Upload File

overlay network multi docker host networking

24
CTO @ Kiratech Marco Bizzantino [email protected] @bizzam #containerday Overlay Network Multi Docker Host Networking

Upload: lynhan

Post on 13-Feb-2017

233 views

Category:

Documents


5 download

Report

TRANSCRIPT

Page 1: Overlay Network Multi Docker Host Networking

CTO@KiratechMarcoBizzantino

[email protected]

@bizzam#containerday

OverlayNetworkMultiDockerHostNetworking

Page 2: Overlay Network Multi Docker Host Networking

UnderstandDockercontainernetworks

• Networks,bydefinition,providecompleteisolationforcontainers• It’simportanttohavecontroloverthenetworks• Dockercontainernetworksgiveyouthatcontrol

Page 3: Overlay Network Multi Docker Host Networking

Dockernetworkingmodel

• ContainersdonothaveapublicIPv4address• Theyareallocatedaprivateaddress• Servicesrunningonacontainermustbe

exposedportbyport• Containerportshavetobemappedtothe

hostporttoavoidconflicts

Page 4: Overlay Network Multi Docker Host Networking

DefaultNetwork

• Dockerinstallationcreatesthreenetworksautomatically

• Youcanuse--netflagtospecifywhichnetworkyouwanttorunacontaineron

Page 5: Overlay Network Multi Docker Host Networking

BridgeNetwork

• Isthedocker0networkpresentinallDockerinstallations• Allcontainersbydefaultconnectstoit• Partofhost’snetworkstack• docker0 isassignedarandomIPaddressandsubnetfromthe

privaterangedefinedbyRFC1918

Page 6: Overlay Network Multi Docker Host Networking

NoneNetwork

• Container-specificnetworkstack

• Containerattachedlacksanetworkinterface

Page 7: Overlay Network Multi Docker Host Networking

HostNetwork

• Addsacontaineronthehostnetworkstack• Networkconfigurationinsidethecontaineris

identicaltothehost

Page 8: Overlay Network Multi Docker Host Networking

Checkcontainernetworkingproperties

Thedocker networkinspectcommandreturnsinformationaboutanetwork

Page 9: Overlay Network Multi Docker Host Networking

Networksummary

• Dockercontainersruninasubnetprovisionedbythedocker0bridgeonthehostmachine

• Wecancreateourownbridgeordifferentnetworktoruncontainerson

• AutomappingofcontainerportstohostportsonlyappliestotheportnumbersdefinedintheDockerfileEXPOSEinstruction

Page 10: Overlay Network Multi Docker Host Networking

Multi-hostnetworking

• ContainersrunningondifferenthostscannotcommunicatewitheachotherwithoutmappingtheirTCPportstothehost’sTCPports

• Multi-hostnetworkingallowsthesecontainerstocommunicatewithoutrequiringportmapping

• TheDockerEnginesupportsmultihostnetworkingnativelyoutoftheboxviatheoverlay networkdriver

Page 11: Overlay Network Multi Docker Host Networking

Multi-hostnetworking

Requirementsforcreatinganoverlaynetwork• Accesstoakey-valuestore• Aclusterofhostsconnectedtothekey-valuestore• AllhostsmusthaveKernelversion3.16orhigher• DockerEngineproperlyconfiguredoneachhost

Page 12: Overlay Network Multi Docker Host Networking

Overlaynetwork

• overlaynetworkdriversupportsmulti-hostnetworkingnativelyout-of-the-box

• Basedonlibnetwork,abuilt-inVXLAN-basedoverlaynetworkdriver,andDocker’slibkv library

• Theoverlaynetworkrequiresavalidkey-valuestoreservice

• TheDockerhostsmustbeabletocommunicate• udpport4789 Dataplane(VXLAN)• tcp/udpport7946 Controlplane

Page 13: Overlay Network Multi Docker Host Networking

Key-valuestore

Storesinformationaboutthenetworkstateincluding• Discovery• Endpoints• IPaddresses

Supportedoptions• Consul• Zookeeper(Distributedstore)• Etcd• BoltDB (Localstore)

Page 14: Overlay Network Multi Docker Host Networking

Setupkey-valuestoreOnyourMasterNode

Runconsulinacontainerwiththefollowingcommanddocker run -d -p 8500:8500 -h consul --name consul \

progrium/consul -server –bootstrap

Checkthatconsulisrunningandthatport8500ismappedtothehostusingdocker ps

Page 15: Overlay Network Multi Docker Host Networking

ConfigureDockerEngines

TheDockerEngineoneachnodeneedstobeconfiguredto:• ListenonTCPport2375• UsetheConsulkey-valuestoreonourmasternode

