pipework: software-defined network for containers and docker
DESCRIPTION
Pipework lets you connect together containers in arbitrarily complex scenarios. Pipework uses cgroups and namespaces and works with "plain" LXC containers (created with lxc-start), and with the awesome Docker. It's nothing less than Software-Defined Networking for Linux Containers! This is a short presentation about Pipework, given at the Docker Networking meet-up November 6th in Mountain View. More information: - https://github.com/jpetazzo/pipework - http://www.meetup.com/Docker-Networking/TRANSCRIPT
Pipework
PipeworkThe little SDN container framework
that you should NOT use
JérômePetazzoni(@jpetazzo)
Grumpy French DevOps
- Go away or I will replace youwith a very small shell script
Runs everything in containers
- Docker-in-Docker
- VPN-in-Docker
- KVM-in-Docker
- Xorg-in-Docker
- ...
Outline
● History● Features● Roadmap
Use cases
● Performance– Linux bridge, iptables, conntrack... Ohnoes!
● Integration into existing networks– VLAN, bonding...– IP addr management
● Work at L2/L3 instead of L4– Ethernet/IP vs TCP, UDP
Modus Operandi
● Create network interfaces● Move them to containers
(while they're running)● Configure network interfaces
(from outside)● Shell script
Seriously
Shell…?
Yup.
Upsides of /bin/sh
● Easy to understand● Easy to rip out the bits you (don't) need● Most things we do require exec anyway
(ip, route, brctl, etc)● Complicated stuff is hard to implement
(avoid feature creep, e.g. IPAM)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24 ^^^^
● Physical eth0 on the machine
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework br0 mysql 10.1.1.1/24 ^^^
● Pre-existing bridge
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql 10.1.1.1/24 ^^^^^^
● Open vSwitch bridge
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp ^^^^
● DHCP
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp @10 ^^^
● VLAN
Features
● Fixed address or DHCP● Random MAC or fixed MAC● Change netmask, default route● Linux bridges, OVS bridges● IP over Infiniband● Multiple interfaces
Roadmap
Pipework:
● Will not be integrated into Docker(probably)
● Is not necessary anymore in many cases(thanks to host networking)
● Is not actively maintained(but I'll happily merge PRs)
What do?
● Use it as a big toolbox● Understand how things work● Possibly extract what you need● Contribute to Docker instead
Possible improvements
● Don't require host-side tooling anymore● Allow operation over Docker API● A small POC is available at:
https://github.com/jpetazzo/plumber/
A brighter future
● Native Docker Multi-Host Networkinghttps://github.com/docker/docker/issues/8951
● Docker Network Drivershttps://github.com/docker/docker/issues/8952
Thank you!Questions?