Mohammad Banikazemi and Phil Estes from IBM discuss unifying the virtualized networking layers between containers and VMs using Neutron and Docker's libnetwork pluggable API, filling the gap with recently announced Project Kuryr

1. Unifying Network Virtualization between Containers and VMs
@estesp @MBanikazemi
flickr.com/68397968@N07

2. Phil Estes
Senior Technical Staff Member
IBM Open Cloud Technologies
@estesp
> Upstream Docker maintainer
> 10+ years involved in Linux/OSS
> Interests: cloud computing/Linux
2
Mohammad Banikazemi
Research Staff Member
IBM Research
@MBanikazemi
Neutron and libnetwork contributor <
SDN/Cloud Computing expert <
Research: cloud computing/networking <

3. 3

4. Can we unify the network virtualization layers?
If so, how?
4
physical network

5. 5

6. 6
Simple, straightforward API
with pluggable architecture
Abstractions close to physical
resources (for better or worse)
Neutron as the API server with
database support
Additional services and
realization around Neutron

7. 7
Isolated layer-2 broadcast domain;
private/shared
CIDR IP address block associated with a
network; optionally associated with a
gateway, DNS/DHCP servers
Virtual switch port on a network; has
MAC address and IP properties
Connects networks; supports SNAT,
floating IP capabilities

8. 8

9. 9
Separated module from the
core Docker engine
New pluggable networking
framework
Implements the Container
Network Model (CNM)
Full capabilities (plugins, overlay
networking, etc.) available in Docker 1.9

10. 10
Sandbox
Network
Endpoint
A collection of Endpoints that can
communicate with each other
Connects networks to sandboxes
Contains the configuration of the
network stack of a container

11. 11
Sandbox
Network
Endpoint
Create/Delete
Create and delete network objects
Create/Delete/OperInfo
Create, delete, and get info from an endpoint
Join/Leave
Associate/disassociate an endpoint with
a sandbox
Plugin.Activate
Plugins must respond to this API call with a
set “implements” JSON response

12. 12
null - no network
host - uses the host network stack
bridge - traditional Docker network
overlay - new multi-host networking
and the remote driver
Docker Network Plugins
can be used to implement
libnetwork API with custom
implementation

13. 13
Docker Engine
Docker Network
Plugin
libnetwork
HTTP API; e.g.:
/Plugin.Activate
●
●
●
○ https://github.
com/docker/libnetwork/blob/master/docs/remote.md

14. 14
$ docker network –help
Usage: docker network [OPTIONS] COMMAND [OPTIONS]
Commands:
create Create a network
connect Connect container to a network
disconnect Disconnect container from a network
rm Remove a network
inspect Display detailed network information
ls List all networks

15. 15
$ docker network create –help
Usage: docker network create [OPTIONS] NETWORK-NAME
Creates a new network with a name specified by the user
-d, --driver=bridge Driver to manage the Network
--ipam-driver=default IP Address Management Driver
--subnet=[] Subnet in CIDR format that represents a network segment
...

16. 16

17. 17
Baremetal (ironic)
Neutron
libnetwork
network infrastructure
VM (nova)
plugin plugin
network plugin

18. 18
Docker Engine
libnetwork
●
●
○
Neutron
https://github.com/openstack/kuryr

19. 19
Uses the OpenStack Ecosystem:
● Keystone for Authentication
● Neutron Client
● Oslo-* and other OpenStack
libraries

20. 20
Sandbox
Network
Endpoint
plug() unplug()
requires code for different vif
types:

21. 21

22. 22
Node 1
nova
keystone
neutron
horizondocker1.9-rc
consul
libnetwork
kuryr
Node 2
nova
neutron
(agent)
docker1.9-rc
consul
libnetwork
kuryr

23. 23

24. 24
●
●
●
●
●
●
●
○
●

25. 25

26. 26
@estesp
github.com/estesp
estesp@gmail.com
http://integratedcode.us
IRC: estesp
@MBanikazemi
github.com/MBanikazemi
MBanikazemi@gmail.com
http://MBanikazemi.com
IRC: banix