SlideShare ist ein Scribd-Unternehmen logo

Docker meetup oct14

Als PPTX, PDF herunterladen
Vipin Jain
Vipin Jain

Slides presented at: http://www.meetup.com/Docker-Palo-Alto/events/225559897/

Technologie
1 von 8
Policy Based Container Networking Contiv.io Vipin Jain
Ocean of Applications Cluster Applications can be grouped e.g. a scale-out micro service tiers Relationship exists between groups and applications within group
Where to apply network policies? Between containers within a service tier Between service tiers All containers in a service tier External Service Tier = Policy Domain Policy Global Tenant Scope:
What exactly can a network policy be? • Security:  Scoped white/black list rules on specific protocol/ports  In/Out policy to/from outside the cluster  Permit/Deny Inter-Container traffic within service tier • Network Services for Apps:  Virtual or Physical Service appliances (LB, FW, etc.) • Analytics/Diagnostics:  Netflow for certain application traffic  Copy traffic to/from a specific application • Physical Infrastructure Usage:  Bandwidth, Latency, etc. • IP Allocation Management (IPAM) Policy  Auto-allocation, DHCP-based, integration with IPAM tools • Etc.
Rendering Networking Policies Docker Composition + Policy Intent Node1 Node2 Node-n Contiv Master Docker Remote Plugin
Mapping them to Docker Constrcuts CNM Endpoint CNM Network Compose Service Node1 Node-n
Demonstration (Docker + Contiv) – Setup Web Contiv Plugin Host-1 Contiv Master Host-2 DB Web DB Application Intent Tenant-1: External  Web:80  DB:6379 Tenant-2: External  Web:80  DB:Port $ docker-compose up Launch Multi-tier Application 1 Docker Swarm Automated Network, Policy Creation2 Automated Workload Creation and Scheduling 3 Policy Instantiation4 One Click Application Deployment with Policy Instantiation Contiv Plugin
Thank You - Enjoy your Docker Containers!

Empfohlen

Policy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingPolicy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingDocker, Inc.
 
Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3Sukhesh Halemane
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on KubernetesJonh Wendell
 
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup Stephanie Swart
 
Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnativeFrederik Mogensen
 
Master Thesis-Wireless-Projects
Master Thesis-Wireless-ProjectsMaster Thesis-Wireless-Projects
Master Thesis-Wireless-ProjectsPhdtopiccom
 
Bluetooth 5
Bluetooth 5Bluetooth 5
Bluetooth 5harsh parekh
 
Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...APNIC
 

Empfohlen

Policy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingPolicy Driven Deployment for Container Networking
Policy Driven Deployment for Container NetworkingDocker, Inc.
 
Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3Contiv kubernetes-microservices-feb25-v0.3
Contiv kubernetes-microservices-feb25-v0.3Sukhesh Halemane
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on KubernetesJonh Wendell
 
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup Stephanie Swart
 
Securing danish healthcare using cloudnative
Securing danish healthcare using cloudnativeSecuring danish healthcare using cloudnative
Securing danish healthcare using cloudnativeFrederik Mogensen
 
Master Thesis-Wireless-Projects
Master Thesis-Wireless-ProjectsMaster Thesis-Wireless-Projects
Master Thesis-Wireless-ProjectsPhdtopiccom
 
Bluetooth 5
Bluetooth 5Bluetooth 5
Bluetooth 5harsh parekh
 
Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...Beyond the radio: Exploring the terra incognita of mobile networks with the I...
Beyond the radio: Exploring the terra incognita of mobile networks with the I...APNIC
 
Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Corley S.r.l.
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
Code review - networkshop44
Code review - networkshop44Code review - networkshop44
Code review - networkshop44Jisc
 
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemIoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemMark Heckler
 
210-455 exam questions
210-455 exam questions210-455 exam questions
210-455 exam questionsexamgood
 
UMTS Network Simulation Projects
UMTS Network Simulation ProjectsUMTS Network Simulation Projects
UMTS Network Simulation ProjectsPhdtopiccom
 
master-thesis-ns3-projects
master-thesis-ns3-projectsmaster-thesis-ns3-projects
master-thesis-ns3-projectsPhdtopiccom
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor KhoroshchenkoKuberton
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezNetBeez, Inc.
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016ICT PRISTINE
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleRam Vennam
 
Calico 3
Calico 3Calico 3
Calico 3Anirban Sen Chowdhary
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorGianluca Arbezzano
 
PhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhdtopiccom
 
LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance Phdtopiccom
 
IPv17 extra
IPv17 extraIPv17 extra
IPv17 extraVasily Prosin
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoGianluca Arbezzano
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Altoros
 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshopEduard Grasa
 
NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez, Inc.
 
Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesSukhesh Halemane
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Corley S.r.l.
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
Code review - networkshop44
Code review - networkshop44Code review - networkshop44
Code review - networkshop44Jisc
 
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemIoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemMark Heckler
 
210-455 exam questions
210-455 exam questions210-455 exam questions
210-455 exam questionsexamgood
 
UMTS Network Simulation Projects
UMTS Network Simulation ProjectsUMTS Network Simulation Projects
UMTS Network Simulation ProjectsPhdtopiccom
 
master-thesis-ns3-projects
master-thesis-ns3-projectsmaster-thesis-ns3-projects
master-thesis-ns3-projectsPhdtopiccom
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor KhoroshchenkoKuberton
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezNetBeez, Inc.
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016ICT PRISTINE
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleRam Vennam
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorGianluca Arbezzano
 
PhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhdtopiccom
 
LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance Phdtopiccom
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoGianluca Arbezzano
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Altoros
 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshopEduard Grasa
 
NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez, Inc.
 

Was ist angesagt? (20)

Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
Code review - networkshop44
Code review - networkshop44Code review - networkshop44
Code review - networkshop44
 
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy SystemIoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
IoT in the Cloud: Build and Unleash the Value in your Renewable Energy System
 
210-455 exam questions
210-455 exam questions210-455 exam questions
210-455 exam questions
 
UMTS Network Simulation Projects
UMTS Network Simulation ProjectsUMTS Network Simulation Projects
UMTS Network Simulation Projects
 
master-thesis-ns3-projects
master-thesis-ns3-projectsmaster-thesis-ns3-projects
master-thesis-ns3-projects
 
Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko Security threats with Kubernetes - Igor Khoroshchenko
Security threats with Kubernetes - Igor Khoroshchenko
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeez
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as Scale
 
Calico 3
Calico 3Calico 3
Calico 3
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestrator
 
PhD Thesis Network Simulator Projects
PhD Thesis Network Simulator ProjectsPhD Thesis Network Simulator Projects
PhD Thesis Network Simulator Projects
 
LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance LTE Network Simulation Thesis Research Assistance
LTE Network Simulation Thesis Research Assistance
 
IPv17 extra
IPv17 extraIPv17 extra
IPv17 extra
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca Arbezzano
 
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
Building an IoT Cloud for Healthcare: How to Solve Networking Challenges and ...
 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshop
 
NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016NetBeez - IEEE IRI 2016
NetBeez - IEEE IRI 2016
 

Andere mochten auch

Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesSukhesh Halemane
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Containerizing Traditional Applications
Containerizing Traditional ApplicationsContainerizing Traditional Applications
Containerizing Traditional ApplicationsJim Bugwadia
 
Production Challenges for Container Networking
Production Challenges for Container NetworkingProduction Challenges for Container Networking
Production Challenges for Container NetworkingVipin Jain
 
Multi-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize AutomationMulti-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize AutomationJim Bugwadia
 
Simplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaSimplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaJuergen Brendel
 
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015Jim Bugwadia
 
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessContainer Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessVipin Jain
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveMadhu Venugopal
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataDamien Toledo
 
Come With Golang
Come With GolangCome With Golang
Come With Golang尚文 曾
 
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno [INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki MizunoNexus FrontierTech
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]IO Visor Project
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Jenkins vs gogs
Jenkins vs gogsJenkins vs gogs
Jenkins vs gogsAaron King
 
Cloud Native Applications Maturity Model
Cloud Native Applications Maturity ModelCloud Native Applications Maturity Model
Cloud Native Applications Maturity ModelJim Bugwadia
 
Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1Robert Stern
 

Andere mochten auch (20)

Kubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for MicroservicesKubernetes meetup: Networking for Microservices
Kubernetes meetup: Networking for Microservices
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Cloud Native SDN
Cloud Native SDNCloud Native SDN
Cloud Native SDN
 
Containerizing Traditional Applications
Containerizing Traditional ApplicationsContainerizing Traditional Applications
Containerizing Traditional Applications
 
Production Challenges for Container Networking
Production Challenges for Container NetworkingProduction Challenges for Container Networking
Production Challenges for Container Networking
 
Multi-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize AutomationMulti-cloud Container Management for vRealize Automation
Multi-cloud Container Management for vRealize Automation
 
Simplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaSimplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romana
 
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
Multi-Cloud Microservices - DevOps Summit Silicon Valley 2015
 
