docker networking - boulder linux users group (blug)

Docker Networking ADITYA GAWADE

Docker BasicsMANAGING IMAGES AND CONTAINERS

What's Docker?

Containerization platform  Provides leaner / application specific virtual machines. Uses existing kernel features such as namespaces and cgroups Open source and available on Linux distributions. Applications are installed on containers packaged, shipped and deployed This eliminates low level dependencies. 

How Docker Works?

Host

Client

Registry

Docker-clientDocker runDocker ps

C1

C2

C3

Docker daemon

NETWORK

Docker basic commands 

Docker run – Run a container Docker attach – attach to a running container  Docker info – identify docker version and configuration details Docker ps – Show currently running containers.  Docker images  - list images cached locally. Docker <command> --help – show command options  

Docker Single Host NetworkingNETWORK ON A SINGLE DOCKER HOST

Docker Bridge Docker provides a default bridge "docker0" By default, all containers are connected to "docker0" Bridge connects all containers on a single host  Docker network ls – to view existing networks

User defined Networks (Bridge)

Docker network create – to create a new network/driver Docker run –itd –name=container1 –network=<custom bridge name>

<image> Eg:           docker network create –driver bridge isolated_nw

Option to create a network

Create custom driver

Custom network name

Multi-host Networking (Overlay) DEPLOYING A NETWORK ACROSS HOSTS

Different Methods of Multihost Networking Overlay Network Macvlan Open virtual switch (OVS) Standard bridge utilites (brctl)

Overlay Concept

KV STOREConsul

Docker Host 1 Docker Host 2

C1 C2Serf + VXLAN

Overlay Network

Serf 

Created by Hashicorp  Used for orchestration and cluster management Uses Gossip Protocol Infrequent UDP messages  Supported on Linux, Mac OS and Windows

VXLAN (Virtual Extensible LAN)

Extend VLAN address space.  Used for Overlays to implement Encapsulation over Layer 3

infrastructure Encapsulates Layer 2 information (VXLAN No.) in Layer 3 Packet. 

Image sourced from "Arista VXLAN Bridging with DCI Head End Replication" http://www.intelligentvisibility.com/blog/?p=376

Steps to create an overlay network

1. Check and update Docker Engine (Latest version 1.12) on hosts. 2. Set up a KV Store 3. Connect hosts to KV store 4. Create an overlay network. 5. Add containers to overlay network 6. Check connectivity between containers 

Setting up a KV store

We are using a Consul container as a Docker host  It s deployed on an external host.  docker run -d -p 8500:8500 -h consul --name consul progrium/consul -server -bootstrap   -p = publish a container's port to host   -d = detach/ run in background   -h = container hostname Docker port consul – check port binding

Connecting hosts to KV Store

Stop the docker service                      $ sudo systemctl stop docker.service (RedHat)                     $ sudo service docker stop  Connect hosts to KV store       sudo docker daemon -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock --cluster-advertise <Net int of host>:2375 --cluster-store consul://<Public IP of host interface>:8500-H = host  --cluster-advertise = send advertisements for cluster on intf:2375    --cluster-store = IP of KV store/cluster manager

Hosts Joining a Cluster

Create an overlay Network

On any host:      docker network create –d overlay --subnet=<IP address>/<Mask> <network name>

Add containers to overlay network On each of the hosts:      docker run –itd --name=<container name> --network=<overlay name> <container image>

    Docker network inspect <overlay name> (for Verification)

Overlay Network Image 

Checking connectivity between containers

Ping From C1 to C2   docker exec C2 ping –w5 C1 

References Introduction to Docker:     https://sysadmincasts.com/episodes/31-introduction-to-docker Docker Container Networking:      https://docs.docker.com/engine/userguide/networking/ Docker Multi-host Network:      https://luppeng.wordpress.com/2016/05/03/setting-up-an-overlay-network-on-docker-without-swarm/ Docker Networking Deep Dive (DockerCon 15):      https://www.youtube.com/watch?v=vb7U_9AO7Ww 4 Ways to Connect Containers to Local Network      http://blog.oddbit.com/2014/08/11/four-ways-to-connect-a-docker/ VXLAN Definition:      http://whatis.techtarget.com/definition/VXLAN Serf     https://www.serf.io/ Install Docker on Ubuntu     https://docs.docker.com/engine/installation/linux/ubuntulinux/ Install Docker on Centos    https://docs.docker.com/engine/installation/linux/centos/