Docker Networking With Linux - Unice.fr
DockerNetworking ic tools:bridges, VETHDocker Networking with LinuxBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Guillaume Urvoy-KellerJanuary 27, delDocker SwarmDocker NetworkOverlay1 / 62
DockerNetworking withLinuxSources ic tools:bridges, VETHBasic tools 2:Networking innamespaces Laurent Bernaille -into-docker-overlay-networks-part-1.htmlMinilab :Anatomy of adockercontainernetworkingenvironment (45min) Docker Networking Cookbook, PacktPub, Jon LangemakDocker(host-level)Networking L3 VXLAN Made Practical presentation (Openstack summit2014) by Nolan Leake and Chet Burgess Docker official documentationDockerNetworkingModelDocker SwarmDocker NetworkOverlay2 / 62
DockerNetworking ario1 Reference ScenarioBasic tools:bridges, VETH2 Basic tools: bridges, VETHBasic tools 2:Networking innamespaces3 Basic tools 2: Networking in namespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networking4 Minilab : Anatomy of a docker container networking environment(45 min)5 Docker (host-level) Networking6 Docker Networking ModelDockerNetworkingModel7 Docker SwarmDocker Swarm8 Docker Network OverlayDocker NetworkOverlay3 / 62
DockerNetworking withLinuxReference c tools:bridges, VETHPhysical Host 2Physical Host 1Basic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment rNetworkingModelXXDocker SwarmDocker NetworkOverlay4 / 62
DockerNetworking withLinuxWhat we needGuillaumeUrvoy-KellerReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networking Virtual bridges/switches Virtual links inside physical hosts to interconnect: Containers to virtual switches Physical interfaces to virtual switches Decoupling IP address space from tenants (containers) fromthe one of data center manager tunnelling between virtualswitches Instantiate containers Docker As containers live in different namespaces, we need to movephysical interfaces and links between containers.DockerNetworkingModelDocker SwarmDocker NetworkOverlaySimilar scenario, e.g. in Openstack, by replacing containers withVMs5 / 62
DockerNetworking enarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Linux offers: native support of bridges native support of virtual odelDocker SwarmDocker NetworkOverlay6 / 62
DockerNetworking withLinuxCreating a dummy interface (similarto ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelThe "ip" command is the swiss knife of Linux for manipulatinginterfaces1 ip link . manipulates interfaces / bridges ip address . assigns/removes IP addresses ip route . modifies routing tables ; e.g. ip route showuser@net2: sudo apt get install iproute2 # what you need to manipulate networksettingsuser@net2: sysctl w net.ipv4.ip forward 1 # transforms your machine into a routeruser@net2: sudo ip link add dummy0 type dummyuser@net2: sudo ip address add 172.16.10.129/26 dev dummy0user@net2: sudo ip link set dummy0 upDocker SwarmDocker NetworkOverlay1Beware of ifconfig (for instance, it does not see all the addresses of aninterface if there are multiple addresses).7 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerCreating a Linux BridgeReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networkinguser@net1: sudo ip link add host bridge1 type bridgeuser@net1: ip link show host bridge15: host bridge1: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN modeDEFAULT group defaultlink/ether f6:f1:57:72:28:a7 brd ff:ff:ff:ff:ff:ffuser@net1: sudo ip address add 172.16.10.1/26 dev host bridge1 # assigns an IPaddress to the interface to make it layer 3 aware (enables to use routing facility ofkernel)user@net1: sudo ip link set dev eth1 master host bridge1 # associate an interface to abridgeuser@net1: sudo ip link set dev eth1 nomaster # de associateDockerNetworkingModelDocker SwarmDocker NetworkOverlay8 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerVirtual linksReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min) Need to connect virtual interfaces within the same host Linux proposes VETH: Virtual Ethernet, which are pairs ofinterfaces such that what is sent in one is received in the other They can be assigned an IP address to be layer 3 ModelDocker SwarmDocker NetworkOverlay9 