Titus AWS VPC networking for containers
-
Upload
andrew-leung -
Category
Technology
-
view
52 -
download
3
Transcript of Titus AWS VPC networking for containers
![Page 1: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/1.jpg)
●○○
●○○○
1
![Page 2: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/2.jpg)
●●
○○
●○
●○
2
![Page 3: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/3.jpg)
●○○○○
●●
○■
3
![Page 4: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/4.jpg)
●
○●
○○
■■
4
![Page 5: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/5.jpg)
●○○
●○
■○○
5
![Page 6: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/6.jpg)
●●●●●
○●
6
![Page 7: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/7.jpg)
7
Titusmesos
executor
Titus network driver
Docker engine
EC2 Instance
In: Network params
Out: Network pod rootNew task
Container create/start--net=container:<pod id>
Task Status
create/start pod container
![Page 8: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/8.jpg)
●○
●
○●
○○
●8
![Page 9: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/9.jpg)
9
Create
NS Configurator
IP Allocator
NS AllocatorHttp
IP + params
NS ref
Configured network ns (pod root)
params
Container id
![Page 10: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/10.jpg)
●●●●●
○●●
○10
![Page 11: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/11.jpg)
EC2 Instance eth1
ENI1SecGrp=A
eth2
ENI2SecGrp=X
eth3
ENI3SecGrp=Y,Z
IP 2 (primary)IP 3
IP 6 (primary)IP 1 (primary)
IP 4IP 5
IP 7IP 8
![Page 12: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/12.jpg)
12
![Page 13: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/13.jpg)
●○
●●
○●●
○
13
![Page 14: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/14.jpg)
●○
●●●
○
○●
14
![Page 15: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/15.jpg)
●○
●○
●○
15
![Page 16: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/16.jpg)
●○
●●
○●
○●
16
![Page 17: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/17.jpg)
No IP, SecGrp A
Task 0
SecGrp Y,Z
Task 1 Task 2 Task 3
Titus EC2 Host VMeth1
ENI1SecGrp=A
eth2
ENI2SecGrp=X
eth3
ENI3SecGrp=Y,Z
IP 1IP 2
IP 3
pod root
veth<id>
app
SecGrp X
pod root
veth<id>
app
SecGrp X
pod root
veth<id>
appapp
veth<id>
Linux Policy BasedRouting + Traffic Control
TitusEC2
Metadata Proxy
169.254.169.254IPTables NAT (*)
* **
169.254.169.254Non-routable IP
*
![Page 18: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/18.jpg)
●○○
●
18
![Page 19: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/19.jpg)
●● <IP>/32
○ via eth0
●
●
19
![Page 20: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/20.jpg)
● Container IP: 100.66.23.19● Container Device: vethA
● Eni IP: 100.66.30.31/20● Eni GW: 100.66.16.1● Eni Device: eth1● Routing tables:
○ tocontainer, fromcontainer
20
![Page 21: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/21.jpg)
# ip addr show eth0
eth0: … mtu 1500 qdisc tbf state UP group default
inet 100.66.23.19/32 ...
# ip route show
default via 100.66.30.31 dev eth0
100.66.30.31 dev eth0 scope link
21
![Page 22: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/22.jpg)
# ip route show | grep eth1
100.66.16.0/20 dev eth1 proto kernel scope link src 100.66.30.31
# ip rule show | grep 100.66.23.19
from all to 100.66.23.19 iif eth1 lookup tocontainer
from 100.66.23.19 iif vethA lookup fromcontainer
# ip route show table tocontainer | grep 100.66.23.19
100.66.23.19 dev vethA scope link
# ip route show table fromcontainer
default via 100.66.16.1 dev eth1
22
![Page 23: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/23.jpg)
●●●●
23
![Page 24: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/24.jpg)
●●
○●
○
●
24
![Page 25: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/25.jpg)
●○○
○○○
●○
25
![Page 26: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/26.jpg)
26
![Page 27: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/27.jpg)
27
![Page 28: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/28.jpg)
28
![Page 29: Titus AWS VPC networking for containers](https://reader034.fdocuments.us/reader034/viewer/2022042605/58f2c8f61a28abd3248b459b/html5/thumbnails/29.jpg)
●●●
○●
○○
29