Medallia © Copyright 2015. 1
Medallia © Copyright 2015. 2
Docker Buenos Aires
• Medallia○ “Software to improve the customer experience”○ “Aggregating 1 Billion documents in 1 second or less”
• Mauricio Garavaglia○ Software Engineer○ [email protected]
• 2015-05-21
Bienvenidos!!!
Medallia © Copyright 2015. 3
Docker 101
Medallia © Copyright 2015. 4
Problem: Matrix from Hell
Medallia © Copyright 2015. 5
Problem: Efficient use of Resources
Solution But...
Time Sharing! - Your library 2.0 clashes with my library 1.0- Increase attack vectors
Virtualization! - Isolation but too much overhead!- Seriously, overhead!
Containers! ...
Medallia © Copyright 2015. 6
“Lightweight Virtual Machine”
Medallia © Copyright 2015. 7
DockerContainerization for the masses
Docker Container Linux cgroups Linux
namespacesImages
(Layered FS)
Medallia © Copyright 2015. 8
Server
Docker Architecture
Docker Client Docker Daemon
container 1
container 2
container 3
container 4
Rest APIDocker HubImages
Medallia © Copyright 2015. 9
Checkout and have fun!
https://www.docker.com/tryit/
Medallia © Copyright 2015. 10
Microservices using relocatable Docker containersThorvald Natvig ([email protected])Mauricio Garavaglia ([email protected])
Medallia © Copyright 2015. 11
• Docker for everything!• Docker for applications!• Docker for load-balancers!• Docker for zookeeper! And DNS!• Docker for databases!
Problem to solveWant a reliable, flexible data-center
Medallia © Copyright 2015. 12
Problem to Solve TodayRelocating non-movable services
DataCenter Firewall
Host: 10.1.2.3:80
Host: 10.1.2.5:80
172.17.0.3:80 nginxHost: 10.1.2.4:2181
172.17.1.0:2181 zookeeper
172.17.1.2:80 application
Medallia © Copyright 2015. 13
Docker Bridged Networking Model
host1
container 1
eth0
10.1.2.3/24
172.16.1.1172.16.1.2
docker0
veth0 veth1
Medallia © Copyright 2015. 14
Default (Bridged) Strategy
● Creates a pair of veth.● Moves one to the container
namespace.● Renames the container veth to
eth0● Attaches the host veth to the
docker0 bridge● Configures port forwarding in
iptables
Routed Strategy
● Creates a pair of veth.● Moves one to the container
namespace.● Renames the container veth to
eth0.● Adds route to 0.0.0.0/0 via
eth0 in container.● Adds route to container IP via
veth0 in the host.
Docker fork new strategy
Medallia © Copyright 2015. 15
OSPF Area
host1% ip route10.4.5.6 dev veth0
...
Docker* Routed Networking Model
eth0
10.1.2.3/24
veth0
container-A
% ip routedefault eth0
10.4.5.6/32
eth0
host2
host3
hostN
switch
Medallia © Copyright 2015. 16
Route to 10.1.2.3/32Infrastructure
Spine
Leaf
Server
10.1.2.3/32
10.1.2.3/32
Medallia © Copyright 2015. 17
OSPF: 1998
• Open Shortest Path First○ Propagated Link State Database○ Supported by every vendor
• OSPF is computationally expensive○ On a 1998-style embedded controller: Yes○ On a 2015-style Intel Atom 64-bit: No
• Everything is point-to-point L3 links• Switches and Servers run OSPF (Quagga)• Cumulus! OSPF unnumbered
Old and boring is the new sexy
Medallia © Copyright 2015. 18
Running a Containerusing the routed strategy
% docker run -it --net=routed --ip-address=10.2.3.4/32 ubuntu
(Will likely change to use labels...)
Medallia © Copyright 2015. 19
demo!
Medallia © Copyright 2015. 20
bright future ahead!
• Extract networking logic into a reusable library.• Replace the networking subsystem of Docker.• Docker 1.7 (libnetwork 0.3)• Docker 1.8 (libnetwork 1.0)• Get rid of our patch and wrap it as an extension/plugin.• https://github.com/docker/libnetwork
LibNetwork
Medallia © Copyright 2015. 21
Pros and ConsAwesomeness SucksiesIP MobilityQuick failoverNo special snowflakesEverything in docker
Future: CRIU?
T2 routing limit: 128K entries
Medallia © Copyright 2015. 22
How difficult is this?Welcome to the network revolution!
● 40GbE “white-box” Switches○ Cumulus: Debian-based Switch OS○ x86-64 Linux server with 32 network interfaces
● Want to inspect network traffic?○ sudo apt-get install tcpdump
● Technically possible to run remote xterm on the switch● Currently waiting for Cumulus to update kernel version
○ Docker on the switches!
Medallia © Copyright 2015. 23
Leaf Switch /etc/network/interfaces Server /etc/network/interfacesauto loiface lo inet loopback address 10.225.10.245/32%for v in range(1,17):auto swp${v}iface swp${v} mtu 9000 address 10.225.10.${v*8+1}/30%endfor%for v in range(17,33):auto swp${v}iface swp${v} mtu 9000 address 10.225.10.245/32%endfor
auto loiface lo inet loopback
auto data0iface data0 inet static mtu 9000 address 10.225.10.10 netmask 255.255.255.252 gateway 10.225.10.9
How difficult is the network config?
To Servers
To Spines
To Leaf
Medallia © Copyright 2015. 24
Leaf/Spine Switch ospfd.conf Server ospfd.confrouter ospf ospf router-id 10.225.10.245 network 10.224.0.0/12 area 0.0.0.0!interface swp1 ip ospf network point-to-point!interface swp2 ip ospf network point-to-point!….
! Bootstrap Configrouter ospf ospf router-id 10.225.10.10 redistribute kernel passive-interface default no passive-interface data0 network 10.224.0.0/12 area 0.0.0.0!log syslog!interface data0 ip ospf network point-to-point!
How difficult is the network config?
Medallia © Copyright 2015. 25
“Good enough”
• 24-39 Gbit/s (core affinity)• 13us ICMP ping
Performance
Medallia © Copyright 2015. 26
Local Development With Style
IP Mobility on Local Laptop
Allow for easy and rapid development
Boot2Docker
Medallia © Copyright 2015. 27
Boot2Docker on OSX
My MacBookBoot2Docker VM
10.10.0.0/16
10.10.0.0/16
10.10.2.1/32 frontend on 8080
10.10.2.2/32 backed (date) on 9999
lo0: 10.10.2.2/32 backend
My Shell
Medallia © Copyright 2015. 28
Checkout and have fun!
www.github.com/medallia/dockerwww.github.com/medallia/boot2docker-iso
Medallia © Copyright 2015. 29
Questions?
Medallia © Copyright 2015. 30
Jueves 28 de Mayo
http://tinyurl.com/ioextendedba