Embed Size (px)
Citation preview
DOCKER NETWORKING
VĂN ĐÌNH PHÚC
TRẦN HỮU CƯỜNG
NGUYỄN VĂN THƯỜNG
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
Networking Breakout
Madhu Venugopal
Jana Radhakrishnan
AGENDA
Introduction
Networking Deep Dive (version 1.7)
Networking Deep Dive (Experimental)
Ecosystem
Q&A
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
INTRODUCTION
DOCKERDAY – VIET NAM - 2015 HN - 7/17/2015
WHAT IS DOCKER ?
Docker containers wrap up a piece ofsoftware in a complete filesystem thatcontains everything it needs to run:code, runtime, system tools, systemlibraries – anything you can install ona server
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
WHY IS NETWORKING IMPORTANT ?
Communication between containers and the wider world
Communication between containers in single host and multi hosts
Container attached to multi networks
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
LIBNETWORK
Open Sourced in April
Over 200 Pull Requests
Over 200 GitHub Stars
Windows and FreeBSD ports in progress
LIBNETWORK
Project Pages define the goals of each Platform Version Release and identify current progress
https://github.com/docker/libnetwork/wiki
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
Project Page Target Date Current Sprint Platform Version
libnetwork 0.5 10/06/2015 Docker 1.9.0
libnetwork 0.4 08/04/2015 Sprint 20 Docker 1.8.0
libnetwork 0.3 06/18/2015 Docker 1.7.0
NETWORKING DEEP DIVE (VERSION 1.7)
DOCKERDAY – VIET NAM - 2015 HN - 7/17/2015
DOCKER0 BRIDGE
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
Be a default bridge in Docker Hosts
Randomly chooses an address and subnetfrom the private range defined by RFC1918
Automatically forwards packets betweenany other network interfaces that areattached to it
VIRTUAL ETHERNET INTERFACES
a pair of “peer” interfaces that are like opposite ends of a pipe — a packet sent on one will be received on the other
It gives one of the peers to the container to become its eth0 interface and keeps the other peer, with a unique name like veth37c1271
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
BINDING CONTAINER PORTS TO THE HOST
docker run:
-P or --publish-all=true|fals
-p SPEC or --publish=SPEC
-p IP:host_port:container_port
-p IP::port
--ip=IP_ADDRESS
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
--expose <port>
EXPOSE line in the image’s Dockerfile
orand
LINKING CONTAINERS TOGETHER
docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 -e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=wppwd mysql
docker run --name wp01 --link db:mysql -d -e WORDPRESS_DB_NAME=wpdb -e WORDPRESS_DB_USER=wpuser -e WORDPRESS_DB_PASSWORD=wppwd -p 8080:80 wordpress
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
Iptables
Docker Host
8080/tcp
eth0
db
3306/tcp
• Wpuser• wppwd
Wp
db
eth0
wp01• /etc/host• WORDPRESS_DB_NAME
=wpdb• WORDPRESS_DB_USER
=wpuser• WORDPRESS_DB_PASS
WORD=wppwd
eth0
Mysql://
80/tcp
Docker Host
eth0L0
do
cker0
HOW DOCKER NETWORKS A CONTAINER ?
option to docker run :
--net=bridge (default)
--net=host
--net=container:NAME_or_ID
--net=none
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
db
• Wpuser• wppwd
Wp
db
L0
Veth***eth0
3306/tcp
docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 -e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=wppwd mysql
EDITING NETWORKING CONFIG FILES
with Docker v.1.2.0, you can now edit /etc/hosts, /etc/hostname and /etc/resolve.conf in a running container
changes to these files will not be saved by docker commit nor will they be saved during docker run
won’t be saved in the image, nor will they persist when a container is restarted
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
ADVANCED NETWORKING TOOLS (THIRD PARTIES)
Pipework (Jérôme Petazzoni)
https://github.com/jpetazzo/pipework
Foundations of Python Network Programming (Brandon Rhodes)
https://github.com/brandon-rhodes/fopnp/tree/m/playground
WEAVE
https://github.com/weaveworks/weave
HN - 7/17/2015DOCKERDAY – VIET NAM - 2015
NETWORKING DEEP DIVE (EXPERIMENTAL)
DOCKERDAY – VIET NAM - 2015 HN - 7/17/2015
Why is Networking important?
• Traditional Networking is incredibly vast and complex
• Networking is an inherent part of distributed applications
• Make it developer-friendly & application driven.
“We'll do for Networking,
What Docker did for
Compute.”
Goals
• Make “network” & “service” as top-level objects
• Provide a pluggable networking stack
• Span networks across multiple hosts
• Support multiple platforms
Whats New?
• Updated Networking Stack in Docker
• Create Networks using the Docker CLI
• Multi-host Networking
• Services UI
blue = experimental
What is Libnetwork
• Library for creating and managing network stacks for containers
• Test daemon/client called "dnet"
• Driver-based networking
• Implements the Container Network Model
Container Network Model
(CNM)• Endpoint
• Network
• Sandbox
Create
Network
Create
Container
Defer to
Driver
Defer to
Driver
Libnetwork API
• libnetwork.New
• controller.ConfigureNetworkDriver
• controller.NewNetwork
• network.CreateEndpoint
• endpoint.Join
RESTful API
• Provides CRUD for Networks and Endpoints
• /network
• /network/<network_id>/endpoints
• /network/<network_id>/endpoints/<endpoint_id>
• /network/<network_id>/endpoints/<endpoint_id>/containers
• /services
• /services/<service_id>
• /services/<service_id>/backends
Drivers
• Drivers implement the Driver API
• They provide the specifics of how a network and endpoint are
implemented
Bridge Driver
• Creates a Linux Bridge for each network
• Creates a veth pair for each endpoint
- One end is attached to the bridge
- The other appears as eth0 inside the containers
• iptables rules created for NAT
Overlay Driver
• Creates a separate network namespace for every network
- Facilitates overlapping IP address space across networks
• Creates a Linux Bridge and VXLAN tunnels to every other discovered
host
• Creates a veth pair for each endpoint
- One end is attached to the bridge
- The other appears as eth0 inside the container
• Network namespace connected to host network using NAT
- Facilitates exiting the overlay network at every host(for external connectivity)
Network Plugins
• Implemented using libnetwork's remote driver
• Uses JSON-RPC transport
• Can be written in any language
• Can be deployed as a container
Networking Ecosystem
– R. Callon, RFC 1925 - The Twelve Networking Truths
“One size never fits all.”
Call to Action!
• Try the Docker Experimental Channel!
- https://experimental.docker.com
• Contribute to libnetwork
- Raise an Issue or Submit a Pull Request
• Chat with us on IRC
- #docker-network on Freenode
• Stop by at the booth for a demo
Q&A
Thanks you Docker Hà Nội: http://www.meetup.com/Docker-HaNoi
Văn Đình Phúc – [email protected]
Trần Hữu Cường
Nguyễn Văn Thường
