SlideShare a Scribd company logo

Network Design patters with Docker

Download as PPTX, PDF
Daniel Finneran
Daniel Finneran

Talk from DockerCon, looking at the various Docker network technologies and how to implement them to migration applications.

Technology
1 of 47
Practical Design Patterns in Docker Networking Dan Finneran EMEA Solutions Architect, Docker
Why this topic?
Agenda ● The evolving architecture of application networking ● Docker networking ● Infrastructure design patterns ● Design Patterns when modernizing a traditional application ● [REDACTED] ● Summary and Q/A
The evolving architecture of application networking
Physically hosted applications ● Services, application components are 1:1 with network addresses and architecture. ● Often flat or simplistic networks defined by physical network ports or VLANs used to segregate the application from the network. ● High availability is provided by clustering software or DNS/load-balancer across multiple deployments/sites.
[Active VIP] 10.1.0.310.1.0.2 Witness host Physically hosted applications DNS 10.0.0.310.0.0.2 10.0.0.4 10.0.0.5 10.0.0.6 Tier 1 Storage Replication to secondary site Tier 2
Virtual (Machine) applications ● Services and Applications are broken down into smaller VM allocations resulting in an explosion of network resources ● The tight-packing of numerous VMs per host has resulted in numerous networks being provisioned to every host. ● Virtual LANs are used as the method for providing segregation between applications and application tiers.
Virtual (Machine) applications VM Host VM Host VLAN101 (F/E) VLAN101 (F/E) VLAN102 (App) VLAN102 (App) VLAN103 (B/E) VLAN103 (B/E) Load Balancer
Docker networking
Docker Networking docker network ls NETWORK ID NAME DRIVER SCOPE 4507d8b4dd86 bridge bridge local 8866a19c0751 docker_gwbridge bridge local b88e79e31749 host host local vlujsum8my0u ingress overlay swarm e12df2f39d06 none null local ed60df3f6402 mac_net macvlan local [dan@dockercon ~]$ [dan@dockercon ~]$
172.17.0.1 172.17.0.1 Host/Bridge Networking Docker Engine Bridge | NAT Docker Engine Bridge | NAT Docker Engine Bridge | NAT 172.17.0.1 10.0.0.1 10.0.0.2 10.0.0.3 :80 docker run –-net=host nginx [dan@dockercon ~]$ [dan@dockercon ~]$ ● The host flag will start the container in the same namespace as the host itself allowing a container to use the hosts networking stack directly. ● Provides near metal speed, however can result in port conflicts. :80
172.17.0.1 172.17.0.1 Host/Bridge Networking Docker Engine Bridge | NAT Docker Engine Bridge | NAT Docker Engine Bridge | NAT 172.17.0.0/16 172.17.0.1 10.0.0.1 10.0.0.2 10.0.0.3 docker run dockerimage:latest [dan@dockercon ~]$ [dan@dockercon ~]$ ● Containers are started and connected by default to the internal bridge network. ● These containers wont expose any network connectivity to the outside world by design, however can speak to one another whilst on the same host. :80:80
172.17.0.1 172.17.0.1 Host/Bridge Networking Docker Engine Bridge | NAT Docker Engine Bridge | NAT Docker Engine Bridge | NAT 172.17.0.1 172.17.0.2 :80 10.0.0.1 10.0.0.2 10.0.0.3 docker run –p 80:80 nginx [dan@dockercon ~]$ [dan@dockercon ~]$ ● The –p flag will expose an external port on the host and map it to a port on the container. ● Only containers with services need to expose their ports potentially solving port-conflicts. :80 :80:80 172.17.0.0/16
Swarm Overlay networking Docker Engine Overlay Docker Engine Overlay Docker Engine Overlay 10.0.0.1 10.0.0.2 10.0.0.3 docker service create –-name web --replicas 2 --publish 8080:80 nginx [dan@dockercon ~]$ :8080 :8080 :8080 :80 :80 ● The Overlay network makes use of VXLAN in order to create an overlay network over the underlying network. ● The tunnel allows containers across hosts to communicate.
Swarm Overlay networking Docker Engine Overlay Docker Engine Overlay Docker Engine Overlay 10.0.0.1 10.0.0.2 10.0.0.3 :80 :80 :8080 :8080 :8080 ● By default the overlay is encrypted with the AES algorithm and hosts will rotate their keys every 12 hours. ● Publishing a port applies to all nodes in the swarm cluster. Regardless of node connected to, the request is forwarded to a node running the task. docker service create –-name web --replicas 2 --publish 8080:80 nginx [dan@dockercon ~]$
Swarm Overlay networking Docker Engine Overlay Docker Engine Overlay Docker Engine Overlay 10.0.0.1 10.0.0.2 10.0.0.3 :80 :80 ● Each container gets a pair of IP addresses. ● One IP address exists on the Overlay network, this allows all containers on the network to communicate ● The other IP address carries the tunnel to other hosts in the cluster and contains all the actual data that needs to leave the host. 10.0.0.3 10.0.0.4 172.18.0.3 172.18.0.4