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerVETH pairsReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)NetworkingLet us create a second bridge (the first one was host bridge)user@net1: sudo ip link add edge bridge1 type bridgeuser@net1: sudo ip link add host veth1 type veth peer name edge veth1 # create aVETH pair specifying the ends nameuser@net1: ip link show. Additional output removed for brevity .13: edge veth1@host veth1: BROADCAST,MULTICAST,M DOWN mtu 1500 qdiscnoop state DOWN mode DEFAULT group default qlen 1000link/ether 0a:27:83:6e:9a:c3 brd ff:ff:ff:ff:ff:ff14: host veth1@edge veth1: BROADCAST,MULTICAST,M DOWN mtu 1500 qdiscnoop state DOWN mode DEFAULT group default qlen 1000link/ether c2:35:9c:f9:49:3e brd ff:ff:ff:ff:ff:ffDockerNetworkingModelDocker SwarmDocker NetworkOverlay10 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlaySide note.Put all this up as this is not the default:user@net1: sudo ip link set host bridge1 upuser@net1: sudo ip link set edge bridge1 upuser@net1: sudo ip link set host veth1 upuser@net1: sudo ip link set edge veth1 upHow to distinguish between a bridge or a simple interface or aveth: use ip -d link name of interface:root@ubuntu xenial:/sys/class/net/enp0s3# ip d link show dev docker06: docker0: BROADCAST,MULTICAST,UP,LOWER UP mtu 1500 qdisc noqueue state UP mode DEFAULT groupdefaultlink/ether 02:42:86:07:6e:98 brd ff:ff:ff:ff:ff:ff promiscuity 0bridge forward delay 1500 hello time 200 max age 2000 ageing time 30000 stp state 0 priority 32768 vlan filtering0 vlan protocol 802.1Q addrgenmode eui64root@ubuntu xenial:/sys/class/net/enp0s3# ip d link show dev enp0s32: enp0s3: BROADCAST,MULTICAST,UP,LOWER UP mtu 1500 qdisc pfifo fast state UP mode DEFAULT groupdefault qlen 1000link/ether 02:d2:3e:0e:ff:c0 brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode eui64root@ubuntu xenial:/sys/class/net/enp0s3# ip d link show dev veth84e2b4a17: veth84e2b4a@if16: BROADCAST,MULTICAST,UP,LOWER UP mtu 1500 qdisc noqueue master docker0 state UPmode DEFAULT group defaultlink/ether 72:14:0f:4d:d1:28 brd ff:ff:ff:ff:ff:ff link netnsid 0 promiscuity 1veth # this is a veth connected to docker0bridge slave state forwarding priority 32 cost 2 hairpin off guard off root block off fastleave off learning on flood onaddrgenmode eui6411 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerNetwork NamespacesReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min) Network namespaces allow you to create isolated views ofthe network. Allows to mimic Virtual Routing and Forwarding (VRF)instances available in most modern networking hardware(e.g. Cisco kingModelDocker SwarmDocker NetworkOverlay12 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerScenario to implement (DockerNetworking Cookbook)ReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlay13 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerNetwork NamespacesReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networkinguser@net1: sudo ip netns add ns 1user@net1: sudo ip netns add ns 2user@net1: ip netns listns 2ns 1Create the bridges inside the namespacesuser@net1: sudo ip netns exec ns 1 ip link add edge bridge1 type bridgeuser@net1: sudo ip netns exec ns 2 ip link add edge bridge2 type bridgeDockerNetworkingModelDocker SwarmDocker NetworkOverlay14 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerNetwork NamespacesReferenceScenarioDo an ip link show inside a given ns namespaceBasic tools:bridges, VETHuser@net1: sudo ip netns exec ns 1 ip link show1: lo: LOOPBACK mtu 65536 qdisc noop state DOWN mode DEFAULT groupdefaultlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: edge bridge1: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN modeDEFAULT group defaultlink/ether 26:43:4e:a6:30:91 brd ff:ff:ff:ff:ff:ffBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelWe next move the interfaces eth1 and eth2 within the namespaces one side of the VETH pairsuser@net1: sudo ip link set dev eth1 netns ns 1user@net1: sudo ip link set dev edge veth1 netns ns 1user@net1: sudo ip link set dev eth2 netns ns 2user@net1: sudo ip link set dev edge veth2 netns ns 2Docker SwarmDocker NetworkOverlay15 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelFor