Docker Networking LAKSHMAN KUMAR Agenda Docker networking with

  • Slides: 12
Download presentation
Docker Networking LAKSHMAN KUMAR

Docker Networking LAKSHMAN KUMAR

Agenda • • • Docker networking with bridge libnetwork overview libnetwork goals libnetwork components

Agenda • • • Docker networking with bridge libnetwork overview libnetwork goals libnetwork components libnetwork deployments Demo

Docker with linux bridge • • • On startup Docker creates a Ethernet Bridge

Docker with linux bridge • • • On startup Docker creates a Ethernet Bridge docker 0 on the Linux Kernel docker 0 creates a virtual subnet on the Docker host Docker creates a pair of virtual Ethernet interface on each container One of the Ethernet interface is the eth 0 in the container Another Ethernet interface will have a unique name in the form of veth* (e. g. vethxxxx) and is bind to docker 0 • So linux bridge do a simple MAC level forwarding and its independent protocol without libnetworking handled by Docker Engine and libcontainer • Docker Engine was responsible for providing the configuration for the container's networking stack. • Libcontainer would then use this information to create the necessary networking devices

libnetwork overview • Modularize the networking logic in Docker Engine and libcontainer into a

libnetwork overview • Modularize the networking logic in Docker Engine and libcontainer into a single, reusable library • "libnetwork" is a library that can provide native support for Docker container and its function is to connect containers. • Got open sourced in April • libnetwork experimental in Docker 1. 7 • Library for creating and managing network stacks for containers • driver-based networking implements the container network model

Goals of libnetwork • Make network and service as top class object - controller.

Goals of libnetwork • Make network and service as top class object - controller. New. Network() • Provide a pluggable network stack • span network across multiple hosts (using overlay taking b/w containers in different host)

Container network model

Container network model

Components of Container network model Endpoint An Endpoint joins a Sandbox to a Network.

Components of Container network model Endpoint An Endpoint joins a Sandbox to a Network. An implementation of an Endpoint could be a veth pair, an Open v. Switch internal port or similar. An Endpoint can belong to only one network but may only belong to one Sandbox. Sand. Box A Sandbox contains the configuration of a container's network stack. This includes management of the container's interfaces, routing table and DNS settings. An implementation of a Sandbox could be a Linux Network Namespace. A Sandbox may contain many endpoints from multiple networks. Network A Network is a group of Endpoints that are able to communicate with each-other directly. An implementation of a Network could be a Linux bridge, a VLAN, etc. Networks consist of many endpoints. Cluster

CNM Objects • Network. Controller object provides the entry-point into libnetwork that exposes simple

CNM Objects • Network. Controller object provides the entry-point into libnetwork that exposes simple APIs for the users (such as Docker Engine) to allocate and manage Networks. libnetwork supports multiple active drivers (both inbuilt and remote). Network. Controller allows user to bind a particular driver to a given network. • libnetwork provides a RESTful API to perform CRUD on network and endpoints • Endpoint represents a Service Endpoint. It provides the connectivity for services exposed by a container in a network with other services provided by other containers in the network. • Sandbox object represents container's network configuration such as ip-address, mac-address, routes, DNS entries. - Sandbox object is created when the user requests to create an endpoint on a network.

Drivers • Drivers implement the driver API • drivers provides the actual implementation that

Drivers • Drivers implement the driver API • drivers provides the actual implementation that makes network. • Bridge driver - created a linux bridge for each network - creates veth pair for each endpoint - one end is attached to the bridge the other appears as etho inside the container - iptables rules created for NAT • Overlay driver

References Libnetwork overview: https: //github. com/docker/libnetwork Libnetwork configuration: https: //github. com/docker/libnetwork/tree/master/docs https: //www. youtube.

References Libnetwork overview: https: //github. com/docker/libnetwork Libnetwork configuration: https: //github. com/docker/libnetwork/tree/master/docs https: //www. youtube. com/watch? v=LNUh. Vfufj. Zw