ModifytheDOCKER_OPTSvariable

DOCKER_OPTS="-Htcp://0.0.0.0:2375\-Hunix:///var/run/docker.sock \--cluster-store=consul://<MasterNodeIP>:8500/network\--cluster-advertise=eth0:2375"

Page 16: Overlay Network Multi Docker Host Networking

ConfiguretheOverlaynetwork

CreateanoverlaynetworkononeofthemachinesintheSwarm

docker networkcreate-doverlay–subnet10.10.2.0/24multinet

Page 17: Overlay Network Multi Docker Host Networking

Runningcontainersonamulti-hostnetwork

Torunacontaineronthemulti-hostnetwork,youjustneedtospecifythenetworknameonthedocker runcommand.Forexample:docker run -itd --name c1 --net multinet busyboxCanruncontainersfromanyhostconnectedtothenetworkContainerwillbeassignedanIPaddressfromthesubnetofyourmulti-hostnetwork

Page 18: Overlay Network Multi Docker Host Networking

Runningcontainersonamulti-hostnetwork

Thefirsttimeanoverlaynetworkiscreatedonanyhost,Dockeralsocreatesanothernetworkcalleddocker_gwbridge

Thedocker_gwbridgenetworkprovidesexternalaccessforcontainers

AllTCP/UDPportsareopenonanoverlaynetworkandthus,itisnotnecessarytomapcontainerportstohostportsinorderforcontainerstocommunicate

Page 19: Overlay Network Multi Docker Host Networking

OverlayNetwork

Onceconnected,eachcontainerhasaccesstoallthecontainersinthenetworkregardlessofwhichDockerhostthecontainerwaslaunchedon.

Page 20: Overlay Network Multi Docker Host Networking

Containerdiscovery

• Thedocker daemoncontainsanembeddedDNSserver• Containersmustrunwithaname(usingthe--name option).ThismapstotheIPaddressonthenetworkthecontainerisconnectedto.

• Whenacontainerisaddedtoamulti-hostnetwork,allotherhostswillbeabletodiscoveritviatheDNSserver

Page 21: Overlay Network Multi Docker Host Networking

Containerdiscovery

• Containermayhaveanynumberofaliasesonanetwork

• Containersmayhavedifferentaliasesondifferentnetworks,setusingthe--alias optiononnetwork connect

• IftheembeddedDNSserverisunabletoresolvetherequestitwillbeforwardedtoanyexternalDNSserversconfiguredforthecontainer

Page 22: Overlay Network Multi Docker Host Networking

Multi-hostNetworkSummary

• Anoverlay(multi-host)networkrequiresakey/valuestore

• Containersaddedtoamulti-hostnetworkarediscoverablebyothercontainers,aslongasthecontainername/aliashasbeenspecified

• Containersondifferenthostscancommunicatewitheachotherwithoutexposinganyportsifthehostsarepartofthesameoverlaynetwork

Page 23: Overlay Network Multi Docker Host Networking

Macvlan andIpvlan NetworkDrivers

• completecontroloflayer2VLANtaggingandevenIpvlan L3routingforusersinterestedinunderlaynetworkintegration

• containerattacheddirectlytotheDockerhostinterface• easyaccessforexternalfacingservicesasthereisnoportmappings

• stillexperimental

Moreinformations:https://github.com/docker/docker/blob/master/experimental/vlan-networks.md

Page 24: Overlay Network Multi Docker Host Networking

Thankyou


Docker Networking - Quality Thought€¦ · “Docker network create -d overlay qt-over” to create network Try executing “docker network ls” on other container you will not

Docker, Atomic Host and Kubernetes

CONTAINERS AND CONTAINER NETWORKING - …...5.1 Docker Swarm 20 5.2 Kubernetes 22 5.3 Mesosphere 24 6 Container Networking 26 6.1 Docker single host networking 26 6.2 Docker multi-host

Agenda - GitHub Pages · Networks in docker come in a few flavors: bridge, overlay, host, none You can also configure the network namespace to be another container $ docker run --name

Open vSwitch powered Docker · 2020. 8. 17. · Docker Host 1 172.16.1.1/24 172.1621/24 docker-ovsO 172.16.3.1/24 172.16.4.1/24 Docker Host 2 172.16.1.1/24 172.1621/24 docker-ovsO

