fixing docker networking - milos gajdos at #doxlon
DESCRIPTION
Milos has been working on fixing networking in Docker. Yes, fixing networking :-) At the moment it massively sucks. You can't do vlans, macvlans etc.. you can't even have more than 1 interface inside the docker! After a week of after-work hacking on this (whilst watching world cup) Milos has found the cause of why this is not in Docker - it's the netlink package in docker - because no one has fixed netlink! This should be an entertaining talk for anyone who likes Docker, Golang and geeky container networking stuff. Video: http://youtu.be/_dQ5dERe6b0 DevOps Exchange Meetup Group: http://bit.ly/doxlonmeetupTRANSCRIPT
DOCKNET - golang package for Linux networking
DevOps Exchange London, #DOXLON26th June, 2014
About me…
• Ex-Rackspace, couple of startups in and outside of UK
• Currently freelancing
• Twitter: @milosgajdos
• Linkedin: http://uk.linkedin.com/in/milosgajdos
• Professional (technology) ranter or better - Ops guy
• Programming language tourist currently loving Go
How and why docknet
• Started as a personal interest in Linux container networking(http://containerops.org/2013/11/19/lxc-networking/)
• Docker does not offer advanced networking functionality available in LXC/OpenVZ
• No properly functional Go library which would allow you to configure Linux networking programatically without shelling out
Application delivery DOCKERIZE ALL THE THINGS!
Infrastructure delivery
• Network is an essential part of IT infrastructure
• Well designed network offers better scalability, security, easier management etc.
• Legacy network setups and various esoteric or financial requirements leave us deal with ….
Insane network infrastructures o_O
Netlink & RTNetlink
• Netlink is a datagram-oriented messaging system in Linux for user-space applications to communicate with Linux kernel
• mostly used by networking tools (iproute2), but there is some use of it in other non-networking kernel subsystems
• RtNetlink is a library used for configuring and managing networking devices, routing, neighbouring etc.
Go netlink
• Found 2 Go implementations:
1. github.com/abneptis/GoNetlink
• does not seem to be actively developed any more - last commit about 4 years ago
• couldn’t compile it with latest Go compiler
2. github.com/docker/libcontainer/ (netlink package)
• used by Docker \o/
• more idiomatic, still work in progress
• seems broken - NEEDS FIXING
Fixing netlink package
docknet
• general network managing and configuration library for Linux OS - not just containers!
• uses properly functioning netlink package which offers more functionality than libcontainer’s one (VLANs, MAC VLANs etc.)
• no syscalls in netlink package any more - syscalls are NOT netlink !
• allows for advanced networking configuration of your containers (not necessarily Docker based): VLANs, MAC VLANs, multiple network interfaces etc.
• Still WORK IN PROGRESS… still private, should be released in a week or two
docknet sneak peek
• Add an extra veth interface into Docker from the host machine:
https://gist.github.com/milosgajdos83/7cc9028a962fb5635ada
• Add a MAC VLAN interfaces into Docker from the host machine:
https://gist.github.com/milosgajdos83/296fb90d076f259a5b0a
TIME FOR LIVE DEMO!
I AM HIRING ……
Links
• http://www.linuxjournal.com/article/8498
• http://man7.org/linux/man-pages/man7/netlink.7.html
• http://man7.org/linux/man-pages/man3/netlink.3.html
• https://github.com/torvalds/linux/blob/master/net/core/rtnetlink.c
• https://github.com/torvalds/linux/blob/master/include/linux/rtnetlink.h
• https://github.com/docker/libcontainer/blob/master/netlink/netlink_linux.go