Highly available Docker networking with BGP
OpenDNS
• Internet security company• 70+ billion queries• 25 data centers around the world
Good problems to have, but...
Put it all in a container!• Deployments are easier
• Keeps things tidier, but...
Hardware
• Lots of hardware
• Just not fast enough
The cloud
• What about AWS?
• Direct connect
Not all that easy
• IP addresses for all
• Our own IP space
• Many containers per host
• $$$
• Sending traffic to/from AWS
Challenges
• Establish GRE tunnel
• Encapsulate
• Remove GRE headers
Generic Routing Encapsulation
Challenge
• Containers come and go• Need to provide redundancy
Dynamic routing with BGP
• Routers decide
• Adapts to changes
• BGP
Border Gateway Protocol
• Exterior routing protocol for exchanging routing information between networks
“The protocol that makes the Internet work”
Overlay network
• Benefits• Use our own IPs inside AWS• Redundancy• Routing adapts to changes in our hosts
AWS VPC
OpenDNS Data CentreOpenDNS Router
AWS Direct Connect
GRE
iBGP
DOCKER HOSTDOCKER HOST DOCKER HOST DOCKER HOST
Highly available?
AWS VPC
OpenDNS Data CentreOpenDNS Router
AWS Direct Connect
GRE
iBGP
DOCKER HOSTDOCKER HOST DOCKER HOST DOCKER HOST
Challenge
• High availability
Anycast
Transit provider146.112.63.0/24
146.112.63.0/24146.112.63.0/24
146.112.63.0/24
Anycast
Transit provider146.112.63.0/24
146.112.63.0/24
Anycast
• Benefits• High availability• Geo routing
Thank you
alrex@opendns.com
@ianchici
More info about protocols GRE - http://juni.pr/1HW01M6 BGP & Anycast - http://bit.ly/1K5Q3GX