DOCKER NETWORKING

VN NH PHC
TRN HU CNG
NGUYN VN THNG

DOCKERDAY VIET NAM -

HN - 7/17/2015
2015
Networking Breakout
Madhu Venugopal
Jana Radhakrishnan
AGENDA

Introduction
Networking Deep Dive (version 1.7)
Networking Deep Dive (Experimental)
Ecosystem
Q&A

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

INTRODUCTION

DOCKERDAY VIET NAM - HN - 7/17/2015

2015
 WHAT IS DOCKER ?

Docker containers wrap up a

piece of software in a complete
filesystem that contains
everything it needs to run: code,
runtime, system tools, system
libraries anything you can
install on a server

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

 WHY IS NETWORKING IMPORTANT ?

Communication between containers and the wider world

Communication between containers in single host and

multi hosts

Container attached to multi networks

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015
LIBNETWORK

Open Sourced in April

Over 200 Pull Requests

Over 200 GitHub Stars

Windows and FreeBSD ports in progress

 LIBNETWORK
Project Pages define the goals of each Platform Version Release and
identify current progress
https://github.com/docker/libnetwork/wiki

Project Page Target Date Current Sprint Platform Version

libnetwork 0.5 10/06/2015 Docker 1.9.0

libnetwork 0.4 08/04/2015 Sprint 20 Docker 1.8.0

libnetwork 0.3 06/18/2015 Docker 1.7.0

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

NETWORKING DEEP DIVE (VERSION 1.7)

DOCKERDAY VIET NAM - HN - 7/17/2015

2015
 DOCKER0 BRIDGE

Be a default bridge in Docker Hosts

Randomly chooses an address and
subnet from the private range
defined by RFC 1918
Automatically forwards packets
between any other network
interfaces that are attached to it

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

 VIRTUAL ETHERNET INTERFACES

a pair of peer interfaces that are like opposite ends of a pipe a packet sent on one will
be received on the other
It gives one of the peers to the container to become its eth0 interface and keeps the other
peer, with a unique name like veth37c1271

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

 BINDING CONTAINER PORTS TO THE HOST

docker run: --expose <port>

-P or --publish-all=true|fals
-p SPEC or --publish=SPEC and or
-p IP:host_port:container_port
EXPOSE line in the images
-p IP::port Dockerfile
--ip=IP_ADDRESS

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

 LINKING CONTAINERS TOGETHER

Docker Host

db wp01
/etc/host
WORDPRESS_DB_
Wpuser NAME=wpdb

Wpdb
WORDPRESS_DB_
wppwd USER=wpuser
docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 WORDPRESS_DB_P
ASSWORD=wppw
-e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser -e d

MYSQL_PASSWORD=wppwd mysql
3306/tcp Mysql: 80/tcp
docker run --name wp01 --link db:mysql -d -e // eth0
eth0
WORDPRESS_DB_NAME=wpdb -e WORDPRESS_DB_USER=wpuser
-e WORDPRESS_DB_PASSWORD=wppwd -p 8080:80 wordpress Iptables 8080/tcp
eth0

HN - 7/17/2015
DOCKERDAY VIET NAM - 2015
 HOW DOCKER NETWORKS A CONTAINER ?

docker run --name db -d -e MYSQL_ROOT_PASSWORD=Memzoh78 -e MYSQL_DATABASE=wpdb -e MYSQL_USER=wpuser

-e MYSQL_PASSWORD=wppwd mysql

Docker Host

option to docker run :

db
--net=bridge (default)
Wpuser
--net=host
Wpdb

wppwd docker0

3306/tcp
--net=container:NAME_or_ID
eth0 Veth***
--net=none
L0

L0 eth0

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

 EDITING NETWORKING CONFIG FILES

with Docker v.1.2.0, you can now edit /etc/hosts, /etc/hostname and /etc/resolve.conf in a
running container
changes to these files will not be saved by docker commit nor will they be saved during
docker run
wont be saved in the image, nor will they persist when a container is restarted

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

 ADVANCED NETWORKING TOOLS (THIRD PARTIES)

Pipework (Jrme Petazzoni)

https://github.com/jpetazzo/pipework
Foundations of Python Network Programming (Brandon Rhodes)
https://github.com/brandon-rhodes/fopnp/tree/m/playground
WEAVE
https://github.com/weaveworks/weave

DOCKERDAY VIET NAM - 2015 HN - 7/17/2015

NETWORKING DEEP DIVE (EXPERIMENTAL)

DOCKERDAY VIET NAM - HN - 7/17/2015

2015
Why is Networking important?

Traditional Networking is incredibly vast and complex

Networking is an inherent part of distributed applications

Make it developer-friendly & application driven.

We'll do for Networking,
What Docker did for
Compute.
Goals

Make network & service as top-level objects

Provide a pluggable networking stack

Span networks across multiple hosts

Support multiple platforms

Whats New?

Updated Networking Stack in Docker

Create Networks using the Docker CLI

Multi-host Networking

Services UI

blue = experimental
What is Libnetwork

Library for creating and managing network stacks for containers

Test daemon/client called "dnet"

Driver-based networking

Implements the Container Network Model

Container Network Model
(CNM)
Endpoint

Network

Sandbox
 Defer to
Driver

Create
Network

Defer to
Driver

Create
Container
Libnetwork API

libnetwork.New

controller.ConfigureNetworkDriver

controller.NewNetwork

network.CreateEndpoint

endpoint.Join
RESTful API

Provides CRUD for Networks and Endpoints

/network
/network/<network_id>/endpoints
/network/<network_id>/endpoints/<endpoint_id>
/network/<network_id>/endpoints/<endpoint_id>/containers
/services
/services/<service_id>
/services/<service_id>/backends
Drivers

Drivers implement the Driver API

They provide the specifics of how a network and endpoint are

implemented
Bridge Driver

Creates a Linux Bridge for each network

Creates a veth pair for each endpoint

One end is attached to the bridge
The other appears as eth0 inside the containers

iptables rules created for NAT

Overlay Driver

Creates a separate network namespace for every network

Facilitates overlapping IP address space across networks

Creates a Linux Bridge and VXLAN tunnels to every other discovered

host

Creates a veth pair for each endpoint

One end is attached to the bridge
The other appears as eth0 inside the container

Network namespace connected to host network using NAT

Facilitates exiting the overlay network at every host(for external connectivity)
Network Plugins

Implemented using libnetwork's remote driver

Uses JSON-RPC transport

Can be written in any language

Can be deployed as a container

Networking Ecosystem
One size never fits all.
R. Callon, RFC 1925 - The Twelve Networking Truths
Call to Action!

Try the Docker Experimental Channel!

https://experimental.docker.com

Contribute to libnetwork
Raise an Issue or Submit a Pull Request

Chat with us on IRC

#docker-network on Freenode

Stop by at the booth for a demo

Q&A
Thanks you
Docker H Ni: http://www.meetup.com/Docker-HaNoi
Vn nh Phc phucvd.ce@gmail.com
Trn Hu Cng
Nguyn Vn Thng