SlideShare ist ein Scribd-Unternehmen logo

Deep Dive in Docker Overlay Networks

Als PPTX, PDF herunterladen
Laurent Bernaille
Laurent Bernaille

The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies.

Präsentationen & Vorträge
1 von 42
Talk Title Here Author Name, Company Deep dive in Docker Overlay Networks Laurent Bernaille @lbernail
Agenda • The Docker Overlay Network – Getting started – Under the hood • Building our Overlay – Starting from scratch – Making it dynamic
The Docker Overlay
Environment docker0 docker1 consul 10.0.0.10 10.0.0.11 10.0.0.5 dockerd -H fd:// --cluster-store=consul://consul0:8500 --cluster-advertise=eth0:2376 What is in consul? Not much for now just metadata tree
Let's create an Overlay Network docker0:~$ docker network create --driver overlay --internal --subnet 192.168.0.0/24 linuxcon c4305b67cda46c2ed96ef797e37aed14501944a1fe0096dacd1ddd8e05341381 docker1:~$ docker network ls NETWORK ID NAME DRIVER SCOPE bec777b6c1f1 bridge bridge local c4305b67cda4 linuxcon overlay global 3a4e16893b16 host host local c17c1808fb08 none null local
Does it work? docker0:~$ docker run -d --ip 192.168.0.100 --net linuxcon --name C0 debian sleep infinity docker1:~$ docker run --net linuxcon debian ping 192.168.0.100 PING 192.168.0.100 (192.168.0.100): 56 data bytes 64 bytes from 192.168.0.100: seq=0 ttl=64 time=1.153 ms 64 bytes from 192.168.0.100: seq=1 ttl=64 time=0.807 ms docker1:~$ ping 192.168.0.100 PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data. ^C--- 192.168.0.100 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3024ms
What did we build? Overlay consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11
The Docker Overlay Under the hood
How does it work? Let's look inside containers docker0:~$ docker exec C0 ip addr show 58: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP inet 192.168.0.100/24 scope global eth0 docker0:~$ docker exec C0 ip -details link show dev eth0 58: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default veth
Container network configuration consul docker0 eth0 192.168.0.100 C0 Namespace veth eth0 docker1 C1 Namespace veth eth0 192.168.0.Y eth0PING 10.0.0.10 10.0.0.11
Where is the other end of the veth? docker0:~$ ip link show >> Nothing, it must be in another Namespace docker0:~$ sudo ls -l /var/run/docker/netns 8-c4305b67cd docker0:~$ docker network inspect linuxcon -f {{.Id}} c4305b67cda46c2ed96ef797e37aed14501944a1fe0096dacd1ddd8e05341381 docker0:~$ overns=/var/run/docker/netns/8-c4305b67cd docker0:~$ sudo nsenter --net=$overns ip -d link show 2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default bridge 62: vxlan1: <..> mtu 1450 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default vxlan id 256 srcport 10240 65535 dstport 4789 proxy l2miss l3miss ageing 300 59: veth2: <...> mtu 1450 qdisc noqueue master br0 state UP mode DEFAULT group default
Update on connectivity Overlay consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11 br0 vxlanveth br0 vxlanveth
What is VXLAN? • Tunneling technology over UDP (L2 in UDP) • Developed for cloud SDN to create multi-tenancy • Without the need for L2 connectivity • Without the normal VLAN limit (4096 VLAN Ids) • Easy to encrypt: IPSEC • Overhead: 50 bytes • In Linux • Started with Open vSwitch • Native with Kernel >= 3.7 and >=3.16 for Namespace support VXLAN: Virtual eXtensible LAN VNI: VXLAN Network Identifier VTEP: VXLAN Tunnel Endpoint Outer IP packet UDP dst: 4789 VXLAN Header Original L2
Let's have a look docker0:~$ sudo tcpdump -nn -i eth0 "port 4789" docker1:~$ docker run -it --rm --net linuxcon debian ping 192.168.0.100 PING 192.168.0.100 (192.168.0.100): 56 data bytes 64 bytes from 192.168.0.100: seq=0 ttl=64 time=1.153 ms 64 bytes from 192.168.0.100: seq=1 ttl=64 time=0.807 ms docker0:~$ 13:35:12.796941 IP 10.0.0.11.60916 > 10.0.0.10.4789: VXLAN, flags [I] (0x08), vni 256 IP 192.168.0.2 > 192.168.0.100: ICMP echo request, id 1, seq 0, length 64 13:35:12.797035 IP 10.0.0.10.54953 > 10.0.0.11.4789: VXLAN, flags [I] (0x08), vni 256 IP 192.168.0.100 > 192.168.0.2: ICMP echo reply, id 1, seq 0, length 64
Full connectivity with VXLAN consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11 br0 vxlanveth br0 vxlanveth IP src: 10.0.0.11 dst: 10.0.0.10 UDP src: X dst: 4789 VXLAN Header Original L2 src: 192.168.0.Y dst: 192.168.0.100