sake of completnessWe have done the hard work. For sake of completness, we need toplug the VETH inside NS to the switchs and put everything up:user@net1: sudo ip netns exec ns 1 ip link set dev edge veth1 master edge bridge1user@net1: sudo ip netns exec ns 1 ip link set dev eth1 master edge bridge1user@net1: sudo ip netns exec ns 2 ip link set dev edge veth2 master edge bridge2user@net1: sudo ip netns exec ns 2 ip link set dev eth2 master edge bridge2user@net1: sudo ip netns exec ns 1 ip link set edge bridge1 upuser@net1: sudo ip netns exec ns 1 ip link set edge veth1 upuser@net1: sudo ip netns exec ns 1 ip link set eth1 upuser@net1: sudo ip netns exec ns 2 ip link set edge bridge2 upuser@net1: sudo ip netns exec ns 2 ip link set edge veth2 upuser@net1: sudo ip netns exec ns 2 ip link set eth2 upDocker SwarmDocker NetworkOverlay16 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmMinilab: how a basic container isconnectedInstructions to be applied inside a ubuntu virtual or physicalmachine: Start a simple ubuntu container. Update the list of package as the container without anyreference to the default repositories Install the net-tools package and do an ifconfig Install iproute2 and do an ip address show (or ip a s forshort). Conclusion? Which kind of interface it is (which name should you use forthe interface)? Check also the routing table. Start to make adrawing with the interface connected to the outside of thecontainer.Docker NetworkOverlay17 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerMinilab: cont’dReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networking You can leave without stopping the container with ˆPˆQ. Fromthe host, find the sibling interface and where is it connectedto. Hint : numbering of interfaces are absolute (irrespective ofns) From inside the container (re-attach with docker attachname of container .that you find with a docker ps). Pingthe gateway if your host/VM and check with an watchiptables -L -v which iptables are used for the FILTER tableand a watch iptables -L -v -t nat for the NAT table.DockerNetworkingModelDocker SwarmDocker NetworkOverlay18 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlayMinilab: how a basic container isconnected Start a container with an exposed port like 80:docker run it name ubuntu p80 ubuntu /bin/bash Check the exposed port with docker port ubuntu or dockerps Check the iptables rule Check what happens with a netcat on the correct port (nclocalhost exposed port -v). You need to be in verbosemode Wait a minute: there was no active web server and still, youmanaged to establish the TCP connection. Convince yourselfwith a wget or curl that it is the case. Do a simple ps aux grep docker and netstat -tn tounderstand what happens.19 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerDocker advanced networkingfunctionsReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesYou have a set of predefined networks:Minilab :Anatomy of adockercontainernetworkingenvironment (45min)root@ubuntu xenial: docker network lsNETWORK ID NAME DRIVER SCOPEbfb14981a5df bridge bridge localb7c327787044 host host local492f4a9fe233 none null odelDocker SwarmDocker NetworkOverlay20 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlayDocker bridge mode (this isbridge0!)root@ubuntu xenial:/sys/class/net/enp0s3# docker network inspect bridge{"Name": "bridge","Id": e196fd1bbad1260","Created": "2017 10 20T14:49:36.899406866Z","Driver": "bridge","EnableIPv6": false,"IPAM": {"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},[.]},"Options": {"com.docker.network.bridge.default bridge": "true","com.docker.network.bridge.enable icc": "true","com.docker.network.bridge.enable ip masquerade": "true","com.docker.network.bridge.host binding ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}}21 / 62
DockerNetworking withLinuxDocker default networking modesGuillaumeUrvoy-KellerReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networking For bridge, you can adapt: MTU size in case of tunnellingCIDR rangeGW address. Host mode is when you connect container directly to the host leads to port contention, e.g., you cannot run multiplereplicas of a web server! None is. noneDockerNetworkingModelDocker SwarmDocker NetworkOverlay22 / 62
