SlideShare a Scribd company logo

Writing the Container Network Interface(CNI) plugin in golang

HungWei Chiu
HungWei Chiu

An introduction to Container Network Interface (CNI), including what problems it want solve and how it works. Also contains a example about how to write a simple CNI plugin with golang

Technology
1 of 53
Download to read offline
Introduction to CNI (Container Network Interface) Hwchiu (Hung-Wei Chiu) Linkernetworks.com
Who Am I • Hung-Wei Chiu ( ) • hwchiu@linkernetworks.com • Blog: hwchiu.com • Experience • Software Engineer at Linker Networks • Co-Founder of SDNDS-TW (Software Defined Network) • Co-Found of CUTNG(Cloud Native Taiwan User Group) • Open Source Experience • SDN Related Projects (ONOS/Mininet/Floodlight) • OVS-CNI
Outline • Introduction to CNI • How to write a CNI in golang
Before Taking About The CNI
Do You Heard Before? • Linux network namespace • Kernel function • Docker • Docker Network • Bridge/Host..etc • Kubernetes • Flannel/Calico/Weave..etc
So, What Is Docker? How It Works ?
A Simple HTTP Server • docker run --name my-nginx -p 8080:80 nginx • Use the localhost:8080 to communicate with nginx. • How it works ?
Step By Step 1. Create a Linux Bridge Linux Host br0
Step By Step 1. Create a Linux Bridge 2. Create a Container Linux Host br0 Container (Nginx)
Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair Linux Host br0 Container (Nginx) veth234 veth123
Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair 4. Attach veth pari to container and bridge (also rename) Linux Host br0 Container (Nginx) veth234 eth0
Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair 4. Attach veth pari to container and bridge (also rename) 5. Assign an IP address to container Linux Host br0 Container (Nginx) veth234 eth0172.16.2.5/24
Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair 4. Attach veth pari to container and bridge (also rename) 5. Assign an IP address to container 6. Setup a iptablses rule for 8080:80 Linux Host br0 Container (Nginx) veth234 eth0172.16.2.5/24
In The Previous Example • The networking part is handled by the linux network namepsace (ns) • veth is used to connect two different ns
Do We Have Any Other Options ? • Docker run –network=… • Bridge (bydefault) • Host • ContainerID • Docker networks (CNM) • Create your network.
How About Other Container System ? • LXC • rkt • Mesos • Kubernetes • …etc
We Need To Make It Simple • Develop once, run everywhere • That’s CNI (Container Network Interface) • https://github.com/containernetworking/cni • Developed by go language
What Is CNI • A CNCF (Cloud Native Computing Foundation) project • For Linux Containers • Consists of a specification and libraries for writing plugins. • Only care about networking connectivity of containers • Create/Remove
Who Use CNI • rkt - container engine • Kubernetes - a system to simplify container operations • OpenShift - Kubernetes with additional enterprise features • Cloud Foundry - a platform for cloud applications • Apache Mesos - a distributed systems kernel • Amazon ECS - a highly scalable, high performance container management service
Network Connectivity • Use the previous docker example, The CNI will do • Create the Linux Bridge • Create the veth and attach to the container (ns) • Find a IP address and assign the IP to the Linux Bridge • Other staffs (You can do anything you want)
Others CNI • SR-IOV (Physical NIC to container) • OVS (Use OpenvSwitch rather than Linux Bridge) • Flannel (Support tunnel via UDP/VXLAN) • MacVlan/IPVlan • PTP • Vlan • …etc
So, How To Develop a CNI Plugin?
Let’s See A Example
First • Assume we have already implemented a CNI called simple-cni • Assume we have create a network namespace (ns) vir the following command • ip netns add ns1 • We have a json config contains the information we need. • { ”name”: “simple-cni” }
Second • Execute the following command • sudo CNI_COMMAND=ADD CNI_CONTAINERID=ns1 CNI_NETNS=/var/run/netns/ns1 CNI_IFNAME=eth10 CNI_PATH=`pwd` ./simple-cni < config
Explain • COMMAND • ADD/DELETE/VERSION • CONTAINERID • Just a ID… • NETNS • The location of ns • IFNAME • NIC name in the container • PATH • Where to find the binary • Stdin • Just a json config
What The Simple-CNI do • Load the information from the config (bridge name, IP address) • Create a Linux Bridge • Create a veth and attach to $NETNS • Rename the NIC to $IFNAME • Set the IP address to the NIC (We call it IPAM )
It’s Go Time https://github.com/hwchiu/CNI_Tutorial_2018
Skeleton • We should implement two function (Add/Delete) for CNI_COMMAND • We will get those data via skel.CmdArgs
First • We should add a special function init
First(Cont’d) • Decode the StdinData to out structure. • You can define any data you want. • In my example. I get the bridge name and IP address from the config.
First • Decode the StdinData to out structure.
Create a Linux Bridge • We have to ways to create a linux bridge • Call the linux command (brctl addbr ….) • Use the netlink to create a linux bridge • We use this method our example.
Create a Linux Bridge • Prepare a bridge object netlink.Bridge{} • Create a bridge via netlink.LinkAdd • brctl add br • Up the Linux bridge via netlink.LinkSetUp • ifconfig xxx up
Second • Create a veth pair via netlink.Veth • Setup the veth via netlink.LinkSetUp • Move one side of veth to another ns via netlink.LinkSetNsFd • Setup the NICs of the veth via netlink.LinkSetUp
Second(cont’d) • We can create a veth on the host ns and move one side into container ns. • Or, we can create a veth on the container ns and move one side into host ns. • Choose any approach you like.
Second • The better way is to use the function provide by containernetworking/plugins/pkg/ip package.
The simple way. • Get the NS Object from the ns.GetNs • Call the SetupVeth on the continaer ns.
Third. • We need to attach the one side of the veth into the Linux bridge • First, get the Link Object via netlink.LinkByName • Second, attach the link to bridge via netlink.LinkSetMaster
Now • We have created the Linux bridge • We have create a veth and connect the host ns and container ns. • We also attach the veth to the Linux Bridge Linux Host br0 Network Namespace veth234 eth0
Next • We need to handle the IPAM (IP address management) • In this example, we get the IP address from the config. • We can set the ip address via netlink.AddrAdd
Let’s Demo Now.
Other Things About CNI • Build-in IPAM • Host • DHCP • DIY
Complicated Config Examples
By The Way
Q&A