How do containers find each other? • VXLAN Data plane – Sending data between hosts – Tunneling using UDP • VXLAN Control plane – Distribution of VLXAN endpoints ("VTEP") – Distribution of MAC to VTEP mappings – ARP offloading (optional, but required without ARP traffic)
VXLAN Control Plane - Option 1: Multicast vxlan vxlan vxlan Multicast 239.x.x.x ARP: Who has 192.168.0.2? L2 discovery: where is 02:42:c0:a8:00:02 ? Use a multicast group to send traffic for unknown L3/L2 addresses • PROS: simple and efficient • CONS: Multicast connectivity not always available (on public clouds for instance)
VXLAN Control Plane- Option 2: Point-to-point vxlan vxlan Remote IP: point-to-point Send everything to remote IP Configure a remote IP address where to send traffic for unknown addresses • PROS: simple, not need for multicast, very good for two hosts • CONS: difficult to manage with more than 2 hosts
VXLAN Control Plane- Option 3: User-land vxlan vxlan daemon daemon Manual (with a daemon modifying ARP/FDB) ARP: Mac address of 192.168.0.2 L2: VTEP (host) for 02:42:c0:a8:00:02 vxlan daemon Do nothing, provide ARP / FDB information from outside • PROS: very flexible • CONS: requires a daemon and a centralized database of addresses
How is it done by Docker? docker0:~$ sudo nsenter --net=$overns ip neighbor show docker0:~$ sudo nsenter --net=$overns bridge fdb show docker1:~$ docker run -d --ip 192.168.0.200 --net linuxcon --name C1 debian sleep infinity docker0:~$ sudo nsenter --net=$overns ip neighbor show 192.168.0.200 dev vxlan0 lladdr 02:42:c0:a8:00:c8 PERMANENT docker0:~$ sudo nsenter --net=$overns bridge fdb show 02:42:c0:a8:00:c8 dev vxlan0 dst 10.0.0.11 self permanent
Where is this information stored? docker0:~$ net=$(docker network inspect linuxcon -f {{.Id}}) docker0:~$ curl -s http://consul:8500/v1/kv/docker/network/v1.0/network/${net}/ docker0:~$ python/dump_endpoints.py Endpoint Name: C1 IP address: 192.168.0.200/24 MAC address: 02:42:c0:a8:00:c8 Locator: 10.0.0.11 Endpoint Name: C0 IP address: 192.168.0.100/24 MAC address: 02:42:c0:a8:00:64 Locator: 10.0.0.10
How is it distributed? docker0:~$ serf agent -join 10.0.0.10:7946 -node demo -event-handler=./serf.sh docker1:~$ docker run -d --net linuxcon debian sleep infinity docker1:~$ docker rm -f $(docker ps -aq) docker0:~$ New event: user join 192.168.0.2 255.255.255.0 02:42:c0:a8:00:02 New event: user leave 192.168.0.2 255.255.255.0 02:42:c0:a8:00:02 New event: user leave 192.168.0.200 255.255.255.0 02:42:c0:a8:00:c8
Overview consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11 br0 vxlanveth br0 vxlanveth IP src: 10.0.0.11 dst: 10.0.0.10 UDP src: X dst: 4789 VXLAN Header Original L2 src: 192.168.0.Y dst: 192.168.0.100 dockerd dockerd ARP FDB ARP FDB Serf / Gossip
Building our Overlay From scratch
Clean up docker0:~$ docker rm -f $(docker ps -aq) docker0:~$ docker network rm linuxcon docker1:~$ docker rm -f $(docker ps -aq)
Start from scratch docker0 docker1 10.0.0.10 10.0.0.11
Step 1: Overlay Namespace docker0 docker1 10.0.0.10 10.0.0.11 br42 vxlan42 eth0 br42 eth0 vxlan42
Creating the Overlay Namespace ip netns add overns ip netns exec overns ip link add dev br42 type bridge ip netns exec overns ip addr add dev br42 192.168.0.1/24 ip link add dev vxlan42 type vxlan id 42 proxy dstport 4789 ip link set vxlan1 netns overns ip netns exec overns ip link set vxlan42 master br42 ip netns exec overns ip link set vxlan42 up ip netns exec overns ip link set br42 up create overlay NS create bridge in NS create VXLAN interface move it to NS add it to bridge bring all interfaces up setup_vxlan script
Step 2: Attach containers docker0 docker1 10.0.0.10 10.0.0.11 br42 vxlan42 eth0 br42 eth0 vxlan42 veth veth eth0 192.168.0.20 C0 Namespace C1 Namespace eth0 192.168.0.10