DockerNetworking withLinuxCustom c tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networkingroot@ubuntu xenial: # docker network create 051744b93128bc21b291336However, the scope is still local (host machine) – see last column.The real meat will be the overlay.root@ubuntu xenial: # docker network lsNETWORK ID NAME DRIVER SCOPEbfb14981a5df bridge bridge localb7c327787044 host host local0b396f0fc926 mynetwork bridge local492f4a9fe233 none null localDockerNetworkingModelDocker SwarmDocker NetworkOverlay23 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker Networking odelDocker SwarmDocker NetworkOverlay24 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerThe Container Networking ModelReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlaysource: rence Architecture%3A Designing Scalable%2C PortableDocker Container Networks25 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerThe Container Networking ModelReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModel "Sandbox — A Sandbox contains the configuration of acontainer’s network stack. This includes management of thecontainer’s interfaces, routing table, and DNS settings. Animplementation of a Sandbox could be a Linux NetworkNamespace, a FreeBSD Jail, or other similar concept." Endpoint: enable connection to the outside world, from asimple bridge to a complex overlay network Network driver: possibility to use Docker solution (swarm) orthird party IPAM : IP address management - DHCP and the likeDocker SwarmDocker NetworkOverlay26 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerAn open Network driver ModelReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlaysource: rence Architecture%3A Designing Scalable%2C PortableDocker Container Networks27 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerDocker Native Network DriversReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlaysource: rence Architecture%3A Designing Scalable%2C PortableDocker Container Networks28 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerRemote Network driverReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker Swarmsource: rence Architecture%3A Designing Scalable%2C PortableDocker Container NetworksDocker NetworkOverlay29 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker Swarm elDocker SwarmDocker NetworkOverlay30 / 62
DockerNetworking withLinuxDocker swarmGuillaumeUrvoy-KellerReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Several Docker Hosts Use them in ClusterDocker Engine 1.12: natively supports swarm Clusters organized into workers, managers and leaders Dispatching of services : tasks to be executed by gModelDocker SwarmDocker NetworkOverlay31 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerSwarm tasks dispatchingReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlay32 / 62
DockerNetworking withLinuxSwarm operationsGuillaumeUrvoy-Keller docker swarm init advertise addr MANAGER IP ReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker Swarm# Swarm initialized: current node (8jud.) is now a manager. To add a worker to this swarm, run the following command:docker swarm join token SWMTKN 1 59fl4ak4nqjmao1ofttrc4eprhrola2l87. \172.31.4.182:2377Check state: docker info Swarm: activeNodeID: 8jud7o8dax3zxbags3f8yox4bIs Manager: trueClusterID: 2vcw2oa9rjps3a24m91xhvv0cYou have created a first node in the swarm (your host) docker node lsID HOSTNAME STATUS AVAILABILITY MANAGER STATUS8jud.ox4b ip 172 31 4 182 Ready Active LeaderDocker NetworkOverlay33 / 62
DockerNetworking withLinuxDocker swarmGuillaumeUrvoy-KellerReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker has generated tokens to join the swarm: docker swarm join token worker docker swarm join token managerYou can then join by issuing on the second host: docker swarm join token TOKEN WORKER. 172.31.4.182:2377If this works, you should have docker node lsID HOSTNAME STATUS AVAILABILITY MANAGER STATUS8jud.ox4b ip 172 31 4 182 Ready Active Leaderehb0.4fvx ip 172 31 4 180 Ready ActiveDocker SwarmDocker NetworkOverlay34 / 62