Recommended

Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)
HungWei Chiu
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18
CodeOps Technologies LLP
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
Sparkbit
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its components
Ramit Surana
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Eric Gustafson
 

Recommended

Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)
HungWei Chiu
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18
CodeOps Technologies LLP
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
Sparkbit
 
A brief study on Kubernetes and its components
A brief study on Kubernetes and its componentsA brief study on Kubernetes and its components
A brief study on Kubernetes and its components
Ramit Surana
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Eric Gustafson
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
HungWei Chiu
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Intro to Helm for Kubernetes
Intro to Helm for KubernetesIntro to Helm for Kubernetes
Intro to Helm for Kubernetes
Carlos E. Salazar
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Hero
fazalraja
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
Megan O'Keefe
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
rajdeep
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
Edureka!
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introduction
rajdeep
 
Monitoring kubernetes with prometheus
Monitoring kubernetes with prometheusMonitoring kubernetes with prometheus
Monitoring kubernetes with prometheus
Brice Fernandes
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
Christian Posta
 
Red Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized StorageRed Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized Storage
Greg Hoelzer
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in Kubernetes
The {code} Team
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
inwin stack
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
Liang Bo
 

More Related Content

What's hot

Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
HungWei Chiu
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Intro to Helm for Kubernetes
Intro to Helm for KubernetesIntro to Helm for Kubernetes
Intro to Helm for Kubernetes
Carlos E. Salazar
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Hero
fazalraja
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
Megan O'Keefe
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
rajdeep
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
Edureka!
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introduction
rajdeep
 
Monitoring kubernetes with prometheus
Monitoring kubernetes with prometheusMonitoring kubernetes with prometheus
Monitoring kubernetes with prometheus
Brice Fernandes
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
Christian Posta
 
Red Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized StorageRed Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized Storage
Greg Hoelzer
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in Kubernetes
The {code} Team
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 

What's hot (20)

Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Intro to Helm for Kubernetes
Intro to Helm for KubernetesIntro to Helm for Kubernetes
Intro to Helm for Kubernetes
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Docker: From Zero to Hero
Docker: From Zero to HeroDocker: From Zero to Hero
Docker: From Zero to Hero
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
 
Docker Swarm Introduction
Docker Swarm IntroductionDocker Swarm Introduction
Docker Swarm Introduction
 
Monitoring kubernetes with prometheus
Monitoring kubernetes with prometheusMonitoring kubernetes with prometheus
Monitoring kubernetes with prometheus
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
Red Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized StorageRed Hat OpenShift on Bare Metal and Containerized Storage
Red Hat OpenShift on Bare Metal and Containerized Storage
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in Kubernetes
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 

Similar to Writing the Container Network Interface(CNI) plugin in golang

Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
inwin stack
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
Liang Bo
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking Breakout
Docker, Inc.
 