Create containers and attach them docker0 docker run -d --net=none --name=demo debian sleep infinity ctn_ns_path=$(docker inspect --format="{{ .NetworkSettings.SandboxKey}}" demo) ctn_ns=${ctn_ns_path##*/} ip link add dev veth1 mtu 1450 type veth peer name veth2 mtu 1450 ip link set dev veth1 netns overns ip netns exec overns ip link set veth1 master br42 ip netns exec overns ip link set veth1 up ip link set dev veth2 netns $ctn_ns ip netns exec $ctn_ns ip link set dev veth2 name eth0 address 02:42:c0:a8:00:10 ip netns exec $ctn_ns ip addr add dev eth0 192.168.0.10 ip netns exec $ctn_ns ip link set dev eth0 up docker1 Same with 192.168.0.20 / 02:42:c0:a8:00:20 Create container without net Create veth Send veth1 to overlay NS Attach it to overlay bridge Send veth2 to container Rename & Configure Get NS for container plumb script
Does it ping? docker0:~$ docker exec -it demo ping 192.168.0.20 PING 192.168.0.20 (192.168.0.20): 56 data bytes 92 bytes from 192.168.0.10: Destination Host Unreachable docker0:~$ sudo ip netns exec overns ip neighbor show docker0:~$ sudo ip netns exec overns ip neighbor add 192.168.0.20 lladdr 02:42:c0:a8:00:20 dev vxlan42 docker0:~$ sudo ip netns exec overns bridge fdb add 02:42:c0:a8:00:20 dev vxlan42 self dst 10.0.0.11 vni 42 port 4789 docker1: Same with 192.168.0.10, 02:42:c0:a8:00:10 and 10.0.0.10
Result docker0 docker1 10.0.0.10 10.0.0.11 br42 vxlan42 eth0 br42 eth0 vxlan42 veth veth eth0 192.168.0.20 C0 Namespace C1 Namespace eth0 192.168.0.10 PING FDB ARP FDB ARP
Building our Overlay Making it dynamic
Catching network events: NETLINK • Kernel interface for communication between Kernel and userspace • Designed to transfer networking info (used by iproute2) • Several protocols – NETLINK_ROUTE – NETLINK_FIREWALL • Several notification types, for NETLINK_ROUTE for instance: – LINK – NEIGHBOR • Many events – LINK: NEWLINK, GETLINK – NEIGHBOR: GETNEIGH <= information on ARP, L2 discovery queries
Using ip monitor docker0:~$ ip monitor link docker0:~$ sudo ip link add dev veth1 type veth peer name veth2 32: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default link/ether b6:95:d6:b4:21:e9 brd ff:ff:ff:ff:ff:ff 33: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default link/ether a6:e0:7a:da:a9:ea brd ff:ff:ff:ff:ff:ff docker0:~$ ip monitor route docker0:~$ sudo ip route add 8.8.8.8 via 10.0.0.1 8.8.8.8 via 10.0.0.1 dev eth0
What about neighbor events? docker0:~$ echo 1 | sudo tee -a /proc/sys/net/ipv4/neigh/eth0/app_solicit docker0:~$ ip monitor neigh docker0:~$ ping 10.0.0.100 10.0.0.100 dev eth0 FAILED app_sollicit: generate Netlink message on L2/L3 miss
With containers docker0:~$ sudo ip netns del overns docker0:~$ sudo ./setup_vxlan 42 overns proxy l2miss l3miss dstport 4789 docker0:~$ sudo ./plumb br42@overns demo 192.168.0.10/24 02:42:c0:a8:00:10 docker0:~$ docker exec demo ip monitor neigh docker0:~$ docker exec demo ping 192.168.0.20 192.168.0.20 dev eth0 FAILED Retest from overns namespace docker0:~$ sudo ip netns exec overns ip monitor neigh miss 192.168.0.20 dev vxlan42 STALE Add ARP miss dev vxlan42 lladdr 02:42:c0:a8:00:20 STALE Add FDB => ping ok l2miss/l3miss generate messages from VXLAN interface
Using Netlink & Consul to dynamically find containers listen to Netlink events in overns Namespace only act on GETNEIGH events If l3miss, look up ARP in consul and add neighbor info If l2miss, lookup MAC location and add FDB info
Let's try! Clean up docker0:~$ sudo ip netns del overns docker0:~$ sudo ./setup_vxlan 42 overns proxy l2miss l3miss dstport 4789 docker0:~$ sudo ./plumb br42@overns demo 192.168.0.10/24 02:42:c0:a8:00:10 Add data to consul Test docker0:~$ sudo python/arpd-consul.py docker0:~$ docker exec -it demo ping 192.168.0.20 INFO Starting new HTTP connection (1): consul1 INFO L3Miss on vxlan42: Who has IP: 192.168.0.20? INFO Populating ARP table from Consul: IP 192.168.0.20 is 02:42:c0:a8:00:20 INFO L2Miss on vxlan42: Who has Mac Address: 02:42:c0:a8:00:20? INFO Populating FIB table from Consul: MAC 02:42:c0:a8:00:20 is on host 10.0.0.11
Overview docker0 docker1 10.0.0.10 10.0.0.11 br42 vxlan42 eth0 br42 eth0 vxlan42 veth veth eth0 192.168.0.20 C0 Namespace C1 Namespace eth0 192.168.0.10 PING FDB ARP FDB ARP consul Netlin k l2/l3 miss GETNEIGH events? lookup
Thank you! Questions? • Commands / code on github https://github.com/lbernail/dockercon2017 • Recorded at Dockercon Austin (a few improvements today) • Detailled blog post http://techblog.d2-si.eu/2017/04/25/deep-dive-into-docker-overlay-networks-part-1.html • Do not hesitate to ping me on twitter @lbernail
Deep Dive in Docker Overlay Networks