DockerNetworking withLinuxDocker swarmGuillaumeUrvoy-KellerReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)NetworkingYou can now execute a service :root@ubuntu xenial: docker service create replicas 1 name helloworld alpine pingdocker.comand observe the services in general or a specific serviceroot@ubuntu xenial: docker service create replicas 1 name helloworld alpine ping docker.com2klpz2bef3ez7w498hw17bwbwroot@ubuntu xenial: docker service lsID NAME MODE REPLICAS IMAGE PORTS2klpz2bef3ez helloworld replicated 1/1 alpine:latestroot@ubuntu xenial: docker service ps helloworldID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS5uwod1wobk0m helloworld.1 alpine:latest ubuntu xenial Running Running 35 seconds agoDockerNetworkingModelDocker SwarmDocker NetworkOverlay35 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker Network gModelDocker SwarmDocker NetworkOverlay36 / 62
DockerNetworking withLinuxDocker OverlayGuillaumeUrvoy-KellerReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)Networking Enables multi-host networking A host here is a physical or virtual machine that features thedocker daemon Docker hosts be created independently or from a central placeusing docker-machine Docker overlay driver enables to create a VLAN for groups ofdistributed (over the Docker hosts) containersDockerNetworkingModelDocker SwarmDocker NetworkOverlay37 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerDocker MachineReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModel Create a VM with Docker engine that can be remotelycontrolled. This VM can be local (Virtualbox or Hyper-V) ordistant in the cloud (Amazon Web Service, Digital Ocean). For cloud deployment, docker-machine superseded by dockerCloudDocker SwarmDocker NetworkOverlay38 / 62
DockerNetworking withLinuxDocker Machine with localprovisioning using sic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)NetworkingCreating VM docker machine create driver virtualbox defaultCreating machine.(staging) Copying o to t2docker.iso.(staging) Creating VirtualBox VM.(staging) Creating SSH key.(staging) Starting the VM.Provisioning with boot2docker.Copying certs to the remote machine.Setting Docker configuration on the remote daemon.Checking connection to Docker.Docker is up and running!DockerNetworkingModelDocker SwarmDocker NetworkOverlay39 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker Machine with localprovisioning using VirtualboxListing current docker machines docker machine lsNAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORSdefault virtualbox Running tcp://192.168.99.187:2376 v1.9.1Listing and Changing env variables to control a given dockermachine: docker machine env defaultexport DOCKER TLS VERIFY "1"export DOCKER HOST "tcp://172.16.62.130:2376"export DOCKER CERT PATH "/Users/ yourusername /.docker/machine/machines/default"export DOCKER MACHINE NAME "default"# Run this command to configure your shell:# eval " (docker machine env default)" eval " (docker machine env default)"Docker SwarmDocker NetworkOverlayNew docker host ready to be integrated in swarm!40 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelDocker SwarmDocker NetworkOverlayDocker Network OverlayCreate an overlay docker network create driver overlay my networkInspect network docker network inspect my network[{"Name": "my network","Id": "fsf1dmx3i9q75an49z36jycxd","Created": "0001 01 01T00:00:00Z","Scope": "swarm","Driver": "overlay","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": []},"Internal": false,"Attachable": false,"Ingress": false,"Containers": null,"Options": {"com.docker.network.driver.overlay.vxlanid list": "4097"},"Labels": null}]41 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerDocker Network OverlayReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)NetworkingWhat is important in previous listing: The driver : overlay! The scope : swarm network extends to a swarm, not localto host Attached containers are listed in the docker inspectYou can now attach a service (set of containers) to the overlay docker service create replicas 3 name my web network my network nginxDockerNetworkingModelDocker SwarmDocker NetworkOverlay42 / 62