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessContainer Networking Challenges for Production Readiness
Container Networking Challenges for Production Readiness
 
Enterprise Cloud Native
Enterprise Cloud NativeEnterprise Cloud Native
Enterprise Cloud Native
 
DockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep diveDockerCon US 2016 - Docker Networking deep dive
DockerCon US 2016 - Docker Networking deep dive
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with Nirmata
 
BRKSDN-2115
BRKSDN-2115 BRKSDN-2115
BRKSDN-2115
 
Come With Golang
Come With GolangCome With Golang
Come With Golang
 
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno [INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
Jenkins vs gogs
Jenkins vs gogsJenkins vs gogs
Jenkins vs gogs
 
Cloud Native Applications Maturity Model
Cloud Native Applications Maturity ModelCloud Native Applications Maturity Model
Cloud Native Applications Maturity Model
 
Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1Golang basics for Java developers - Part 1
Golang basics for Java developers - Part 1
 

Ähnlich wie Docker meetup oct14

Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsDaniel Krook
 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Canada
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Network Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronNetwork Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronSumit Naiksatam
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
 
Requirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirementsRequirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirementscsk selva
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 

Ähnlich wie Docker meetup oct14 (20)

TFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott SneddonTFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott Sneddon
 
Mb openstack-nov2013v7
Mb openstack-nov2013v7Mb openstack-nov2013v7
Mb openstack-nov2013v7
 
Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and Chains
 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
Design of network
Design of networkDesign of network
Design of network
 
652.ppt
652.ppt652.ppt
652.ppt
 
Open stackatlantagrouppolicy
Open stackatlantagrouppolicyOpen stackatlantagrouppolicy
Open stackatlantagrouppolicy
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Stephen Wallo
Stephen WalloStephen Wallo
Stephen Wallo
 
INT_Ch17.pptx
INT_Ch17.pptxINT_Ch17.pptx
INT_Ch17.pptx
 
Netkit
NetkitNetkit
Netkit
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Network Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack NeutronNetwork Policy Abstractions in OpenStack Neutron
Network Policy Abstractions in OpenStack Neutron
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
 
Requirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirementsRequirment anlaysis , application, device, network requirements
Requirment anlaysis , application, device, network requirements
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 

Kürzlich hochgeladen

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Docker meetup oct14

  • 1. Policy Based Container Networking Contiv.io Vipin Jain
  • 2. Ocean of Applications Cluster Applications can be grouped e.g. a scale-out micro service tiers Relationship exists between groups and applications within group
  • 3. Where to apply network policies? Between containers within a service tier Between service tiers All containers in a service tier External Service Tier = Policy Domain Policy Global Tenant Scope:
  • 4. What exactly can a network policy be? • Security:  Scoped white/black list rules on specific protocol/ports  In/Out policy to/from outside the cluster  Permit/Deny Inter-Container traffic within service tier • Network Services for Apps:  Virtual or Physical Service appliances (LB, FW, etc.) • Analytics/Diagnostics:  Netflow for certain application traffic  Copy traffic to/from a specific application • Physical Infrastructure Usage:  Bandwidth, Latency, etc. • IP Allocation Management (IPAM) Policy  Auto-allocation, DHCP-based, integration with IPAM tools • Etc.
  • 5. Rendering Networking Policies Docker Composition + Policy Intent Node1 Node2 Node-n Contiv Master Docker Remote Plugin
  • 6. Mapping them to Docker Constrcuts CNM Endpoint CNM Network Compose Service Node1 Node-n
  • 7. Demonstration (Docker + Contiv) – Setup Web Contiv Plugin Host-1 Contiv Master Host-2 DB Web DB Application Intent Tenant-1: External  Web:80  DB:6379 Tenant-2: External  Web:80  DB:Port $ docker-compose up Launch Multi-tier Application 1 Docker Swarm Automated Network, Policy Creation2 Automated Workload Creation and Scheduling 3 Policy Instantiation4 One Click Application Deployment with Policy Instantiation Contiv Plugin
  • 8. Thank You - Enjoy your Docker Containers!

Hinweis der Redaktion

  1. Send comments to: vipijain@cisco.com
  2. Let us assume there is a cluster of host running thousands of application instances as docker containers It is very likely that the application instances are not random i.e. they work cohesively and can be grouped And there exists a consumption relationship between service tiers
  3. Network policies can be applied to capture the relationship between the services or between the application within a service
  4. Network policies can be applied to capture the relationship between the services or between the application within a service
  5. Docker composition results
  6. Send comments to: vipijain@cisco.com