Docker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker NetworkingDocker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker Networking
Docker, Inc.
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking Breakout
Docker, Inc.
 
Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022
ssuser1490e8
 
Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slides
Docker, Inc.
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
Weaveworks
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
Balasundaram Natarajan
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
Che-Chia Chang
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
Guillaume Morini
 
Project Moby
Project MobyProject Moby
Project Moby
Neependra Khare
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to Kubernetes
Shreyas MM
 
Magnum Networking Update
Magnum Networking UpdateMagnum Networking Update
Magnum Networking Update
Daneyon Hansen
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
inwin stack
 
Kubernetes
KubernetesKubernetes
Kubernetes
Linjith Kunnon
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo
Nuxeo
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
Sreenivas Makam
 

Similar to Writing the Container Network Interface(CNI) plugin in golang (20)

Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking Breakout
 
Docker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker NetworkingDocker Online Meetup #22: Docker Networking
Docker Online Meetup #22: Docker Networking
 
DockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking BreakoutDockerCon SF 2015: Networking Breakout
DockerCon SF 2015: Networking Breakout
 
Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022
 
Docker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slidesDocker Networking : 0 to 60mph slides
Docker Networking : 0 to 60mph slides
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
 
Project Moby
Project MobyProject Moby
Project Moby
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to Kubernetes
 
Magnum Networking Update
Magnum Networking UpdateMagnum Networking Update
Magnum Networking Update
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
Integrate Kubernetes into CORD(Central Office Re-architected as a Datacenter)
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 

More from HungWei Chiu

Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.
HungWei Chiu
 
Learned from KIND
Learned from KIND Learned from KIND
Learned from KIND
HungWei Chiu
 
Debug Your Kubernetes Network
Debug Your Kubernetes NetworkDebug Your Kubernetes Network
Debug Your Kubernetes Network
HungWei Chiu
 
以 eBPF 構建一個更為堅韌的 Kubernetes 叢集
以 eBPF 構建一個更為堅韌的 Kubernetes 叢集以 eBPF 構建一個更為堅韌的 Kubernetes 叢集
以 eBPF 構建一個更為堅韌的 Kubernetes 叢集
HungWei Chiu
 
Learning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNILearning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNI
HungWei Chiu
 
Jenkins & IaC
Jenkins & IaCJenkins & IaC
Jenkins & IaC
HungWei Chiu
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRI
HungWei Chiu
 
Life
LifeLife
Life
HungWei Chiu
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
HungWei Chiu
 
IP Virtual Server(IPVS) 101
IP Virtual Server(IPVS) 101IP Virtual Server(IPVS) 101
IP Virtual Server(IPVS) 101
HungWei Chiu
 
Opentracing 101
Opentracing 101Opentracing 101
Opentracing 101
HungWei Chiu
 
iptables and Kubernetes
iptables and Kubernetesiptables and Kubernetes
iptables and Kubernetes
HungWei Chiu
 
IPTABLES Introduction
IPTABLES IntroductionIPTABLES Introduction
IPTABLES Introduction
HungWei Chiu
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
HungWei Chiu
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
HungWei Chiu
 
Introduction to CircleCI
Introduction to CircleCIIntroduction to CircleCI
Introduction to CircleCI
HungWei Chiu
 
Kubernetes 1001
Kubernetes 1001Kubernetes 1001
Kubernetes 1001
HungWei Chiu
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
HungWei Chiu
 
Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)
HungWei Chiu
 
Control Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsControl Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring Us
HungWei Chiu
 

More from HungWei Chiu (20)

Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.Learn O11y from Grafana ecosystem.
Learn O11y from Grafana ecosystem.
 