DockerNetworking ic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)NetworkingMinilab 2Step 1 : create two docker nodes with the Vagrant files below and at start-up,attach them to your ethernet card:http://www.i3s.unice.fr/ urvoy/docs/VICC/two VM with docker.tarStep 2 : Start a service in a swarm: Initialize swarm in Docker1 host:docker swarm init advertise addr 10.0.0.1 Attach Docker2 by applying the provided command in the return messageof the init Create overlay:docker network create driver overlay my overlay Check the two nodes are availble:docker node lsDockerNetworkingModel Launch an alpine image that pings docker.com, connecting it to yourDocker SwarmoverlayDocker NetworkOverlaydocker service create network my overlay replicas 2 name vicc alpineping docker.com43 / 62
DockerNetworking withLinuxMinilab 2GuillaumeUrvoy-KellerReferenceScenarioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment (45min)Docker(host-level)NetworkingStep 3 : Check the IPs of the two containers with an exec commandfrom docker – see next slide launch a ping from one container one one node to a containerin a different node using the exec command visualize the packets with tcpdump on the other host on theinterface to which the swarm was associated the interfacebridge on your ethernet cardDockerNetworkingModelDocker SwarmDocker NetworkOverlay44 / 62
DockerNetworking narioBasic tools:bridges, VETHBasic tools 2:Networking innamespacesMinilab :Anatomy of adockercontainernetworkingenvironment gModelFigure: Minilab 2Docker SwarmDocker NetworkOverlay45 / 62
DockerNetworking withLinuxGuillaumeUrvoy-KellerDocker Ovelay Network: What isbehind the hood?ReferenceScenarioBasic tools:bridges, VETHBasic tools 2:N
deep-dive-into-docker-overlay-networks-part-1. html Docker Networking Cookbook, PacktPub, Jon Langemak Docker official documentation L3 VXLAN Made Practical presentation (Openstack summit 2014) by Nolan Leake and Chet Burgess 2/62. Docker Networking with
Docker Quickstart Terminal Docker Quickstart Terminal Docker . 2. docker run hello-world 3. . Windows Docker : Windows 7 64 . Windows Linux . 1.12.0 Docker Windows Hyper-V Linux 1.12 VM . docker . 1. Docker for Windows 2. . 3. . 1.11.2 1.11 Linux VM Docker, VirtualBox Linux Docker Toolbox .
Docker Networking with Linux Guillaume Urvoy-Keller Reference Scenario Basic tools: bridges, VETH Basic tools 2: Networking in namespaces Minilab : Anatomy of a docker container networking environment (45 min) Docker (host-level) Networking Docker Networking Model Docker Swarm Docker Network Overlay Sources documents Laurent Bernaille blog .
Exercise: How to use Docker States of a Docker application: – Dockerfile Configuration to create a Docker Image. – Docker Image Image can be loaded by Docker and is used to create Docker Container. – Docker Container Instance of a Docker Image. Dockerfile – Build a Docker Image from Dockerfile wi
Docker images and lauch Docker containers. Docker engine has two different editions: the community edition (Docker CE) and the enterprise edition (Docker EE). Docker node/host is a physical or virtual computer on which the Docker engine is enabled. Docker swarm cluster is a group of connected Docker nodes.
3.Install the Docker client and daemon: yum install docker-engine. 4.Start the Docker daemon: service docker start 5.Make sure the Docker daemon will be restarted on reboot: chkconfig docker on 6. Add the users who will use Docker to the docker group: usermod -a -G docker user .
o The Docker client and daemon communicate using a RESTAPI, over UNIX sockets or a network interface. Docker Daemon(dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. Docker Client(docker) is the primary way that many Docker users interact with Docker. When docker run
Introduction to Containers and Docker 11 docker pull user/image:tag docker run image:tag command docker run -it image:tag bash docker run image:tag mpiexec -n 2 docker images docker build -t user/image:tag . docker login docker push user/image:tag
Open docker-step-by-step.pdf document Introduction to Containers and Docker 19. Backup slides. Docker cheatsheet Introduction to Containers and Docker 21 docker pull user/image:tag docker run image:tag command docker run -it image:tag bash docker run image:tag mpirun -n 2