Empfohlen

Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksLaurent Bernaille
 
OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)Ian Choi
 
Midi technique - présentation docker
Midi technique - présentation dockerMidi technique - présentation docker
Midi technique - présentation dockerOlivier Eeckhoutte
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅
시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅
시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅CiscoKorea
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 

Empfohlen

Deep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksDeep dive in Docker Overlay Networks
Deep dive in Docker Overlay NetworksLaurent Bernaille
 
OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)OpenStack DevStack Install - 2부 (Multi-nodes)
OpenStack DevStack Install - 2부 (Multi-nodes)Ian Choi
 
Midi technique - présentation docker
Midi technique - présentation dockerMidi technique - présentation docker
Midi technique - présentation dockerOlivier Eeckhoutte
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅
시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅
시스코 라우팅의 진화 세그멘트 라우팅 애플리케이션 라우팅CiscoKorea
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹InfraEngineer
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1Sanjeev Kumar
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Docker Basics
Docker BasicsDocker Basics
Docker BasicsEueung Mulyana
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlanSuraj Deshmukh
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch IntroductionHungWei Chiu
 
Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStackShapeBlue
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingGiragadurai Vallirajan
 
도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편Sam Kim
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksLaurent Bernaille
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험NHN FORWARD
 
Kubernetes From Scratch .pdf
Kubernetes From Scratch .pdfKubernetes From Scratch .pdf
Kubernetes From Scratch .pdfssuser9b44c7
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...Simplilearn
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes BasicsEueung Mulyana
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹InfraEngineer
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1Sanjeev Kumar
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch IntroductionHungWei Chiu
 
Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStackShapeBlue
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in DockerKnoldus Inc.
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
 
도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편Sam Kim
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksLaurent Bernaille
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험NHN FORWARD
 
Kubernetes From Scratch .pdf
Kubernetes From Scratch .pdfKubernetes From Scratch .pdf
Kubernetes From Scratch .pdfssuser9b44c7
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...Simplilearn
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 

Was ist angesagt? (20)

Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹
 
VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1VMware vSphere 6.0 - Troubleshooting Training - Day 1
VMware vSphere 6.0 - Troubleshooting Training - Day 1
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
 
Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStack
 
Networking in Docker
Networking in DockerNetworking in Docker
Networking in Docker
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편도커 없이 컨테이너 만들기 3편
도커 없이 컨테이너 만들기 3편
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
 
Kubernetes From Scratch .pdf
Kubernetes From Scratch .pdfKubernetes From Scratch .pdf
Kubernetes From Scratch .pdf
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface Manager
 

Ähnlich wie Deep Dive in Docker Overlay Networks

Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Hervé Leclerc
 
Docker SDN (software-defined-networking) JUG
Docker SDN (software-defined-networking) JUGDocker SDN (software-defined-networking) JUG
Docker SDN (software-defined-networking) JUGPiotr Kieszczyński
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker, Inc.
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker, Inc.
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networkingLorenzo Fontana
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVSsnrism
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話upaa
 
Docker Multihost Networking
Docker Multihost Networking Docker Multihost Networking
Docker Multihost Networking Nicola Kabar
 
Docker Networking Meetup - Intro to Docker Networking
Docker Networking Meetup - Intro to Docker NetworkingDocker Networking Meetup - Intro to Docker Networking
Docker Networking Meetup - Intro to Docker NetworkingDhananjay Sampath
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
Docker Networking
Docker NetworkingDocker Networking
Docker NetworkingWeaveworks
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
DockerCon17 - Beyond the backslash
DockerCon17 - Beyond the backslashDockerCon17 - Beyond the backslash
DockerCon17 - Beyond the backslashTaylor Brown
 
Chris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks TutorialChris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks TutorialCohesive Networks
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networkingSim Janghoon
 

Ähnlich wie Deep Dive in Docker Overlay Networks (20)

Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
 
Docker SDN (software-defined-networking) JUG
Docker SDN (software-defined-networking) JUGDocker SDN (software-defined-networking) JUG
Docker SDN (software-defined-networking) JUG
 
Docker networking
Docker networkingDocker networking
Docker networking
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking Showcase
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
 
Docker-OVS
Docker-OVSDocker-OVS
Docker-OVS
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
Docker Multihost Networking
Docker Multihost Networking Docker Multihost Networking
Docker Multihost Networking
 
Docker Networking Meetup - Intro to Docker Networking
Docker Networking Meetup - Intro to Docker NetworkingDocker Networking Meetup - Intro to Docker Networking
Docker Networking Meetup - Intro to Docker Networking
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Docker network
Docker networkDocker network
Docker network
 
DockerCon17 - Beyond the backslash
DockerCon17 - Beyond the backslashDockerCon17 - Beyond the backslash
DockerCon17 - Beyond the backslash
 
