Pipework: Software-Defined Network for Containers and Docker
25
Pipework
-
Upload
jerome-petazzoni -
Category
Technology
-
view
2.188 -
download
0
description
Pipework lets you connect together containers in arbitrarily complex scenarios. Pipework uses cgroups and namespaces and works with "plain" LXC containers (created with lxc-start), and with the awesome Docker. It's nothing less than Software-Defined Networking for Linux Containers! This is a short presentation about Pipework, given at the Docker Networking meet-up November 6th in Mountain View. More information: - https://github.com/jpetazzo/pipework - http://www.meetup.com/Docker-Networking/
Transcript of Pipework: Software-Defined Network for Containers and Docker
Pipework
PipeworkThe little SDN container framework
that you should NOT use
JérômePetazzoni(@jpetazzo)
Grumpy French DevOps
- Go away or I will replace youwith a very small shell script
Runs everything in containers
- Docker-in-Docker
- VPN-in-Docker
- KVM-in-Docker
- Xorg-in-Docker
- ...
Outline
● History● Features● Roadmap
Use cases
● Performance– Linux bridge, iptables, conntrack... Ohnoes!
● Integration into existing networks– VLAN, bonding...– IP addr management
● Work at L2/L3 instead of L4– Ethernet/IP vs TCP, UDP
Modus Operandi
● Create network interfaces● Move them to containers
(while they're running)● Configure network interfaces
(from outside)● Shell script
Seriously
Shell…?
Yup.
Upsides of /bin/sh
● Easy to understand● Easy to rip out the bits you (don't) need● Most things we do require exec anyway
(ip, route, brctl, etc)● Complicated stuff is hard to implement
(avoid feature creep, e.g. IPAM)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24 ^^^^
● Physical eth0 on the machine
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework br0 mysql 10.1.1.1/24 ^^^
● Pre-existing bridge
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql 10.1.1.1/24 ^^^^^^
● Open vSwitch bridge
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp ^^^^
● DHCP
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp @10 ^^^
● VLAN
Features
● Fixed address or DHCP● Random MAC or fixed MAC● Change netmask, default route● Linux bridges, OVS bridges● IP over Infiniband● Multiple interfaces
Roadmap
Pipework:
● Will not be integrated into Docker(probably)
● Is not necessary anymore in many cases(thanks to host networking)
● Is not actively maintained(but I'll happily merge PRs)
What do?
● Use it as a big toolbox● Understand how things work● Possibly extract what you need● Contribute to Docker instead
Possible improvements
● Don't require host-side tooling anymore● Allow operation over Docker API● A small POC is available at:
https://github.com/jpetazzo/plumber/
A brighter future
● Native Docker Multi-Host Networkinghttps://github.com/docker/docker/issues/8951
● Docker Network Drivershttps://github.com/docker/docker/issues/8952
Thank you!Questions?