Learned from KIND
Learned from KIND Learned from KIND
Learned from KIND
 
Debug Your Kubernetes Network
Debug Your Kubernetes NetworkDebug Your Kubernetes Network
Debug Your Kubernetes Network
 
以 eBPF 構建一個更為堅韌的 Kubernetes 叢集
以 eBPF 構建一個更為堅韌的 Kubernetes 叢集以 eBPF 構建一個更為堅韌的 Kubernetes 叢集
以 eBPF 構建一個更為堅韌的 Kubernetes 叢集
 
Learning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNILearning how AWS implement AWS VPC CNI
Learning how AWS implement AWS VPC CNI
 
Jenkins & IaC
Jenkins & IaCJenkins & IaC
Jenkins & IaC
 
The relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRIThe relationship between Docker, Kubernetes and CRI
The relationship between Docker, Kubernetes and CRI
 
Life
LifeLife
Life
 
Introduction to CRI and OCI
Introduction to CRI and OCIIntroduction to CRI and OCI
Introduction to CRI and OCI
 
IP Virtual Server(IPVS) 101
IP Virtual Server(IPVS) 101IP Virtual Server(IPVS) 101
IP Virtual Server(IPVS) 101
 
Opentracing 101
Opentracing 101Opentracing 101
Opentracing 101
 
iptables and Kubernetes
iptables and Kubernetesiptables and Kubernetes
iptables and Kubernetes
 
IPTABLES Introduction
IPTABLES IntroductionIPTABLES Introduction
IPTABLES Introduction
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
 
How Networking works with Data Science
How Networking works with Data Science How Networking works with Data Science
How Networking works with Data Science
 
Introduction to CircleCI
Introduction to CircleCIIntroduction to CircleCI
Introduction to CircleCI
 
Kubernetes 1001
Kubernetes 1001Kubernetes 1001
Kubernetes 1001
 
Application-Based Routing
Application-Based RoutingApplication-Based Routing
Application-Based Routing
 
Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)
 
Control Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring UsControl Your Network ASICs, What Benefits switchdev Can Bring Us
Control Your Network ASICs, What Benefits switchdev Can Bring Us
 

Recently uploaded

Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 

Recently uploaded (20)

Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 

Writing the Container Network Interface(CNI) plugin in golang

  • 1. Introduction to CNI (Container Network Interface) Hwchiu (Hung-Wei Chiu) Linkernetworks.com
  • 2. Who Am I • Hung-Wei Chiu ( ) • hwchiu@linkernetworks.com • Blog: hwchiu.com • Experience • Software Engineer at Linker Networks • Co-Founder of SDNDS-TW (Software Defined Network) • Co-Found of CUTNG(Cloud Native Taiwan User Group) • Open Source Experience • SDN Related Projects (ONOS/Mininet/Floodlight) • OVS-CNI
  • 3. Outline • Introduction to CNI • How to write a CNI in golang
  • 5. Do You Heard Before? • Linux network namespace • Kernel function • Docker • Docker Network • Bridge/Host..etc • Kubernetes • Flannel/Calico/Weave..etc
  • 6. So, What Is Docker? How It Works ?
  • 7.
  • 8. A Simple HTTP Server • docker run --name my-nginx -p 8080:80 nginx • Use the localhost:8080 to communicate with nginx. • How it works ?
  • 9. Step By Step 1. Create a Linux Bridge Linux Host br0
  • 10. Step By Step 1. Create a Linux Bridge 2. Create a Container Linux Host br0 Container (Nginx)
  • 11. Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair Linux Host br0 Container (Nginx) veth234 veth123
  • 12. Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair 4. Attach veth pari to container and bridge (also rename) Linux Host br0 Container (Nginx) veth234 eth0
  • 13. Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair 4. Attach veth pari to container and bridge (also rename) 5. Assign an IP address to container Linux Host br0 Container (Nginx) veth234 eth0172.16.2.5/24
  • 14. Step By Step 1. Create a Linux Bridge 2. Create a Container 3. Create a veth pair 4. Attach veth pari to container and bridge (also rename) 5. Assign an IP address to container 6. Setup a iptablses rule for 8080:80 Linux Host br0 Container (Nginx) veth234 eth0172.16.2.5/24
  • 15. In The Previous Example • The networking part is handled by the linux network namepsace (ns) • veth is used to connect two different ns
  • 16. Do We Have Any Other Options ? • Docker run –network=… • Bridge (bydefault) • Host • ContainerID • Docker networks (CNM) • Create your network.
  • 17. How About Other Container System ? • LXC • rkt • Mesos • Kubernetes • …etc
  • 18. We Need To Make It Simple • Develop once, run everywhere • That’s CNI (Container Network Interface) • https://github.com/containernetworking/cni • Developed by go language
  • 19. What Is CNI • A CNCF (Cloud Native Computing Foundation) project • For Linux Containers • Consists of a specification and libraries for writing plugins. • Only care about networking connectivity of containers • Create/Remove
  • 20. Who Use CNI • rkt - container engine • Kubernetes - a system to simplify container operations • OpenShift - Kubernetes with additional enterprise features • Cloud Foundry - a platform for cloud applications • Apache Mesos - a distributed systems kernel • Amazon ECS - a highly scalable, high performance container management service
  • 21. Network Connectivity • Use the previous docker example, The CNI will do • Create the Linux Bridge • Create the veth and attach to the container (ns) • Find a IP address and assign the IP to the Linux Bridge • Other staffs (You can do anything you want)
  • 22. Others CNI • SR-IOV (Physical NIC to container) • OVS (Use OpenvSwitch rather than Linux Bridge) • Flannel (Support tunnel via UDP/VXLAN) • MacVlan/IPVlan • PTP • Vlan • …etc
  • 23. So, How To Develop a CNI Plugin?
  • 24. Let’s See A Example
  • 25. First • Assume we have already implemented a CNI called simple-cni • Assume we have create a network namespace (ns) vir the following command • ip netns add ns1 • We have a json config contains the information we need. • { ”name”: “simple-cni” }
  • 26. Second • Execute the following command • sudo CNI_COMMAND=ADD CNI_CONTAINERID=ns1 CNI_NETNS=/var/run/netns/ns1 CNI_IFNAME=eth10 CNI_PATH=`pwd` ./simple-cni < config
  • 27. Explain • COMMAND • ADD/DELETE/VERSION • CONTAINERID • Just a ID… • NETNS • The location of ns • IFNAME • NIC name in the container • PATH • Where to find the binary • Stdin • Just a json config
  • 28. What The Simple-CNI do • Load the information from the config (bridge name, IP address) • Create a Linux Bridge • Create a veth and attach to $NETNS • Rename the NIC to $IFNAME • Set the IP address to the NIC (We call it IPAM )
  • 30. Skeleton • We should implement two function (Add/Delete) for CNI_COMMAND • We will get those data via skel.CmdArgs
  • 31.
  • 32.
  • 33. First • We should add a special function init
  • 34. First(Cont’d) • Decode the StdinData to out structure. • You can define any data you want. • In my example. I get the bridge name and IP address from the config.
  • 35. First • Decode the StdinData to out structure.
  • 36. Create a Linux Bridge • We have to ways to create a linux bridge • Call the linux command (brctl addbr ….) • Use the netlink to create a linux bridge • We use this method our example.
  • 37. Create a Linux Bridge • Prepare a bridge object netlink.Bridge{} • Create a bridge via netlink.LinkAdd • brctl add br • Up the Linux bridge via netlink.LinkSetUp • ifconfig xxx up
  • 38.
  • 39. Second • Create a veth pair via netlink.Veth • Setup the veth via netlink.LinkSetUp • Move one side of veth to another ns via netlink.LinkSetNsFd • Setup the NICs of the veth via netlink.LinkSetUp
  • 40. Second(cont’d) • We can create a veth on the host ns and move one side into container ns. • Or, we can create a veth on the container ns and move one side into host ns. • Choose any approach you like.
  • 41. Second • The better way is to use the function provide by containernetworking/plugins/pkg/ip package.
  • 42. The simple way. • Get the NS Object from the ns.GetNs • Call the SetupVeth on the continaer ns.
  • 43.
  • 44. Third. • We need to attach the one side of the veth into the Linux bridge • First, get the Link Object via netlink.LinkByName • Second, attach the link to bridge via netlink.LinkSetMaster
  • 45. Now • We have created the Linux bridge • We have create a veth and connect the host ns and container ns. • We also attach the veth to the Linux Bridge Linux Host br0 Network Namespace veth234 eth0
  • 46. Next • We need to handle the IPAM (IP address management) • In this example, we get the IP address from the config. • We can set the ip address via netlink.AddrAdd
  • 47.
  • 49. Other Things About CNI • Build-in IPAM • Host • DHCP • DIY
  • 52.
  • 53. Q&A