Chris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks TutorialChris Swan ONUG Academy - Container Networks Tutorial
Chris Swan ONUG Academy - Container Networks Tutorial
 
Kubernetes networking
Kubernetes networkingKubernetes networking
Kubernetes networking
 

Mehr von Laurent Bernaille

How the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My NamespaceHow the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My NamespaceLaurent Bernaille
 
Kubernetes DNS Horror Stories
Kubernetes DNS Horror StoriesKubernetes DNS Horror Stories
Kubernetes DNS Horror StoriesLaurent Bernaille
 
Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Laurent Bernaille
 
Making the most out of kubernetes audit logs
Making the most out of kubernetes audit logsMaking the most out of kubernetes audit logs
Making the most out of kubernetes audit logsLaurent Bernaille
 
Kubernetes the Very Hard Way. Velocity Berlin 2019
Kubernetes the Very Hard Way. Velocity Berlin 2019Kubernetes the Very Hard Way. Velocity Berlin 2019
Kubernetes the Very Hard Way. Velocity Berlin 2019Laurent Bernaille
 
Kubernetes the Very Hard Way. Lisa Portland 2019
Kubernetes the Very Hard Way. Lisa Portland 2019Kubernetes the Very Hard Way. Lisa Portland 2019
Kubernetes the Very Hard Way. Lisa Portland 2019Laurent Bernaille
 
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...Laurent Bernaille
 
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!Laurent Bernaille
 
Optimizing kubernetes networking
Optimizing kubernetes networkingOptimizing kubernetes networking
Optimizing kubernetes networkingLaurent Bernaille
 
Kubernetes at Datadog the very hard way
Kubernetes at Datadog the very hard wayKubernetes at Datadog the very hard way
Kubernetes at Datadog the very hard wayLaurent Bernaille
 
Operational challenges behind Serverless architectures
Operational challenges behind Serverless architecturesOperational challenges behind Serverless architectures
Operational challenges behind Serverless architecturesLaurent Bernaille
 
Feedback on AWS re:invent 2016
Feedback on AWS re:invent 2016Feedback on AWS re:invent 2016
Feedback on AWS re:invent 2016Laurent Bernaille
 
Early recognition of encryted applications
Early recognition of encryted applicationsEarly recognition of encryted applications
Early recognition of encryted applicationsLaurent Bernaille
 
Early application identification. CONEXT 2006
Early application identification. CONEXT 2006Early application identification. CONEXT 2006
Early application identification. CONEXT 2006Laurent Bernaille
 

Mehr von Laurent Bernaille (15)

How the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My NamespaceHow the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My Namespace
 
Kubernetes DNS Horror Stories
Kubernetes DNS Horror StoriesKubernetes DNS Horror Stories
Kubernetes DNS Horror Stories
 
Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)
 
Making the most out of kubernetes audit logs
Making the most out of kubernetes audit logsMaking the most out of kubernetes audit logs
Making the most out of kubernetes audit logs
 
Kubernetes the Very Hard Way. Velocity Berlin 2019
Kubernetes the Very Hard Way. Velocity Berlin 2019Kubernetes the Very Hard Way. Velocity Berlin 2019
Kubernetes the Very Hard Way. Velocity Berlin 2019
 
Kubernetes the Very Hard Way. Lisa Portland 2019
Kubernetes the Very Hard Way. Lisa Portland 2019Kubernetes the Very Hard Way. Lisa Portland 2019
Kubernetes the Very Hard Way. Lisa Portland 2019
 
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you! ...
 
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!
10 ways to shoot yourself in the foot with kubernetes, #9 will surprise you!
 
Optimizing kubernetes networking
Optimizing kubernetes networkingOptimizing kubernetes networking
Optimizing kubernetes networking
 
Kubernetes at Datadog the very hard way
Kubernetes at Datadog the very hard wayKubernetes at Datadog the very hard way
Kubernetes at Datadog the very hard way
 
Discovering OpenBSD on AWS
Discovering OpenBSD on AWSDiscovering OpenBSD on AWS
Discovering OpenBSD on AWS
 
Operational challenges behind Serverless architectures
Operational challenges behind Serverless architecturesOperational challenges behind Serverless architectures
Operational challenges behind Serverless architectures
 
Feedback on AWS re:invent 2016
Feedback on AWS re:invent 2016Feedback on AWS re:invent 2016
Feedback on AWS re:invent 2016
 
Early recognition of encryted applications
Early recognition of encryted applicationsEarly recognition of encryted applications
Early recognition of encryted applications
 
Early application identification. CONEXT 2006
Early application identification. CONEXT 2006Early application identification. CONEXT 2006
Early application identification. CONEXT 2006
 

Kürzlich hochgeladen

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 

Kürzlich hochgeladen (20)

