Presentation is loading. Please wait.

Presentation is loading. Please wait.

Containers: The new network endpoint

Published byDarleen Bradley Modified over 6 years ago

Similar presentations

Presentation on theme: "Containers: The new network endpoint"— Presentation transcript:

1 Containers: The new network endpoint

2 Agenda Me talking about non-technical things
How we got here Me talking about technical things Definitions Mechanics Docker built in options Third Party plugins Flannel Weave Net Looking forward Questions

3 The new endpoint Networking is a challenge A new paradigm
Physical -> VM -> Container Similarities IP endpoint Differences (challenges) Size (scale) Microservice architecture Ephemeral (dynamic in nature) Sound familiar? Another iteration of problems we’ve already solved (or at least tried to solve…)

4 How we got here Layers aren’t autonomous
Building blocks more so than transition Each block has different network models and attributes… Physical host Physical Network Virtual Machine Virtualization host Container Guest OS Different space Closer to the app Blurring lines of ownership

5 To summarize… Fundamentals New things rely on old things
Existing infra? Cross discipline collaboration? New things rely on old things Know your options

6 Disclaimer Docker is the Kleenex of containers
First to really put it all together We’ll focus just on the network with Docker Not the only container runtime software out there Rocket (rkt) maintained by CoreOS Networking is largely the same implementation It might come up, but orchestration is a huge topic on its own

7 Defining a container From Docker…
A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. What is a container from a network perspective? An IP endpoint A network namespace

8 What is a network namespace?
Goal – limit (scope) what you can see Pretty close to a VRF – but not a VRF Full isolation of the network stack Each namespace has it’s own routes, IPs, sockets, conntrack, netfilter rules, etc. There is a default/root namespace Each interface can live in only one namespace

9 The problem

10 The solution VETH Pairs The patch cable of Linux networking
Always come in pairs Either end can be… L2 (attached to a bridge) L3 (assigned an IP address) Can bridge namespaces

11 The solution

12 In real life

13 Running a container

14 Result on the host

15 Result on the container

16 Proving it

17 Great, now what? Without routing this doesn’t help us Problems
Container talking to external network Accessing service in container from external network

18 Container -> External
-A POSTROUTING -s /16 ! -o docker0 -j MASQUERADE

19 External -> Container
Non-default Relies of port mapping at the host Exposed vs published ports Publishing Exposed ports Publish them with ‘-P’ flag Example: docker run -d -P --name web1 jonlangemak/web1_80 Manual port mapping Use the ‘-p’ flag docker run -d -p 8080:80 --name web1 jonlangemak/web1_80

20 Access service in container
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A DOCKER ! -i docker0 -p tcp -m tcp --dport j DNAT --to-destination :80

21 Bridge mode All the functionality we’ve seen so far The default
All containers attached to same bridge All use the docker0 bridge as gateway All containers can talk by default ICC mode

22 Other default (built-in) options
Host mode Mapped container mode None mode Don’t recreate the wheel Native routing

23 Docker network Added in version 1.12 Create/Delete Connect/Disconnect
User defined networks Bridge Overlay (multi-host) Portability MacVLAN VLAN tagging Configuration state replay

24 Flannel Widely used overlay solution
Supports multiple different back ends Overlay Host-GW Others ETCD backed solution Prerequisites

25 Interaction and setup Methods for interacting with Docker Background

26 Weave Net Simple install, container based Acts as a shim layer
Overlay is additive DNS for containers No external key store Subnet based segmentation and encryption

27 Interaction and setup Methods for interacting with Docker CLI shim
Network plugin API proxy

28 Looking forward Learn more about Linux (networking) Get involved
Community App teams Don’t worry New skillset

29

Download ppt "Containers: The new network endpoint"

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore

Performance Evaluation of Open Virtual Routers M.Siraj Rathore
1 A Real Problem  What if you wanted to run a program that needs more memory than you have?

1 A Real Problem  What if you wanted to run a program that needs more memory than you have?
LAN Switch configuration Telecom II May 2, 2007 TEL 202 Prof. Scott Stimpson Scott Robinson Concetta Sardzinski Jim Donovan.

LAN Switch configuration Telecom II May 2, 2007 TEL 202 Prof. Scott Stimpson Scott Robinson Concetta Sardzinski Jim Donovan.
OpenContrail Quickstart

OpenContrail Quickstart
Networking in VMware Workstation 8

Networking in VMware Workstation 8
Virtual Company Group 8 Presentation Date: June /04/2017

Virtual Company Group 8 Presentation Date: June /04/2017
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
07/11/2012 www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10.ppt L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: 90 366364 voice.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
Windows Azure Conference 2014 Running Docker on Windows Azure.

Windows Azure Conference 2014 Running Docker on Windows Azure.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Presented by: Sanketh Beerabbi University of Central Florida COP6087 - Cloud Computing.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.

Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
Full and Para Virtualization

Full and Para Virtualization
1 Extreme Networking at Home Jari Arkko, Ericsson.

1 Extreme Networking at Home Jari Arkko, Ericsson.
ETICS An Environment for Distributed Software Development in Aerospace Applications SpaceTransfer09 Hannover Messe, 20.-24. April 2009.

ETICS An Environment for Distributed Software Development in Aerospace Applications SpaceTransfer09 Hannover Messe, April 2009.
LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.

LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.
Www.opendaylight.org Atrium Router Project Proposal Subhas Mondal, Manoj Nair, Subhash Singh.

Atrium Router Project Proposal Subhas Mondal, Manoj Nair, Subhash Singh.
Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Similar presentations

Ads by Google