Docker Networking


THE BASICS

By scmGalaxy.com

About Me

DevOps@RajeshKumar.XYZ

Docker Networking


Course Introduction
2docker

Docker For Sysadmins Linux Windows VMware

3docker
3docker1

Related Course

To get you up and runing...

Docker and containers:the big picture

  • Course Intro
  • What are Containers
  • What is Docker
  • Preparing to Thrive in a Container World
  • What Kind of Work Will Containers Do?
  • Are Docker and Containers Ready for Production...
Getting Started with dockes
  • Course Intro
  • Insttaling Docker
  • Working with Containers
  • Swarm Mode and Microservices.
5docker

agenda

6docker
7docker
8docker

Big Picture Roadmaps


9docker
10docker
11docker

coming up ...

The CMN and Libnetwork

the three pillars of docker networking
12docker
13docker

cnm Vs cni

Container network model AKA Container network interface
Docker Speciality Kubernetes
Docker,Inc. Origin CoreOS,Inc.
14docker

cnm

Sandbox

A.k.a. namespace Isolated area of OS Contains full network stack

Endpoint

Network interface. E.g. ethO

Network

Connected endpoints

20docker

CNM →Libnetwork →drivers

CNM →

22docker

CNM →

22docker

Libnetwork

Central place for all Docker networking logic. API. UX etc...

htt ps://github.com/docker/libnetwork

X-platform Pluggable

Written in Go/Golang Real-world implementation of CNM by Docker. Inc.A

drivers

Network-Specific Detail

  • Overlay
  • MACVLAN
  • IPVLAN
  • Bridge

CNM →Libnetwork →drivers

Design/DNA Control Plane & Management Plane Data P/ane

CNM →

22docker

Libnetwork →

Central place for all Docker networking logic. API. UX etc...

htt ps://github.com/docker/libnetwork

X-platform Pluggable

Written in Go/Golang Real-world implementation of CNM by Docker. Inc.A

drivers

Network-Specific Detail

  • Overlay
  • MACVLAN
  • IPVLAN
  • Bridge

"Local" = native

"Remote" =3rd party

24docker
25docker

CNM

Master plan/grand design

Libnetwork

De facto implementation of the CNM

drivers

Network-specific detail

26docker

Coming up...

The hands-on stuff!!!!!

use cases and drivers


28docker

agenda

29docker

single-host networking

With the bridge driver(Linux)

~nat driver (Windows)

30docker

single-host

31docker

single-host

32docker

single-host

33docker

single-host

34docker

coming up...

Multi-host overlay networking

Multi-host networking

With the Docker overlay driver

multi-host overlay

35docker
36docker
37docker
38docker
39docker

coming up...

Joining existing networks with the MACVLAN driver

participating in existing networks

With the Linux MACVLAN driver

Similar(ish) to "I2bridge" on windows

Linux MACVLAN

  • Every container gets its own IP
  • Every container getS its own MAC

windows i2bridge

  • Every container gets its own IP
  • All containers share a common MAC
40docker
41docker

coming up...

42docker
43docker
44docker
45docker

demo...

46docker

coming up...

Joining existing networks with the IPVLAN driver

participating in existing networks

Similar to Linux MACVLAN

  • But doesn't give containers their own MAC address.

  • With the Linux IPVLAN driver

  • Similar to windows I2bridge

  • More cloud friendly than MACVLAN(YMMV)

  • Special considerations when working DHCP

  • Containers cannot ping their host

demo...

47docker
48docker
49docker
50docker
51docker

ipvlan : quick summary

Similar to MACVLAN,but ...

Doesn't require promiscuous mode

Doesn't give every container a MAC

Might be a issue with some cloud platforms

Needs hints about the underlay

Get your IPAM right!

Newer than overlay,bridge,MACVLAN...

coming up...

Network Services!

Network Services


53docker

agenda

Service Discovery

Port-based Routing with the Routing Mesh

App-aware Routing with the HTTP Routing Mesh

Service Discovery

modern apps

Made up of multiple smaller Services

  • Sometimes loads!!

modern apps

Made up of multiple smaller Services

  • Sometimes loads!!

"Microservices"

54docker

modern apps

Made up of multiple smaller Services

  • Sometimes loads!!

"Microservices"

Service Discovery is massively important

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias
56docker

Made up of multiple smaller Services

  • Sometimes loads!!

"Microservices"

Service Discovery is massively important

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias
56docker

DNS Service Discovery in Docker

Made up of multiple smaller Services

  • Sometimes loads!!

"Microservices"

Service Discovery is massively important

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

DNS Service Discovery in Docker

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

Every container gets a small DNS resolver

  • Listen on 127.00.11.53
  • Forwards requests to DNS server on Docker host
  • Network-scoped

57docker

Network-scoped Discovery

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

Every container gets a small DNS resolver

  • Listen on 127.00.11.53
  • Forwards requests to DNS server on Docker host
  • Network-scoped

58docker

Network-scoped Discovery

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

Every container gets a small DNS resolver

  • Listen on 127.00.11.53
  • Forwards requests to DNS server on Docker host
  • Network-scoped

59docker

vip-best load balancing

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

Every container gets a small DNS resolver

  • Listen on 127.00.11.53
  • Forwards requests to DNS server on Docker host
  • Network-scoped

60docker

vip-besed load balancing

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

Every container gets a small DNS resolver

  • Listen on 127.00.11.53
  • Forwards requests to DNS server on Docker host
  • Network-scoped

61docker

vip-besed load balancing

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

Every container gets a small DNS resolver

  • Listen on 127.00.11.53
  • Forwards requests to DNS server on Docker host
  • Network-scoped

62docker

vip-besed load balancing

Service Discovery is automatic in Docker

  • For services
  • For containers created with -- name or -- alias

Every container gets a small DNS resolver

  • Listen on 127.00.11.53
  • Forwards requests to DNS server on Docker host
  • Network-scoped

63docker

coming up...

Transport Layer(L4)Routing Mesh

Routing and load balance incoming connection with the Routing Mesh

(Transport Layer/Layer4)

service

64docker

service:web

Create a Swarm

$ docker swarm init...

Creates a swarm-wide overlay called ingress

Creates a service

$ docker service create...

Publish it on a port(swarm-wide)

incoming requests:
  • Can hit any node
  • Will resolve to the service VIP
  • VIP-based load balancing will balance across all tasks in service
65docker
66docker

http Routing mesh(hrm)

Routing and load balance incoming connections with the Builds on top of port-based/L4 Routing mesh

  • Allows multiple services on the same port
  • Operates at the application layer(L7)

Very new at the time of recording(Application Layer/L7)

Requires Docker Datacenter*

Enable HRM - Port 80

67docker

Enable HRM- Port 80

68docker
69docker

Congrats!

Summary

70docker1
70docker

questions?

questions

THANKS!!!