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 

Deep Dive in Docker Overlay Networks

  • 1. Talk Title Here Author Name, Company Deep dive in Docker Overlay Networks Laurent Bernaille @lbernail
  • 2. Agenda • The Docker Overlay Network – Getting started – Under the hood • Building our Overlay – Starting from scratch – Making it dynamic
  • 4. Environment docker0 docker1 consul 10.0.0.10 10.0.0.11 10.0.0.5 dockerd -H fd:// --cluster-store=consul://consul0:8500 --cluster-advertise=eth0:2376 What is in consul? Not much for now just metadata tree
  • 5. Let's create an Overlay Network docker0:~$ docker network create --driver overlay --internal --subnet 192.168.0.0/24 linuxcon c4305b67cda46c2ed96ef797e37aed14501944a1fe0096dacd1ddd8e05341381 docker1:~$ docker network ls NETWORK ID NAME DRIVER SCOPE bec777b6c1f1 bridge bridge local c4305b67cda4 linuxcon overlay global 3a4e16893b16 host host local c17c1808fb08 none null local
  • 6. Does it work? docker0:~$ docker run -d --ip 192.168.0.100 --net linuxcon --name C0 debian sleep infinity docker1:~$ docker run --net linuxcon debian ping 192.168.0.100 PING 192.168.0.100 (192.168.0.100): 56 data bytes 64 bytes from 192.168.0.100: seq=0 ttl=64 time=1.153 ms 64 bytes from 192.168.0.100: seq=1 ttl=64 time=0.807 ms docker1:~$ ping 192.168.0.100 PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data. ^C--- 192.168.0.100 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3024ms
  • 7. What did we build? Overlay consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11
  • 9. How does it work? Let's look inside containers docker0:~$ docker exec C0 ip addr show 58: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP inet 192.168.0.100/24 scope global eth0 docker0:~$ docker exec C0 ip -details link show dev eth0 58: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default veth
  • 10. Container network configuration consul docker0 eth0 192.168.0.100 C0 Namespace veth eth0 docker1 C1 Namespace veth eth0 192.168.0.Y eth0PING 10.0.0.10 10.0.0.11
  • 11. Where is the other end of the veth? docker0:~$ ip link show >> Nothing, it must be in another Namespace docker0:~$ sudo ls -l /var/run/docker/netns 8-c4305b67cd docker0:~$ docker network inspect linuxcon -f {{.Id}} c4305b67cda46c2ed96ef797e37aed14501944a1fe0096dacd1ddd8e05341381 docker0:~$ overns=/var/run/docker/netns/8-c4305b67cd docker0:~$ sudo nsenter --net=$overns ip -d link show 2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default bridge 62: vxlan1: <..> mtu 1450 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default vxlan id 256 srcport 10240 65535 dstport 4789 proxy l2miss l3miss ageing 300 59: veth2: <...> mtu 1450 qdisc noqueue master br0 state UP mode DEFAULT group default
  • 12. Update on connectivity Overlay consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11 br0 vxlanveth br0 vxlanveth
  • 13. What is VXLAN? • Tunneling technology over UDP (L2 in UDP) • Developed for cloud SDN to create multi-tenancy • Without the need for L2 connectivity • Without the normal VLAN limit (4096 VLAN Ids) • Easy to encrypt: IPSEC • Overhead: 50 bytes • In Linux • Started with Open vSwitch • Native with Kernel >= 3.7 and >=3.16 for Namespace support VXLAN: Virtual eXtensible LAN VNI: VXLAN Network Identifier VTEP: VXLAN Tunnel Endpoint Outer IP packet UDP dst: 4789 VXLAN Header Original L2
  • 14. Let's have a look docker0:~$ sudo tcpdump -nn -i eth0 "port 4789" docker1:~$ docker run -it --rm --net linuxcon debian ping 192.168.0.100 PING 192.168.0.100 (192.168.0.100): 56 data bytes 64 bytes from 192.168.0.100: seq=0 ttl=64 time=1.153 ms 64 bytes from 192.168.0.100: seq=1 ttl=64 time=0.807 ms docker0:~$ 13:35:12.796941 IP 10.0.0.11.60916 > 10.0.0.10.4789: VXLAN, flags [I] (0x08), vni 256 IP 192.168.0.2 > 192.168.0.100: ICMP echo request, id 1, seq 0, length 64 13:35:12.797035 IP 10.0.0.10.54953 > 10.0.0.11.4789: VXLAN, flags [I] (0x08), vni 256 IP 192.168.0.100 > 192.168.0.2: ICMP echo reply, id 1, seq 0, length 64
  • 15. Full connectivity with VXLAN consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11 br0 vxlanveth br0 vxlanveth IP src: 10.0.0.11 dst: 10.0.0.10 UDP src: X dst: 4789 VXLAN Header Original L2 src: 192.168.0.Y dst: 192.168.0.100
