Docker  Networking

Văn  Đình  Phúc  –  System  Engineer  Nguyễn  Văn  Thường  –  Linux  Sysadmin  Trần  Hữu  Cường  –  R&D  

Networking Breakout Madhu Venugopal Jana Radhakrishnan

Source: recap from DockerCon US 2015

AGENDA

¡  Introduction

¡  Networking Deep Dive (version 1.7)

¡  Networking Deep Dive (Experimental)

¡  Ecosystem

¡  Q&A

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

INTRODUCTION

DOCKERDAY – VIET NAM - 2015 HN - 19/07/2015

WHAT IS DOCKER ?

Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

WHY IS NETWORKING IMPORTANT ?

¡  Communication between containers and the wider world

¡  Communication between containers in single host and multi hosts

¡  Container attached to multi networks

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

LIBNETWORK

¡  Open Sourced in April

¡  Over 200 Pull Requests

¡  Over 200 GitHub Stars

¡  Windows and FreeBSD ports in progress

Source: recap from DockerCon US 2015

LIBNETWORK

¡  Project Pages define the goals of each Platform Version Release and identify current progress

https://github.com/docker/libnetwork/wiki

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

Project Page Target Date Current Sprint Platform Version

libnetwork 0.5 10/06/2015 Docker 1.9.0

libnetwork 0.4 08/04/2015 Sprint 20 Docker 1.8.0

libnetwork 0.3 06/18/2015 Docker 1.7.0

NETWORKING DEEP DIVE (VERSION 1.7)

DOCKERDAY – VIET NAM - 2015 HN - 19/07/2015

DOCKER0 BRIDGE

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

¡  Be a default bridge in Docker Hosts

¡  Randomly chooses an address and subnet from the private range defined by RFC 1918

¡  Automatically forwards packets between any other network interfaces that are attached to it

VIRTUAL ETHERNET INTERFACES

¡  a pair of “peer” interfaces that are like opposite ends of a pipe — a packet sent on one will be received on the other

¡  It gives one of the peers to the container to become its eth0 interface and keeps the other peer, with a unique name like veth37c1271

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

BINDING CONTAINER PORTS TO THE HOST

¡  docker run:

¡  -P or --publish-all=true|fals

¡  -p SPEC or --publish=SPEC

¡  -p IP:host_port:container_port

¡  -p IP::port

¡  --ip=IP_ADDRESS

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

¡  --expose <port>

¡  EXPOSE line in the image’s Dockerfile

or and

LINKING CONTAINERS TOGETHER

¡  docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 -e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=wppwd mysql

¡  docker run --name wp01 --link db:mysql -d -e WORDPRESS_DB_NAME=wpdb -e WORDPRESS_DB_USER=wpuser -e WORDPRESS_DB_PASSWORD=wppwd -p 8080:80 wordpress

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

Iptables

Docker Host

8080/tcp

eth0

db

3306/tcp

•  Wpuser •  wppwd

Wpd

b

eth0

wp01 •  /etc/host •  WORDPRESS_DB_N

AME=wpdb •  WORDPRESS_DB_US

ER=wpuser •  WORDPRESS_DB_PA

SSWORD=wppwd

eth0

Mysql:// 80/tcp

Docker Host

eth0 L0

docker0

HOW DOCKER NETWORKS A CONTAINER ?

¡  option to docker run : ¡  --net=bridge (default) ¡  --net=host ¡  --net=container:NAME_or_ID ¡  --net=none

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

db

•  Wpuser •  wppwd

Wpd

b

L0

Veth*** eth0

3306/tcp

¡  docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 -e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser -e MYSQL_PASSWORD=wppwd mysql

EDITING NETWORKING CONFIG FILES

¡  with Docker v.1.2.0, you can now edit /etc/hosts, /etc/hostname and /etc/resolve.conf in a running container

¡  changes to these files will not be saved by docker commit nor will they be saved during docker run

¡  won’t be saved in the image, nor will they persist when a container is restarted

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

ADVANCED NETWORKING TOOLS (THIRD PARTIES)

¡  Pipework (Jérôme Petazzoni)

https://github.com/jpetazzo/pipework

¡  Foundations of Python Network Programming (Brandon Rhodes)

https://github.com/brandon-rhodes/fopnp/tree/m/playground

¡  WEAVE

https://github.com/weaveworks/weave

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015

NETWORKING DEEP DIVE (EXPERIMENTAL)

DOCKERDAY – VIET NAM - 2015 HN - 19/07/2015

Why is Networking important?

