dc/os 1.8 container networking
TRANSCRIPT
![Page 1: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/1.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
DC/OS 1.8 NETWORKING
@SARGUN1
Sargun Dhillon, July 2016
![Page 2: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/2.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
WHO AM I?
2
![Page 3: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/3.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
AGENDA
3
• How, and why did we go here?
• How does DC/OS bring you closer to the ideal?
• Some of the future
![Page 4: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/4.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
A BRIEF HISTORY OF NETWORKS IN THE DC
4
![Page 5: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/5.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
ORGANIZATIONS CIRCA 2007
5
•Before DevOps was first heard
•Clear differentiation of ownership
•The datacenter was owned by a the NOC
•Deployment of services was done by sysadmins in the operations group
•Developers operated without access to production
•Production deployments gated by QA, Operations
![Page 6: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/6.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
SOFTWARE CIRCA 2007
6
•Different services glued together via CORBA, XML-RPC, SOAP
•No one was really consciously doing microservices
•Networks were static, giant layer 2 domains
•Load Balancing provided by hardware
•Everyone ran their own datacenter
•EC2 in its infancy, only a year prior has the term “Cloud” began to become popular
•Systems statically partitioned
![Page 7: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/7.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 7
SaaS continued to grow at an incredible rate
![Page 8: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/8.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 8
There became a race to ship faster
![Page 9: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/9.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 9
We kept the software alive By feeding it
With Sysadmins
![Page 10: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/10.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 10
We kept the machines alive By feeding them
With Blood
![Page 11: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/11.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 11
This wasn’t working
![Page 12: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/12.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
ORGANIZATIONS 2008+
12
•We began seeing a gradual shift in the industry where lines between QA, Dev, and Ops were blurring
•Devops term coined in 2008, first DevOpsDay in 2009
•Gradual adoption of the cloud, fewer organizations owning their own datacenters
•Either networking was outsourced to the cloud, or typically remained in a small internal organization
•Needed to reduce ratio of operators to servers
![Page 13: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/13.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
SOFTWARE CIRCA 2008+
13
•Popularization of Open Source tooling to automate much of traditional operations, and QA
•Jenkins / Hudson
•Puppet / Chef
•Capistrano
•Popularization of stacks requiring with more complex operational requirements
•Nutch / Hadoop
•NoSQLs
•Still statically partitioned machines
•Networks still sacred territory
![Page 14: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/14.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
CIRCA 2011
14
•Much of what’s been happening for the past half-decade hits networking
•Much of this falls under the term “SDN” (Software Defined Networking) or “NFV” (Network Function Virtualization)
•Hastened by the adoption of VMs in the enterprise in the hype cycle
•Openflow promises to fix everything
•Major adoptions of the cloud by startups as well as enterprise
•Virtualization begins to become mainstream as a mechanism of consolidating workloads
•The invention of the “private cloud”
•DotCloud / Docker funded by Y-combinator a year earlier
•Term “Microservice” coined
![Page 15: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/15.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
CIRCA 2013
15
• Docker becomes instant hit and brings containers to the forefront
• Dynamic partitioning begins to make in-roads
• Google releases Omega paper
• Apache Aurora open sourced
• Microservice counts explode, demanding collocation of workloads for efficiency
• Mesosphere Founded
• Site Reliability Engineering begins to popularize and further blur the lines between Dev, Ops, and QA
![Page 16: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/16.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 16
Everything was changing
![Page 17: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/17.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 17
Why?
![Page 18: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/18.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 18
Business Value
![Page 19: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/19.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 19
![Page 20: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/20.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
BENEFITS
20
•Reduction in cost of goods sold
•Smaller engineer to server ratio
•Linear, or super linear growth rate of engineering team to servers is unsustainable
•Smaller engineer to capability ratio, where capability includes:
•Features
•Throughput
•Better User Experience
•Better availability
•Quicker release to features
![Page 21: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/21.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 21
But at what cost?
![Page 22: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/22.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 22
Complexity
![Page 23: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/23.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
OLD WORLD
23
![Page 24: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/24.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
NEW WORLD
24
![Page 25: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/25.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
DIVING DEEPER
25
![Page 26: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/26.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 26
Paxos?
