NYC Docker Meetup: Contiv networking on Docker
-
Upload
sanjeev-rampal -
Category
Technology
-
view
89 -
download
1
Transcript of NYC Docker Meetup: Contiv networking on Docker
Contiv Networking on DockerNYC Docker Meetup
Principal Engineer, Cisco
@sr2357
Sanjeev Rampal
100% Open SourceThe Most Powerful Container Networking Fabric
L2, L3, Overlay or ACIRich Policy Model
DevOps IT Admin
Any NetworkingAny Platform
Any Infrastructure
Application Intent
Rich Policy
Connectivity
ACI integration
Container,VM,BM
LDAP/RBAC
What is Contiv
Contiv Architecture
- Stateless: useful in node failure/restart, upgrade- Implements cluster wide network and policy- Manages Global Resources: IPAM, VLAN/VXLAN Pools
- Container Networking for:. Docker Swarm, Kubernetes
- Multiple networking modes – L2(VLAN), Overlay (VXLAN), L3(BGP), ACI
- Tools to manipulate Contiv objects
Container Host
OVS
TasksC1
Contiv netmaster (HA)
Container Host
OVS
TasksC2
CLI (netctl)/UI
Contiv netplugin
Contiv netplugin
Auth Proxy (HA)
- Authentication, RBAC
Application Groups and Security Policies
Web Group
App Group
DB Group
Micro Service
IsolatedNetwork
Allow grouping of
containers/pods
1- Protocol/Port Specific Rules- From specific group/tier- Directional: inbound vs. outbound- Typical sequence of REST API Calls$ netctl policy create -t TestTenant policyAB
$ netctl policy rule-add -t TestTenant …
$ netctl group create -t TestTenant -p policyAB TestNetepgB
Specify Policies
between groups or
from outside the network
2
Demo