![Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara | April 2016]](https://static.fdocuments.in/doc/165x107/586e8cb51a28aba0038b8573/docker-networking-in-swarm-mesos-and-kubernetes-docker-meetup-santa-clara.jpg)
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara | April 2016]
Docker Networking
13
Docker Networking Kingston Smiler. S ([email protected])
-
Upload
kingston-smiler -
Category
Technology
-
view
436 -
download
1
Transcript of Docker Networking
Agenda
Introduction and Key Concepts
Docker Communication requirement
Different methods of Docker networking
Sample Setup
Limitation of current Docker Networking
Docker Networking - Introduction
Concept Description
Network Namespace Provide a way of having separate network stack for each instance of a container.
Docker0 Bridge Default bridge created by docker to provide communication across docker containers and external world including the host.
Port Mapping Mechanism to map a port in the host machine with the Docker container’s networking stack.
Veth Pair Veth is a special, logical, virtual interface which is similar to a link / pipe. It has two ends which are logical interfaces and provide connectivity across two different network elements.
Different Communication Requirement
Container – Container
Communication
Container to Host Communication
Container to External world
communication.
Container - Container
communication across containers
running in different host.
Cont 1 Cont 2 Cont 3
Docker0/OVS Port Map
Host1etho
Different Methods of Docker Networking
Docker Bridging
Host Port Binding to Docker
Docker network using host network stack (--net=host)
Docker communication using –net=container
Docker Container linking using –link option
Docker Networking Using OVS (Advanced)
Docker Bridging
Docker0 bridge
Virtual bridge similar to linux
bridge
Created in the host machine
during the creation of Docker
container.
Veth Pair
Will be created during the
creation of Docker container.
One end of the veth pair is
attached to the eth0 interface
of Docker container
Another end is attached to the
docker0 bridge with interface
name starts with vethc3cd.
Host Port Binding To Docker Container
In this method, a port in the host machine will be bound to a port
in Docker.
Simple way of running a service in Docker container and exposing
the service to external world.
Example case is, running a webserver in the docker container and
forwarding all the web traffic which is coming to the HTTP port in
host machine to Docker container.
-p IP:host_port:container_port option does it.
/usr/bin/docker run -d --name port_forward -p 80:80 ubuntu_apache
/usr/sbin/apache2ctl -D FOREGROUND
This operation is similar to NAT.
Two or more container won’t be able to provide the same service
on same host port.
Docker Network Using Host Network Stack
Docker container can use the host machines networking stack
instead of having a separate network stack.
One way of making containers talk to external world.
--net=host option does it
/usr/bin/docker run -d --name h1 --net=host ubuntu_ftp vsftpd
If two containers in the host system prefers to use this
mechanism then, port collision across the container happens.
Docker Communication Using Other Docker’s Network Stack
Simple way of making containers talk to each other.
Uses other Docker’s networking stack instead of having a
separate network stack.
Similar to –net=host option. But here instead of using the host
machines network stack, it uses some other Docker’s network
stack.
The two containers can talk to each other by using loopback
interface.
--net=host option does it
/usr/bin/docker run -d --name cont_net1 --net=container:b1 ubuntu /bin/sh -c "while
true; do echo Hello World; sleep 1; done"
Docker Communication Using Link
Provides a mechanism for Docker container to transfer
information from one container to another securely.
No ports are explicitly exposed to the destination container by
source.
Unidirectional Conduit / Pipe between source and destination
container.
Information about the service which is running in the source
container will be exposed to the destination.
Simple way of providing service chaining in docker environment.
making containers talk to each other.
docker run -d -P --name link_dest --link port_forward:link1 ubuntu /bin/sh -c "while true;
do echo Hello World; sleep 1; done"
Requirement Vs Communication Methods Container – Container Communication
Docker0 bridge (Cont1 – Cont2 via Docker0)
Container networking using –net=container option
(Cont4 – Cont5)
UDS / pipe (Cont1 – Cont2)
Container linking using –link option
OVS (Cont1 – Cont2 via OVS)
Container to Host Communication
Host networking using –net=host option (Cont6)
Docker0 bridge (Cont1, Cont2, Cont4)
Container to External world communication.
Port Mapping (Cont 3)
Host networking using –net=host option (Cont 6)
Container - Container communication across
containers running in different host.
OVS
Cont 4 Cont 5
Cont 6
Docker0/OVS Host Network
Host 2
Cont 1 Cont 2 Cont 3
Docker0/OVS Port Map
Host1
Veth Pair
UDS / Pipe
GRE / VXLAN Tunnel
Port Map
--net=host option
--net = container option
Eth 1
Eth 1
Sample Setup
b1
Host Network Stack
Host VM Machine
b2Linkdest
h1Port
forward
Contnet1
enp0s3 enp0s8
Docker0/OVS
Thank [email protected]
![Docker Networking with Container Orchestration Engines [Docker Meetup Santa Clara | April 2016]](https://static.fdocuments.in/doc/165x107/589d91871a28abfb088b738d/docker-networking-with-container-orchestration-engines-docker-meetup-santa.jpg)
