overlay network multi docker host networking
TRANSCRIPT
![Page 1: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/1.jpg)
CTO@KiratechMarcoBizzantino
@bizzam#containerday
OverlayNetworkMultiDockerHostNetworking
![Page 2: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/2.jpg)
UnderstandDockercontainernetworks
• Networks,bydefinition,providecompleteisolationforcontainers• It’simportanttohavecontroloverthenetworks• Dockercontainernetworksgiveyouthatcontrol
![Page 3: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/3.jpg)
Dockernetworkingmodel
• ContainersdonothaveapublicIPv4address• Theyareallocatedaprivateaddress• Servicesrunningonacontainermustbe
exposedportbyport• Containerportshavetobemappedtothe
hostporttoavoidconflicts
![Page 4: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/4.jpg)
DefaultNetwork
• Dockerinstallationcreatesthreenetworksautomatically
• Youcanuse--netflagtospecifywhichnetworkyouwanttorunacontaineron
![Page 5: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/5.jpg)
BridgeNetwork
• Isthedocker0networkpresentinallDockerinstallations• Allcontainersbydefaultconnectstoit• Partofhost’snetworkstack• docker0 isassignedarandomIPaddressandsubnetfromthe
privaterangedefinedbyRFC1918
![Page 6: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/6.jpg)
NoneNetwork
• Container-specificnetworkstack
• Containerattachedlacksanetworkinterface
![Page 7: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/7.jpg)
HostNetwork
• Addsacontaineronthehostnetworkstack• Networkconfigurationinsidethecontaineris
identicaltothehost
![Page 8: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/8.jpg)
Checkcontainernetworkingproperties
Thedocker networkinspectcommandreturnsinformationaboutanetwork
![Page 9: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/9.jpg)
Networksummary
• Dockercontainersruninasubnetprovisionedbythedocker0bridgeonthehostmachine
• Wecancreateourownbridgeordifferentnetworktoruncontainerson
• AutomappingofcontainerportstohostportsonlyappliestotheportnumbersdefinedintheDockerfileEXPOSEinstruction
![Page 10: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/10.jpg)
Multi-hostnetworking
• ContainersrunningondifferenthostscannotcommunicatewitheachotherwithoutmappingtheirTCPportstothehost’sTCPports
• Multi-hostnetworkingallowsthesecontainerstocommunicatewithoutrequiringportmapping
• TheDockerEnginesupportsmultihostnetworkingnativelyoutoftheboxviatheoverlay networkdriver
![Page 11: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/11.jpg)
Multi-hostnetworking
Requirementsforcreatinganoverlaynetwork• Accesstoakey-valuestore• Aclusterofhostsconnectedtothekey-valuestore• AllhostsmusthaveKernelversion3.16orhigher• DockerEngineproperlyconfiguredoneachhost
![Page 12: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/12.jpg)
Overlaynetwork
• overlaynetworkdriversupportsmulti-hostnetworkingnativelyout-of-the-box
• Basedonlibnetwork,abuilt-inVXLAN-basedoverlaynetworkdriver,andDocker’slibkv library
• Theoverlaynetworkrequiresavalidkey-valuestoreservice
• TheDockerhostsmustbeabletocommunicate• udpport4789 Dataplane(VXLAN)• tcp/udpport7946 Controlplane
![Page 13: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/13.jpg)
Key-valuestore
Storesinformationaboutthenetworkstateincluding• Discovery• Endpoints• IPaddresses
Supportedoptions• Consul• Zookeeper(Distributedstore)• Etcd• BoltDB (Localstore)
![Page 14: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/14.jpg)
Setupkey-valuestoreOnyourMasterNode
Runconsulinacontainerwiththefollowingcommanddocker run -d -p 8500:8500 -h consul --name consul \
progrium/consul -server –bootstrap
Checkthatconsulisrunningandthatport8500ismappedtothehostusingdocker ps
![Page 15: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/15.jpg)
ConfigureDockerEngines
TheDockerEngineoneachnodeneedstobeconfiguredto:• ListenonTCPport2375• UsetheConsulkey-valuestoreonourmasternode
ModifytheDOCKER_OPTSvariable
DOCKER_OPTS="-Htcp://0.0.0.0:2375\-Hunix:///var/run/docker.sock \--cluster-store=consul://<MasterNodeIP>:8500/network\--cluster-advertise=eth0:2375"
![Page 16: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/16.jpg)
ConfiguretheOverlaynetwork
CreateanoverlaynetworkononeofthemachinesintheSwarm
docker networkcreate-doverlay–subnet10.10.2.0/24multinet
![Page 17: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/17.jpg)
Runningcontainersonamulti-hostnetwork
Torunacontaineronthemulti-hostnetwork,youjustneedtospecifythenetworknameonthedocker runcommand.Forexample:docker run -itd --name c1 --net multinet busyboxCanruncontainersfromanyhostconnectedtothenetworkContainerwillbeassignedanIPaddressfromthesubnetofyourmulti-hostnetwork
![Page 18: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/18.jpg)
Runningcontainersonamulti-hostnetwork
Thefirsttimeanoverlaynetworkiscreatedonanyhost,Dockeralsocreatesanothernetworkcalleddocker_gwbridge
Thedocker_gwbridgenetworkprovidesexternalaccessforcontainers
AllTCP/UDPportsareopenonanoverlaynetworkandthus,itisnotnecessarytomapcontainerportstohostportsinorderforcontainerstocommunicate
![Page 19: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/19.jpg)
OverlayNetwork
Onceconnected,eachcontainerhasaccesstoallthecontainersinthenetworkregardlessofwhichDockerhostthecontainerwaslaunchedon.
![Page 20: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/20.jpg)
Containerdiscovery
• Thedocker daemoncontainsanembeddedDNSserver• Containersmustrunwithaname(usingthe--name option).ThismapstotheIPaddressonthenetworkthecontainerisconnectedto.
• Whenacontainerisaddedtoamulti-hostnetwork,allotherhostswillbeabletodiscoveritviatheDNSserver
![Page 21: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/21.jpg)
Containerdiscovery
• Containermayhaveanynumberofaliasesonanetwork
• Containersmayhavedifferentaliasesondifferentnetworks,setusingthe--alias optiononnetwork connect
• IftheembeddedDNSserverisunabletoresolvetherequestitwillbeforwardedtoanyexternalDNSserversconfiguredforthecontainer
![Page 22: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/22.jpg)
Multi-hostNetworkSummary
• Anoverlay(multi-host)networkrequiresakey/valuestore
• Containersaddedtoamulti-hostnetworkarediscoverablebyothercontainers,aslongasthecontainername/aliashasbeenspecified
• Containersondifferenthostscancommunicatewitheachotherwithoutexposinganyportsifthehostsarepartofthesameoverlaynetwork
![Page 23: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/23.jpg)
Macvlan andIpvlan NetworkDrivers
• completecontroloflayer2VLANtaggingandevenIpvlan L3routingforusersinterestedinunderlaynetworkintegration
• containerattacheddirectlytotheDockerhostinterface• easyaccessforexternalfacingservicesasthereisnoportmappings
• stillexperimental
Moreinformations:https://github.com/docker/docker/blob/master/experimental/vlan-networks.md
![Page 24: Overlay Network Multi Docker Host Networking](https://reader034.vdocuments.site/reader034/viewer/2022052406/58a1aadd1a28abd94d8c47d9/html5/thumbnails/24.jpg)
Thankyou