•  Traditional Networking is incredibly vast and complex

•  Networking is an inherent part of distributed applications

•  Make it developer-friendly & application driven.

Source: recap from DockerCon US 2015

“We'll do for Networking, What Docker did for Compute.”

Source: recap from DockerCon US 2015

Goals

•  Make “network” & “service” as top-level objects

•  Provide a pluggable networking stack

•  Span networks across multiple hosts

•  Support multiple platforms

Source: recap from DockerCon US 2015

Whats New?

•  Updated Networking Stack in Docker

•  Create Networks using the Docker CLI

•  Multi-host Networking

•  Services UI

blue = experimental Source: recap from DockerCon US 2015

What is Libnetwork

•  Library for creating and managing network stacks for containers

•  Test daemon/client called "dnet"

•  Driver-based networking

•  Implements the Container Network Model

Source: recap from DockerCon US 2015

Container Network Model (CNM) •  Endpoint

•  Network

•  Sandbox

Source: recap from DockerCon US 2015

Create

Network

Create

Container

Defer to Driver

Defer to Driver

Source: recap from DockerCon US 2015

Libnetwork API

•  libnetwork.New

•  controller.ConfigureNetworkDriver

•  controller.NewNetwork

•  network.CreateEndpoint

•  endpoint.Join

Source: recap from DockerCon US 2015

RESTful API

•  Provides CRUD for Networks and Endpoints

•  /network

•  /network/<network_id>/endpoints

•  /network/<network_id>/endpoints/<endpoint_id>

•  /network/<network_id>/endpoints/<endpoint_id>/containers

•  /services

•  /services/<service_id>

•  /services/<service_id>/backends

Source: recap from DockerCon US 2015

Drivers

•  Drivers implement the Driver API

•  They provide the specifics of how a network and endpoint are implemented

Source: recap from DockerCon US 2015

Bridge Driver

•  Creates a Linux Bridge for each network

•  Creates a veth pair for each endpoint

-  One end is attached to the bridge

-  The other appears as eth0 inside the containers

•  iptables rules created for NAT

Source: recap from DockerCon US 2015

Overlay Driver

•  Creates a separate network namespace for every network -  Facilitates overlapping IP address space across networks

•  Creates a Linux Bridge and VXLAN tunnels to every other discovered host

•  Creates a veth pair for each endpoint -  One end is attached to the bridge

-  The other appears as eth0 inside the container

•  Network namespace connected to host network using NAT -  Facilitates exiting the overlay network at every host(for external connectivity)

Source: recap from DockerCon US 2015

Network Plugins

•  Implemented using libnetwork's remote driver

•  Uses JSON-RPC transport

•  Can be written in any language

•  Can be deployed as a container

Source: recap from DockerCon US 2015

Networking Ecosystem

Source: recap from DockerCon US 2015

– R. Callon, RFC 1925 - The Twelve Networking Truths

“One size never fits all.”

Source: recap from DockerCon US 2015

Source: recap from DockerCon US 2015

Call to Action!

•  Try the Docker Experimental Channel! -  https://experimental.docker.com

•  Contribute to libnetwork -  Raise an Issue or Submit a Pull Request

•  Chat with us on IRC -  #docker-network on Freenode

•  Stop by at the booth for a demo

Source: recap from DockerCon US 2015

Q&A

Source: recap from DockerCon US 2015

Thanks you ¡  Docker Hà Nội: http://www.meetup.com/Docker-HaNoi

¡  Văn Đình Phúc – phucvd.ce@gmail.com

¡  Trần Hữu Cường - tranhuucuong91@gmail.com

¡  Nguyễn Văn Thường - thuongnvbk@gmail.com

HN - 19/07/2015 DOCKERDAY – VIET NAM - 2015