Chris Swan at Container.Camp: Docker networking

Post on 15-Jul-2015

528 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

transcript

copyright 2014 1

Docker networking

Chris Swan, CTO

@cpswan

Cloud native networking

copyright 2014 2

TL;DR docker0 bridge is the heart of default networking

Plus some iptables magic

Docker can help link your containers (on a single host)

But it’s easier with a compositing tool

There are advanced options

On a single host

On multi hosts

and advanced tools

copyright 2014 3

Why me?

copyright 2014 4

copyright 2014 5

The basics

copyright 2014 6

Let’s start with a regular host

eth0

10.0.1.1

copyright 2014 7

Install Docker

eth0

10.0.1.1

docker0

172.17.42.1

copyright 2014 8

Start a container

eth0

10.0.1.1

docker0

172.17.42.1

eth0

172.17.0.1

veth67ab

copyright 2014 9

Start another container

eth0

10.0.1.1

docker0

172.17.42.1

eth0

172.17.0.1

veth67ab

eth0

172.17.0.2

veth9c5d

copyright 2014 10

iptables magic

copyright 2014 11

Connecting to the outside world

$ sudo iptables -t nat -L –n

...

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

MASQUERADE all -- 172.17.0.0/16 !172.17.0.0/16

...

copyright 2014 12

Connecting from the outside world

$ sudo docker run –dp 1880:1880 cpswan/node-red

$ sudo docker ps

CONTAINER ID IMAGE COMMAND

CREATED STATUS PORTS

NAMES

7696169d9438 cpswan/node-red:latest node red.js

2 weeks ago Up 2 weeks 0.0.0.0:1880->1880/tcp

backstabbing_davinci

$ sudo iptables -t nat -L –n

...

Chain DOCKER (2 references)

target prot opt source destination

DNAT tcp -- 0.0.0.0/0 0.0.0.0/0

tcp dpt:1880 to:172.17.0.7:1880

copyright 2014 13

Container linking

copyright 2014 14

From the docker command line

From the outside:

# start the database

sudo docker run -dp 3306:3306 --name todomvcdb \

-v /data/mysql:/var/lib/mysql cpswan/todomvc.mysql

# start the app server

sudo docker run -dp 4567:4567 --name todomvcapp \

--link todomvcdb:db cpswan/todomvc.sinatra

On the inside:

dburl = 'mysql://root:pa55Word@' +

ENV['DB_PORT_3306_TCP_ADDR'] + '/todomvc'

DataMapper.setup(:default, dburl)

copyright 2014 15

Simplify life with Fig

fig.yml:

todomvcdb:

image: cpswan/todomvc.mysql

expose:

- "3306"

volumes:

- /data/mysql:/var/lib/mysql

todomvcapp:

image: cpswan/todomvc.sinatra

ports:

- "4567:4567"

links:

- todomvcdb:db

I still need this on the inside:

dburl = 'mysql://root:pa55Word@' +

ENV['DB_PORT_3306_TCP_ADDR'] + '/todomvc'

DataMapper.setup(:default, dburl)

copyright 2014 16

Other networking modes

copyright 2014 17

--net=host

eth0

10.0.1.1

docker0

172.17.42.1

eth0

172.17.0.1

veth67ab

eth0

172.17.0.2

veth9c5d

copyright 2014 18

--net=container:$container2

eth0

10.0.1.1

docker0

172.17.42.1

eth0

172.17.0.1

veth67ab

eth0

172.17.0.2

veth9c5d

copyright 2014 19

--net=none

eth0

10.0.1.1

docker0

172.17.42.1

eth0

172.17.0.1

veth67ab

eth0

172.17.0.2

veth9c5d

copyright 2014 20

Connecting containers between

machines

copyright 2014 21

Marek Goldmann did this with OVS

copyright 2014 22

A more generic approach (ODCA)

copyright 2014 23

Still want more…

copyright 2014 24

Pipework etc.