  • 16. How do containers find each other? • VXLAN Data plane – Sending data between hosts – Tunneling using UDP • VXLAN Control plane – Distribution of VLXAN endpoints ("VTEP") – Distribution of MAC to VTEP mappings – ARP offloading (optional, but required without ARP traffic)
  • 17. VXLAN Control Plane - Option 1: Multicast vxlan vxlan vxlan Multicast 239.x.x.x ARP: Who has 192.168.0.2? L2 discovery: where is 02:42:c0:a8:00:02 ? Use a multicast group to send traffic for unknown L3/L2 addresses • PROS: simple and efficient • CONS: Multicast connectivity not always available (on public clouds for instance)
  • 18. VXLAN Control Plane- Option 2: Point-to-point vxlan vxlan Remote IP: point-to-point Send everything to remote IP Configure a remote IP address where to send traffic for unknown addresses • PROS: simple, not need for multicast, very good for two hosts • CONS: difficult to manage with more than 2 hosts
  • 19. VXLAN Control Plane- Option 3: User-land vxlan vxlan daemon daemon Manual (with a daemon modifying ARP/FDB) ARP: Mac address of 192.168.0.2 L2: VTEP (host) for 02:42:c0:a8:00:02 vxlan daemon Do nothing, provide ARP / FDB information from outside • PROS: very flexible • CONS: requires a daemon and a centralized database of addresses
  • 20. How is it done by Docker? docker0:~$ sudo nsenter --net=$overns ip neighbor show docker0:~$ sudo nsenter --net=$overns bridge fdb show docker1:~$ docker run -d --ip 192.168.0.200 --net linuxcon --name C1 debian sleep infinity docker0:~$ sudo nsenter --net=$overns ip neighbor show 192.168.0.200 dev vxlan0 lladdr 02:42:c0:a8:00:c8 PERMANENT docker0:~$ sudo nsenter --net=$overns bridge fdb show 02:42:c0:a8:00:c8 dev vxlan0 dst 10.0.0.11 self permanent
  • 21. Where is this information stored? docker0:~$ net=$(docker network inspect linuxcon -f {{.Id}}) docker0:~$ curl -s http://consul:8500/v1/kv/docker/network/v1.0/network/${net}/ docker0:~$ python/dump_endpoints.py Endpoint Name: C1 IP address: 192.168.0.200/24 MAC address: 02:42:c0:a8:00:c8 Locator: 10.0.0.11 Endpoint Name: C0 IP address: 192.168.0.100/24 MAC address: 02:42:c0:a8:00:64 Locator: 10.0.0.10
  • 22. How is it distributed? docker0:~$ serf agent -join 10.0.0.10:7946 -node demo -event-handler=./serf.sh docker1:~$ docker run -d --net linuxcon debian sleep infinity docker1:~$ docker rm -f $(docker ps -aq) docker0:~$ New event: user join 192.168.0.2 255.255.255.0 02:42:c0:a8:00:02 New event: user leave 192.168.0.2 255.255.255.0 02:42:c0:a8:00:02 New event: user leave 192.168.0.200 255.255.255.0 02:42:c0:a8:00:c8
  • 23. Overview consul docker0 C0 eth0 docker1 C1 eth0PING 192.168.0.100 192.168.0.Y 10.0.0.10 10.0.0.11 br0 vxlanveth br0 vxlanveth IP src: 10.0.0.11 dst: 10.0.0.10 UDP src: X dst: 4789 VXLAN Header Original L2 src: 192.168.0.Y dst: 192.168.0.100 dockerd dockerd ARP FDB ARP FDB Serf / Gossip
  • 25. Clean up docker0:~$ docker rm -f $(docker ps -aq) docker0:~$ docker network rm linuxcon docker1:~$ docker rm -f $(docker ps -aq)
  • 26. Start from scratch docker0 docker1 10.0.0.10 10.0.0.11
  • 27. Step 1: Overlay Namespace docker0 docker1 10.0.0.10 10.0.0.11 br42 vxlan42 eth0 br42 eth0 vxlan42
  • 28. Creating the Overlay Namespace ip netns add overns ip netns exec overns ip link add dev br42 type bridge ip netns exec overns ip addr add dev br42 192.168.0.1/24 ip link add dev vxlan42 type vxlan id 42 proxy dstport 4789 ip link set vxlan1 netns overns ip netns exec overns ip link set vxlan42 master br42 ip netns exec overns ip link set vxlan42 up ip netns exec overns ip link set br42 up create overlay NS create bridge in NS create VXLAN interface move it to NS add it to bridge bring all interfaces up setup_vxlan script
  • 29. Step 2: Attach containers docker0 docker1 10.0.0.10 10.0.0.11 br42 vxlan42 eth0 br42 eth0 vxlan42 veth veth eth0 192.168.0.20 C0 Namespace C1 Namespace eth0 192.168.0.10