Raft?
Ω Failure Detector?
Pods?
Wat?
Sidecars?
Etcd?
Zookeeper?
VxLan?
![Page 27: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/27.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 27
Performance
![Page 28: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/28.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
REDIS PERFORMANCE
28
![Page 29: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/29.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
THE DC/OS APPROACH
29
![Page 30: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/30.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
CORE TENANTS
30
•DC/OS must be agnostic to the underlying environment
•AWS / Azure / GCE / Softlayer as the lowest common denominators
•DC/OS should require no to minimal changes to the code in order to work
•DC/OS should provide similar services to existing environments
•Fixed load balancers
•Security
• IP/Container
•We do not want to require a change in organization procedures
![Page 31: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/31.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
CURRENT SERVICES PROVIDED
31
• Service Discovery
• Mesos-DNS
• Navstar*
• Spartan*
• Load Balancing
• Minuteman*
• Accessibility
• Octarine*
• IP Per Container
• Control Plane
• Lashup* *Project Name
![Page 32: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/32.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
SERVICE DISCOVERY
PROJECTS: MESOS-DNS NAVSTAR SPARTAN
32
![Page 33: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/33.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
MESOS-DNS / NAVSTAR / SPARTAN
33
• Simple service discovery mechanism that exposes service locations over DNS
• Service names, and locations exposed
• via SRV records.
• via A records
• Typically requires modification of downstream code
• Good for bootstrap
![Page 34: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/34.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
HIGH LEVEL
34
![Page 35: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/35.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
EXTENDED USAGE
35
![Page 36: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/36.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
INTEGRATIONS
36
![Page 37: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/37.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
SPARTAN
37
• DNS proxy that’s closely coupled with Navstar
• Raises availability by doubling work
• Makes DNS 2N, 2N+1, or N+1 systems act as such
• Reduces latency at scale
• Dual dispatches the query, and waits for first response
A Jeff Dean Jig
![Page 38: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/38.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
SPARTAN
38
![Page 39: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/39.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
LOAD BALANCING
PROJECTS: MINUTEMAN
39
![Page 40: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/40.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
MINUTEMAN
40
•Low-Overhead TCP load balancing
•Low-overhead during continuous TCP connection
•Pay balancing cost upfront
•Inflicts minimal overhead on non-load balanced traffic
•Fault-tolerance period aims to be <100ms
![Page 41: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/41.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
FUNCTIONALLY
41
![Page 42: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/42.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 42
![Page 43: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/43.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 43
![Page 44: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/44.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 44
![Page 45: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/45.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
VIRTUAL NETWORKS
PROJECTS: NAVSTAR
45
![Page 46: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/46.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
VIRTUAL NETWORKS
46
•Base DC/OS 1.8 functionality
•With custom Mesos module
•Provides IP/Container out of the box
•Utilizes off the shelf encapsulation
•VXLan
•Artisanal controller built at Mesosphere: Navstar
![Page 47: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/47.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
50’000 FOOT VIEW
47
![Page 48: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/48.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
DIVING IN
48
![Page 49: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/49.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
ACCESSIBILITY
PROJECTS: OCTARINE
49
![Page 50: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/50.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
OCTARINE
50
• Transparent HTTP Proxy
• Automatically integrates with Mesos-DNS Resolves SRV records
• SOCKS Proxy
• Automatic OpenVPN Proxy
• Currently leverages master SSH access for ACLs
• Soon will integrate with DC/OS ACLs
![Page 51: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/51.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
USE CASE
51
![Page 52: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/52.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
INTERACTION DIAGRAM
52
![Page 53: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/53.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
OCTARINE: BENEFITS
53
• Provides Day 0 access to DC/OS services
• With security
• Without internet exposure
• Without task pinning
• Works without custom software
• Works without infrastructure modification
![Page 54: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/54.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
CONTROL PLANE
PROJECTS: LASHUP
54
![Page 55: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/55.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 55
We had a problem
![Page 56: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/56.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 56
