Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo...
Transcript of Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo...
![Page 1: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/1.jpg)
Demystifying Docker Networking
Practical guide to black magic
Lorenzo Fontana
March 16, 2017
![Page 2: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/2.jpg)
About Me
Lorenzo Fontana
DevOps Expert @Kiratech
Docker Maintainer
http://fntlnz.wtf
https://github.com/fntlnz
https://twitter.com/fntlnz
1
![Page 3: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/3.jpg)
Container Network Model
![Page 4: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/4.jpg)
CNM: Container Network Model
• Sandbox
• Endpoint
• Network
2
![Page 5: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/5.jpg)
CNM: Container Network Model (cont’d)
3
![Page 6: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/6.jpg)
Libnetwork is the Native implementation of CNM
github.com/docker/libnetwork
4
![Page 7: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/7.jpg)
Network Drivers 101
![Page 8: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/8.jpg)
Null
# docker run -it --network=none alpine sh
5
![Page 9: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/9.jpg)
Default Bridge (docker0)
# docker run -it alpine sh
6
![Page 10: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/10.jpg)
Custom Bridge (mybridge)
# docker network create -d bridge \
-o com.docker.network.bridge.name=mybridge \
mybridge
# docker run -it --net mybridge alpine sh
7
![Page 11: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/11.jpg)
Custom Bridge Network IPAM underlay (myunderbr)
# docker network create -d bridge --subnet
=192.168.10.0/24 --gateway =192.168.10.254 \
--aux -address DefaultGatewayIPv4 =192.168.10.1 -o
com.docker.network.bridge.name=myunderbr
myunderbr
# brctl addif myunderbr enp5s0
# docker run -it --net myunderbr alpine sh
# docker run -it --net myunderbr --ip 192.168.10.90
nginx :1.9
# ip a del 192.168.10.254/24 dev myunderbr 8
![Page 12: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/12.jpg)
Macvlan & IPvlan
9
![Page 13: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/13.jpg)
Macvlan modes: Bridged
Bridged (default): switches packets inside the host
10
![Page 14: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/14.jpg)
Macvlan modes: Private
Private blocks traffic between two MACVLAN interfaces on the same host
11
![Page 15: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/15.jpg)
Macvlan modes: VEPA (Virtual Ethernet Port Aggregator)
VEPA requires a downstream switch that supports VEPA 802.1bg that
will hairpin traffic back to the host if the if the destination is on the same
host
12
![Page 16: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/16.jpg)
Macvlan modes: Passthru
Passthru is similar to private but relies on an external switch not to
hairpin the traffic back to the originating host
13
![Page 17: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/17.jpg)
Overlay network (myoverlay)
# docker network create -d overlay myoverlay
# docker service create --network myoverlay nginx
14
![Page 18: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/18.jpg)
Overlay network (cont’d)
15
![Page 19: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/19.jpg)
IPVS
![Page 20: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/20.jpg)
16
![Page 21: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/21.jpg)
Questions?
16
![Page 23: Demystifying Docker Networking - fntlnz.wtf Docker Networking Practical guide to black magic Lorenzo Fontana March 16, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022515/5afdcd887f8b9a256b8c29c9/html5/thumbnails/23.jpg)
Thanks for listening!
And thanks to all the organizers!
16