Docker Overlay Networks

Octo talk : docker multi-host networking

Automated deployments with SaltStack & Docker - SCALE · Automated deployments with SaltStack & Docker ... $ docker run -d -p 80 -p 443 registry.local/baremetal/nginx ... serf - host

Docker Overlay Networks - OS3 · Docker Overlay Networks Performance analysis in high-latency environments MSc Research Project ... Socketplane and Calico as viable options. However,

Introduction to Docker · docker run -v : my_image volume : new directory is created within Docker’s storage directory on the host, and Docker

Overlay Networks and Tunneling...• Overlay networks – Tunnels between host computers – Build networks “on top” of the Internet – Deploy new protocols and services – Provide

Docker - Nico Maas · 2017-04-13 · Docker Swarm 29.04.2017 • Redundantes Cluster von Docker Nodes, in gewissem Grade selbstheilend, mit Routing Overlay Network • Swarm erstellen:

Testing Docker Images Security José Manuel Ortega ...€¦ · WhoamI 1.Introduction to docker security 2.Security best practices 3.Tools for auditing docker host 4.Tools for auditing

Docker Overlay NetworksDocker Overlay Networks Performance analysis in high-latency environments MSc Research Project System and Network Engineering February 7, 2016 Siem Hermans [email protected]

Docker & Security - ERNW€¦ · Challenges ¬ CI/CD ¬ ... ¬ Security of the docker host OS + container OS 08.03.2016 #45. Traditional Approach

Automate your Development Workflow with Docker · As with all Docker containers running on a Mac OS X, be aware to use the Docker-specific host IP address. The default is 192.168.59.103

Visualizing security boundaries in Docker Swarm overlay ... · visualizing security boundaries in docker swarm overlay networks MarcelBrouwers July3,2017 ... overlay/ov_serf.go 2

Docker Networking with Linux - i3s.unice.frurvoy/docs/VICC/3_vicc.pdf · Docker (host-level) Networking Docker Networking Model Docker Swarm Docker Network Overlay Outline 1 Reference

Docker overlay network - ContainerDay · Docker also creates another network called docker_gwbridge The docker_gwbridgenetwork provides external access for containers All TCP/UDP

Multi host networking with docker

Container Performance Analysis - Brendan GreggNetworking • With Docker, can be bridge, host, or overlay networks • Overlay networks have come with significant performance cost

Deeper dive in Docker Overlay Networks

Docker Networking Running multi-host applications · Docker Networking Running multi-host applications Johannes M. Scheuermann Karlsruhe, 28.04.2016

Docker Networking - Quality Thought · Steps FOr multi-host networking Install docker on two or more hosts On the first machine execute “docker swarm init” Execute docker swarm

Remote Workflow Enactment using Docker and the Generic … · 2016-10-06 · Docker Containers are run by the Docker Engine on a virtualized Linux system Containers share the host

The new Docker networking put into action to spin up a ...hpcadvisorycouncil.com/.../pdf/Kniep.DockerNetworkingSlurm.Gaikai.pdf · Multi-host containerised HPC clusterss The new Docker

Docker demystified for Mainframersvmworkshop.org/pres2017/dokrtech.pdf · Docker host: the (virtual) server where a Linux guest and Docker is running Docker Hub: share container images

Performance of Docker Overlay Networks A of · conclusion that macvlan in bridge mode is the most efficient module on a single host deployment. On a switched environment, macvlan

Docker – első lépések és hálózati opciók€¦ · Multi-Host networking Weave.works Flannel . Docker routing . Other gotchas • No init system in the container • Foreground

Snakemake - Amazon S3 · $ docker push dockerhub $ docker pull you$ dockerrun image_id OS kernel From host system Dockerfile A Docker image ob3b79cf: Base image 6f0d2f5e: Star installed

Secure Application Cloudification with Docker -SEDA... · •Control Docker binaries access within host O.S. –A user with privileges granted to Docker binaries can allow him run/stop

Docker Overlay Networks - de Laatdelaat.net/rp/2015-2016/p50/report.pdf · Docker Overlay Networks Performance analysis in high-latency environments MSc Research Project ... Socketplane

Kai Tödter - JAX DevOpsHow to run the Demo? Install Docker git clone cd docker Edit the docker host in cd-pipeline.sh or .bat

Docker Overlay Networks - OS3 · 6 Libnetwork (Native overlay driver) Weave Net Flannel Project Calico • Based on SocketPlane • Integrating OVS APIs in Docker • VXLAN based

Host Health Monitoring with Docker Run