Computers
![Page 57: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/57.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 57
Sometimes
They Break
![Page 58: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/58.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 58
Sometimes
Many Break
![Page 59: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/59.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 59
Sometimes
You don’t know
![Page 60: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/60.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 60
Before Lashup
![Page 61: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/61.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 61
90+ Second Resolution For
10% failure
![Page 62: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/62.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 62
You’d Need to Be Ultron To Keep Track Of It All
![Page 63: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/63.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 63
Let’s Distribute the Problem
![Page 64: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/64.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 64
A Mess
![Page 65: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/65.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 65
Academia
![Page 66: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/66.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 66
Connected Graph
Hyparview
![Page 67: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/67.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 67
Constant Adaptive Health Checks
![Page 68: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/68.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 68
Dealing with Failure
Hyparview
![Page 69: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/69.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 69
Dealing with Failure
Hyparview
![Page 70: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/70.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 70
Dealing with Failure
Hyparview
![Page 71: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/71.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 71
Throw Some Link-State Routing At it
![Page 72: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/72.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 72
Free Multicast
![Page 73: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/73.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 73
Sprinkle On Some CRDTs
![Page 74: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/74.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 74
![Page 75: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/75.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
PROJECT LASHUP
75
•A novel distributed systems SDK that provides:
•Failure detection
•Membership
•Multicast Delivery
•Strongly-eventually consistent data storage
•Powers:
•Minuteman VIP dissemination
•Minuteman node liveness checks
•Overlay routing
•DNS Synchronization
![Page 76: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/76.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
THE FUTURE
76
![Page 77: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/77.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
FUTURE PLANS?
77
• Security
• Encryption in flight
• Task-level Microsegmentation and Filtering
• Further research required:
• QoS between services
• “Zero-overhead” NFV
![Page 78: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/78.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 78
Zero Overhead NFV: Rewrite the OS
at The Syscall Layer
![Page 79: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/79.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 79
Zero Overhead NFV:
~/linux$ sudo samples/bpf/test_probe_write_user Server bound to: 127.0.0.1:35707 Client connecting to: 255.255.255.255:5555 Server received connection from: 0.0.0.0:44804 Client's peer address: 127.0.0.1:35707
![Page 80: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/80.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved. 80
Zero Overhead NFV:
~/linux$ sudo strace -e ... samples/bpf/test_probe_write_user bind(3, sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("127.0.0.1"), 16) = 0 getsockname(3, sa_family=AF_INET, sin_port=htons(42085), sin_addr=inet_addr("127.0.0.1"), [16]) = 0 Server bound to: 127.0.0.1:42085 Client connecting to: 255.255.255.255:5555 connect(7, sa_family=AF_INET, sin_port=htons(5555), sin_addr=inet_addr("255.255.255.255"), 16) = 0 accept(3, sa_family=AF_INET, sin_port=htons(50016), sin_addr=inet_addr("127.0.0.1"), [16]) = 8 Server received connection from: 0.0.0.0:50016 getpeername(7, sa_family=AF_INET, sin_port=htons(42085), sin_addr=inet_addr("127.0.0.1"), [16]) = 0 Client's peer address: 127.0.0.1:42085
![Page 81: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/81.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
ZERO-OVERHEAD NFV
81
•Implemented using kernel probes
•JIT at runtime
•Allows standard BSD API to work
•In preliminary testing: Undetectable overhead
![Page 82: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/82.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
ZERO-OVERHEAD NFV
82
•We’re still taking the VM approach; Why not take the container approach to NFV?
•Lie to the program
•Manipulate the syscalls
•Win big
•Current Status:
•Research Project
•Upstreamed first patches due for the 4.8 Kernel
![Page 83: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/83.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
DC/OS 1.8 NETWORKING
83
•Core functionality:
• IP/CT
•Internal Service Discovery
•Load Balancing
•3rd Party Service Integration
•Upcoming Features:
•Security
•External Load Balancing
•Future research going on
![Page 84: DC/OS 1.8 Container Networking](https://reader034.vdocuments.mx/reader034/viewer/2022042611/586e8c3e1a28aba0038b83b9/html5/thumbnails/84.jpg)
© 2016 Mesosphere, Inc. All Rights Reserved.
DC/OS 1.8 NETWORKING
@SARGUN
84