3 Beta. Details may change in GA version.  Red Hat accepts no liability for the content of this document, or for the consequences of any actions taken on the basis of the information provided. Any views or opinions presented in this document are solely those of the author and do not necessarily represent those of Red Hat.
  • 3. 3 Inter-pod network OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.x.0/24 VXLAN Tunnel OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.y.0/24 VXLAN Tunnel 10.1.x.1 10.1.0.0/16 VXLAN Tunnel  VXLAN overlay network (subnet 10.1.0.0/16) is used as an interconnect of pods. – Subnet 10.1.x.0/24 is assigned to each node. – Gateway IP (10.1.x.1) is assigned to lbr0. 10.1.y.1
  • 4. 4 Service connection  A service is an aggregation of multiple pods, and it has a unique "service IP".  Traffic to service IP is handled as below: – First, redirected to the local openshift-node agent with local iptables rules. – Then, redirected (load balanced) to backend pods. (openshift-node agent knows the IPs of backend pods, and packets are routed via lbr0 interface.) Chain KUBE-PORTALS-CONTAINER (1 references) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 redir ports 41690 Chain KUBE-PORTALS-HOST (1 references) target prot opt source destination DNAT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 to:192.168.122.91:41690 Prerouting packes Output packes # lsof -i -P | grep 41690 openshift 988 root 16u IPv6 78852 0t0 TCP *:41690 (LISTEN) # ps -fwwp 988 UID PID PPID C STIME TTY TIME CMD root 988 1 0 16:44 ? 00:00:10 /usr/bin/openshift start node --images=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:$ {version} --kubeconfig=/var/lib/openshift/openshift.local.certificates/admin/.kubeconfig --master=https://192.168.122.90:8443 --loglevel=4 iptables rules for the redirection. openshift-node agent listening to the redirected port. # osc get services | grep hello hello-openshift-service <none> name=hello-openshift-label 172.30.17.160 27017 service IP and portservice IP and port
  • 5. 5 External connection  Since service IPs are private ones, they cannot be used for accessing from an external network. (Service IPs are used for inter-serivce communication.) – Packets from an externel network should be routed via a router pod. (HAporxy is running in it.)  A service which needs an external access is associated to a router with a specific hostname. Traffic to this hostname is handled as below: – DNS replies one of the nodes (accomodating a router pod), and packets are sent to that node. "hello-openshift-service": { "Name": "hello-openshift-service", "EndpointTable": { "10.1.0.8:8080": { "ID": "10.1.0.8:8080", "IP": "10.1.0.8", "Port": "8080" } }, "ServiceAliasConfigs": { "hello-openshift.cloudapps.example.com-": { "Host": "hello-openshift.cloudapps.example.com", "Path": "", "TLSTermination": "", "Certificates": null } } }, – Then, packets are DAT'ed to the router pod with local iptalbes. – HAproxy inside the router pod redirects (with load balancing) the packets to backend pods. HAproxy config inside the router pod.
  • 6. 6 In a nutshell...  Pods are directly interconnected via an overlay network. – Linux bridge lbr0 works as a gateway to the overlay network.  Openshift-node agents work as a proxy for service IPs.  Router pods work as a front-end LB for external access. openshift-node agent 10.1.0.0/16 VXLAN Tunnel lbr0 pod pod router pod iptables iptables openshift-node agent lbr0 pod pod router pod iptables iptables DNS round robin round robin least connection Inter-service access External access round robin least connection
  • 7. 7 Reference  Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 – http://www.slideshare.net/enakai/architecture-overview-kubernetes-with-red-hat- enterprise-linux-71  OpenShift V3 Training Overview – https://github.com/openshift/training