  • 30. Create containers and attach them docker0 docker run -d --net=none --name=demo debian sleep infinity ctn_ns_path=$(docker inspect --format="{{ .NetworkSettings.SandboxKey}}" demo) ctn_ns=${ctn_ns_path##*/} ip link add dev veth1 mtu 1450 type veth peer name veth2 mtu 1450 ip link set dev veth1 netns overns ip netns exec overns ip link set veth1 master br42 ip netns exec overns ip link set veth1 up ip link set dev veth2 netns $ctn_ns ip netns exec $ctn_ns ip link set dev veth2 name eth0 address 02:42:c0:a8:00:10 ip netns exec $ctn_ns ip addr add dev eth0 192.168.0.10 ip netns exec $ctn_ns ip link set dev eth0 up docker1 Same with 192.168.0.20 / 02:42:c0:a8:00:20 Create container without net Create veth Send veth1 to overlay NS Attach it to overlay bridge Send veth2 to container Rename & Configure Get NS for container plumb script
  • 31. Does it ping? docker0:~$ docker exec -it demo ping 192.168.0.20 PING 192.168.0.20 (192.168.0.20): 56 data bytes 92 bytes from 192.168.0.10: Destination Host Unreachable docker0:~$ sudo ip netns exec overns ip neighbor show docker0:~$ sudo ip netns exec overns ip neighbor add 192.168.0.20 lladdr 02:42:c0:a8:00:20 dev vxlan42 docker0:~$ sudo ip netns exec overns bridge fdb add 02:42:c0:a8:00:20 dev vxlan42 self dst 10.0.0.11 vni 42 port 4789 docker1: Same with 192.168.0.10, 02:42:c0:a8:00:10 and 10.0.0.10
  • 34. Catching network events: NETLINK • Kernel interface for communication between Kernel and userspace • Designed to transfer networking info (used by iproute2) • Several protocols – NETLINK_ROUTE – NETLINK_FIREWALL • Several notification types, for NETLINK_ROUTE for instance: – LINK – NEIGHBOR • Many events – LINK: NEWLINK, GETLINK – NEIGHBOR: GETNEIGH <= information on ARP, L2 discovery queries
  • 35. Using ip monitor docker0:~$ ip monitor link docker0:~$ sudo ip link add dev veth1 type veth peer name veth2 32: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default link/ether b6:95:d6:b4:21:e9 brd ff:ff:ff:ff:ff:ff 33: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default link/ether a6:e0:7a:da:a9:ea brd ff:ff:ff:ff:ff:ff docker0:~$ ip monitor route docker0:~$ sudo ip route add 8.8.8.8 via 10.0.0.1 8.8.8.8 via 10.0.0.1 dev eth0
  • 36. What about neighbor events? docker0:~$ echo 1 | sudo tee -a /proc/sys/net/ipv4/neigh/eth0/app_solicit docker0:~$ ip monitor neigh docker0:~$ ping 10.0.0.100 10.0.0.100 dev eth0 FAILED app_sollicit: generate Netlink message on L2/L3 miss
  • 37. With containers docker0:~$ sudo ip netns del overns docker0:~$ sudo ./setup_vxlan 42 overns proxy l2miss l3miss dstport 4789 docker0:~$ sudo ./plumb br42@overns demo 192.168.0.10/24 02:42:c0:a8:00:10 docker0:~$ docker exec demo ip monitor neigh docker0:~$ docker exec demo ping 192.168.0.20 192.168.0.20 dev eth0 FAILED Retest from overns namespace docker0:~$ sudo ip netns exec overns ip monitor neigh miss 192.168.0.20 dev vxlan42 STALE Add ARP miss dev vxlan42 lladdr 02:42:c0:a8:00:20 STALE Add FDB => ping ok l2miss/l3miss generate messages from VXLAN interface
  • 38. Using Netlink & Consul to dynamically find containers listen to Netlink events in overns Namespace only act on GETNEIGH events If l3miss, look up ARP in consul and add neighbor info If l2miss, lookup MAC location and add FDB info
  • 39. Let's try! Clean up docker0:~$ sudo ip netns del overns docker0:~$ sudo ./setup_vxlan 42 overns proxy l2miss l3miss dstport 4789 docker0:~$ sudo ./plumb br42@overns demo 192.168.0.10/24 02:42:c0:a8:00:10 Add data to consul Test docker0:~$ sudo python/arpd-consul.py docker0:~$ docker exec -it demo ping 192.168.0.20 INFO Starting new HTTP connection (1): consul1 INFO L3Miss on vxlan42: Who has IP: 192.168.0.20? INFO Populating ARP table from Consul: IP 192.168.0.20 is 02:42:c0:a8:00:20 INFO L2Miss on vxlan42: Who has Mac Address: 02:42:c0:a8:00:20? INFO Populating FIB table from Consul: MAC 02:42:c0:a8:00:20 is on host 10.0.0.11
  • 40. Overview docker0 docker1 10.0.0.10 10.0.0.11 br42 vxlan42 eth0 br42 eth0 vxlan42 veth veth eth0 192.168.0.20 C0 Namespace C1 Namespace eth0 192.168.0.10 PING FDB ARP FDB ARP consul Netlin k l2/l3 miss GETNEIGH events? lookup
  • 41. Thank you! Questions? • Commands / code on github https://github.com/lbernail/dockercon2017 • Recorded at Dockercon Austin (a few improvements today) • Detailled blog post http://techblog.d2-si.eu/2017/04/25/deep-dive-into-docker-overlay-networks-part-1.html • Do not hesitate to ping me on twitter @lbernail