Pipework

PipeworkThe little SDN container framework

that you should NOT use

JérômePetazzoni(@jpetazzo)

Grumpy French DevOps

- Go away or I will replace youwith a very small shell script

Runs everything in containers

- Docker-in-Docker

- VPN-in-Docker

- KVM-in-Docker

- Xorg-in-Docker

- ...

Outline

● History● Features● Roadmap

Use cases

● Performance– Linux bridge, iptables, conntrack... Ohnoes!

● Integration into existing networks– VLAN, bonding...– IP addr management

● Work at L2/L3 instead of L4– Ethernet/IP vs TCP, UDP

Modus Operandi

● Create network interfaces● Move them to containers

(while they're running)● Configure network interfaces

(from outside)● Shell script

Seriously

Shell…?

Yup.

Upsides of /bin/sh

● Easy to understand● Easy to rip out the bits you (don't) need● Most things we do require exec anyway

(ip, route, brctl, etc)● Complicated stuff is hard to implement

(avoid feature creep, e.g. IPAM)

Features

● Start a container:docker run --name db mysql

● Give it an IP address:pipework eth0 mysql 10.1.1.1/24

Features

● Start a container:docker run --name db mysql

● Give it an IP address:pipework eth0 mysql 10.1.1.1/24 ^^^^

● Physical eth0 on the machine

Features

● Start a container:docker run --name db mysql

● Give it an IP address:pipework br0 mysql 10.1.1.1/24 ^^^

● Pre-existing bridge

Features

● Start a container:docker run --name db mysql

● Give it an IP address:pipework ovsbr0 mysql 10.1.1.1/24 ^^^^^^

● Open vSwitch bridge

Features

● Start a container:docker run --name db mysql

● Give it an IP address:pipework ovsbr0 mysql dhcp ^^^^

● DHCP

Features

● Start a container:docker run --name db mysql

● Give it an IP address:pipework ovsbr0 mysql dhcp @10 ^^^

● VLAN

Features

● Fixed address or DHCP● Random MAC or fixed MAC● Change netmask, default route● Linux bridges, OVS bridges● IP over Infiniband● Multiple interfaces

Roadmap

Pipework:

● Will not be integrated into Docker(probably)

● Is not necessary anymore in many cases(thanks to host networking)

● Is not actively maintained(but I'll happily merge PRs)

What do?

● Use it as a big toolbox● Understand how things work● Possibly extract what you need● Contribute to Docker instead

Possible improvements

● Don't require host-side tooling anymore● Allow operation over Docker API● A small POC is available at:

https://github.com/jpetazzo/plumber/

A brighter future

● Native Docker Multi-Host Networkinghttps://github.com/docker/docker/issues/8951

● Docker Network Drivershttps://github.com/docker/docker/issues/8952

Thank you!Questions?