Unifying Network Virtualization between Containers and VMs

@estesp @MBanikazemi

flickr.com/68397968@N0

7

Phil EstesSenior Technical Staff MemberIBM Open Cloud Technologies@estesp

> Upstream Docker maintainer> 10+ years involved in Linux/OSS> Interests: cloud computing/Linux

2

Mohammad BanikazemiResearch Staff Member

IBM Research@MBanikazemi

Neutron and libnetwork contributor <SDN/Cloud Computing expert <

Research: cloud computing/networking <

3

Can we unify the network virtualization layers?If so, how?

4

physical network

5

6

Simple, straightforward APIwith pluggable architecture

Abstractions close to physical resources (for better or worse)

Neutron as the API server with database support

Additional services and realization around Neutron

7

Isolated layer-2 broadcast domain; private/shared

CIDR IP address block associated with a network; optionally associated with a gateway, DNS/DHCP servers

Virtual switch port on a network; has MAC address and IP properties

Connects networks; supports SNAT, floating IP capabilities

8

9

Separated module from thecore Docker engine

New pluggable networking framework

Implements the Container Network Model (CNM)

Full capabilities (plugins, overlay networking, etc.) available in Docker 1.9

10

Sandbox

Network

Endpoint

A collection of Endpoints that can communicate with each other

Connects networks to sandboxes

Contains the configuration of the network stack of a container

11

Sandbox

Network

Endpoint

Create/DeleteCreate and delete network objects

Create/Delete/OperInfoCreate, delete, and get info from an endpoint

Join/LeaveAssociate/disassociate an endpoint with a sandbox

Plugin.ActivatePlugins must respond to this API call with a set “implements” JSON response

12

null - no networkhost - uses the host network stackbridge - traditional Docker networkoverlay - new multi-host networkingand the remote driver

Docker Network Pluginscan be used to implement libnetwork API with customimplementation

13

Docker Engine

Docker NetworkPlugin

libnetwork

HTTP API; e.g.:/Plugin.Activate

●

●●

○ https://github.com/docker/libnetwork/blob/master/docs/remote.md

14

$ docker network –helpUsage: docker network [OPTIONS] COMMAND [OPTIONS]Commands: create Create a network connect Connect container to a network disconnect Disconnect container from a network rm Remove a network inspect Display detailed network information ls List all networks

15

$ docker network create –helpUsage: docker network create [OPTIONS] NETWORK-NAME

Creates a new network with a name specified by the user

-d, --driver=bridge Driver to manage the Network --ipam-driver=default IP Address Management Driver --subnet=[] Subnet in CIDR format that represents a network segment

...

16

17

Baremetal (ironic)

Neutron

libnetwork

network infrastructure

VM (nova)

plugin plugin

network plugin

18

Docker Engine

libnetwork

●

●

○

Neutron

https://github.com/openstack/kuryr

19

Uses the OpenStack Ecosystem:

● Keystone for Authentication● Neutron Client ● Oslo-* and other OpenStack

libraries

20

Sandbox

Network

Endpoint

plug() unplug()requires code for different vif types:

21

22

Node 1

nova

keystone

neutron

horizondocker1.9-rc

consul

libnetwork

kuryr

Node 2

nova

neutron (agent)

docker1.9-rc

consul

libnetwork

kuryr

23

24

●●●

●●●●

○●

25

26

@estesp

github.com/estesp

estesp@gmail.com

http://integratedcode.us

IRC: estesp

@MBanikazemi

github.com/MBanikazemi

MBanikazemi@gmail.com

http://MBanikazemi.com

IRC: banix