Pipework: • Create bridges

• Attach to container interfaces

• Attach to host interfaces

• and much more…

Tenus: • Golang package offering programmatic

network configuration along similar lines

to Pipework

copyright 2014

libchan

‘A low level component that we can use as a

communication layer that we can use across the board for

all the different aspects of communication within Docker’

Solomon Hykes – DockerCon 2014 (my emphasis)

What it is – Golang like channels over the network

‘A lightweight communication protocol for distributed

systems’

What it does – yet to be revealed

25

copyright 2014 26

Gotchas

copyright 2014 27

Our old enemy the network hub

eth0

10.0.1.1

docker0

172.17.42.1

eth0

172.17.0.1

veth67ab

eth0

172.17.0.2

veth9c5d

copyright 2014 28

A bit like a home network

eth0

10.0.1.1

docker0

172.17.42.1

eth0

172.17.0.1

veth67ab

eth0

172.17.0.2

veth9c5d

copyright 2014

Host as router can be painful

• VirtualBox requires specific network adaptors (in a

specific configuration) to play nicely with pipework

• Even with source/destination checks disabled pipework

won’t play nicely on EC2 • Mileage may vary on other clouds, but some don’t even have the option to flick that

bit (or make it very hard to get at)

29

copyright 2014 30

The end (nearly)

copyright 2014 31

copyright 2014 32

TL;DR docker0 bridge is the heart of default networking

Plus some iptables magic

Docker can help link your containers (on a single host)

But it’s easier with a compositing tool

There are advanced options

On single hosts

On multi hosts

and advanced tools

copyright 2014 33

Chicago, US

ContactMe@cohesiveft.com

+1 888 444 3962

Questions?

Top related

Docker 101: Introduction to Docker
Technology
Xen Containers: Better way to run Docker Containers5 Docker Containers Running • docker run/create/stop Building • docker build Packaging • docker push/pull/commit Docker –a
Documents
Introduction to Docker Containers and Microservices - …€¦ · 11/09/2016 · Chris Rosen . Senior Technical Offering Manager, IBM Bluemix Container Service . Introduction to Docker
Documents
Westlakes Automobile Club August 2015 Edition Wheelspin 201508...Chris Giddins, Steve O’Brien, Leon Swan and William Swan ... As Westlakes Automobile Club has hit a milestone, we’re
Documents
Lessons from 5 Years of Network Function Virtualization | Interop NY Presentation from Chris Swan
Technology
AppSec USA 2014 Denver, Colorado Implications & Opportunities at the Bleeding Edge of DevOps Chris Swan, CTO CohesiveFT @cpswan.
Documents
Docker on Docker
Technology
Docker presentation | Paris Docker Meetup
Technology
openQA - SUSE€¦ · Jenkins Gerrit Travis Selenium Docker Docker Docker Docker Docker Docker Docker Docker ... openQA runs tests on each Maintenance Update before being released
Documents
API Days - API Security & the Audit Paradox by Chris Swan
Technology
Docker Workshop - Orchestrating Docker Containers
Technology
11 Letter From Charles Dyer re: Deb Swan and Chris Handwritten 04/09/2013 !
Documents
Docker Docker Docker Chef
Technology
Docker: A lot changed in a year - GOTO Conferencegotocon.com/.../slides/ChrisSwan_DockerALotChangedInAYear.pdfDocker:! A lot changed in a year" Chris Swan, CTO! @cpswan! Cloud native
Documents
Docker Basics - docs.adfinis-sygroup.ch · Check your docker version docker version Check the available docker options docker Your first hello-world container docker run hello-world
Documents
Docker on Hadoop - events.static.linuxfound.org Docker Docker must be ... Hadoop artfacts must exist in Docker containers
Documents
SCIENCE ON THE SWAN 2019 · Chris Kane, WA Primary Health Alliance Winthrop Professor David Badcock, The University of Western Australia Why Sponsor Science on the Swan 2019? Contact
Documents
Docker und IBM Digital Experience in Docker Container€¦ · Docker und IBM Digital Experience in Docker Container 1. Watson Customer Engagement v What is docker ... • Docker swarm
Documents
ASP.NET 5 + Docker + Azuregotocon.com/.../slides/StuartLeeks_ASPNET5DockerAzure.pdf · 2015. 10. 7. · Azure + Docker VM image: Ubuntu with docker Docker VM Extension Docker Compose
Documents
Docker Swarm: Docker Native Clustering
Technology

Copyright © 2018 DOCUMENTS