Macvlan driver Docker Engine 10.0.0.1 10.1.0.1 10.1.0.2 Docker Engine 10.0.0.2 10.1.0.3 10.1.0.4 ● The Macvlan driver provides a hardware (MAC) address for each container, allowing them to have a full TCP/IP stack. ● Allows containers to become part of the traditional network, and use things like external IPAM or VLAN trunking when numerous networks are needed. ● No overhead from technologies such as VXLAN or NAT.
Macvlan driver Docker Engine 10.0.0.1 10.1.0.2 10.1.0.3 Docker Engine 10.0.0.2 10.1.0.4 10.1.0.5 docker network create -d macvlan --subnet=10.1.0.0/24 --gateway=10.1.0.1 -o parent=eth0 mac_net [dan@dockercon ~]$ ● Create a network using the macvlan network and assign the ranges/gateway and the parent adapter (or sub-adapter for vlans e.g eth0.120)
Macvlan driver Docker Engine 10.0.0.1 10.1.0.2 10.1.0.3 Docker Engine 10.0.0.2 10.1.0.4 10.1.0.5 docker run --net=mac_net --ip=10.1.0.2 nginx [dan@dockercon ~]$ ● When starting a container you can apply a physical IP address on that network. ● The container is effectively another host on the underlay network.
Macvlan driver 10.1.0.1 10.1.0.2 10.1.0.3 10.1.0.4 ● The use of the macvlan driver essentially makes a Docker container a first class citizen on the network. ● This functionality however carries additional overhead in terms of network management, as each container will now exist on the network as its own entity. 10.1.0.5 10.1.0.6 10.1.0.7 10.1.0.8 10.1.0.9 10.1.0.10 10.1.0.11 10.1.0.12 10.1.0.13 10.1.0.14 10.1.0.15 10.1.0.16
Networking plugins Docker Engine 10.0.0.2 Plugin Docker Engine 10.0.0.1 Plugin ● Docker networking plugins allow vendors to extend the functionality of their network devices and technologies into the Docker Engine. ● Providing features such as vendor specific IP Address Management or enabling the network to configure itself to provide functionality to containers through their lifecycle such as (overlays/QOS/Load balancing). Configuration
Infrastructure design patterns
Separate data/control planes Docker Engine Docker Engine 10.0.0.1 10.0.0.2 docker swarm init --advertise-addr eth0 --data-path-addr eth1 [dan@dockercon ~]$ Overlay 10.1.0.1 10.1.0.2 ● When initially configuring a Docker swarm cluster on hosts with multiple NICs there is the option of separating the data and control planes. ● This provides physical and logical separation of traffic leaving the host.
Separate data/control planes Docker Engine Docker Engine 10.0.0.1 10.0.0.2 docker swarm join --token XYZ --advertise-addr eth0 --data-path-addr eth1 10.0.0.1:2377 [dan@dockercon ~]$ Overlay Overlay 10.1.0.1 10.1.0.2 ● Joining additional nodes to the swarm cluster takes two additional flags to specify the traffic carried by a particular adapter. ● Any services created will then be part of the data plane and have traffic segregated from the control plane.
Design Patterns when modernizing a traditional application
Docker Enterprise Edition ● Docker Enterprise Edition provides a full CaaS platform (Containers as a Service). ● Comes with Integrated Container Orchestration, management platform and increased security (RBAC, images scanning etc.) ● Enterprise supported platform for production deployments.
Universal Control Plane ● The Docker UCP provides a clustered enterprise grade management platform for Docker. ● A centralized platform for managing and monitoring swarm container clusters and container infrastructure. ● Extended functionalisation of the Docker platform making it easier to deploy applications at scale. ● Can be controlled through the UI or through the CLI (client bundle) or through the Docker APIs.
Docker Trusted Registry ● Enterprise grade storage for all your Docker Images, allowing users to host their images locally. ● Can become part of the CI/CD processes simplifying the process to build, ship and run your applications. ● Images can be automatically scanned for vulnerabilities ensuring that only compliant images can be deployed.
Application Architecture VLAN101 (F/E) VLAN102 (app) VLAN101 (F/E) VLAN102 (app) VM Host VM Host Load Balancer VLAN103 (DB) DB Host(s) VLAN103 (DB) VLAN103 (DB)
“Behind the scenes the developers and application maintainers have repackaged our applications into containers”
Application Architecture VLAN101 (F/E) VLAN102 (app) VLAN101 (F/E) VLAN102 (app) VM Host VM Host Load Balancer VLAN103 (DB) DB Host(s) VLAN103 (DB) VLAN103 (DB) ● The explosion of VMs also drove the explosion of VLANs, which were a recommended network architectural choice in order to provide segregation of tiers of virtual infrastructure. ● However we can simplify the network greatly by making use of overlays (VXLAN), which not only provide segregation but also encryption.
Front-End with HRM Worker 1 Worker X Docker Engine Docker Engine Overlay ● Docker EE provides the HTTP Routing Mesh capability, which simplifies the routing between services. ● The HRM will inspect the hostname that has been requested and route the traffic to that particular service. ● This allows multiple overlays to exist in harmony and traffic to be routed to them as requests hit the HRM port. Overlaywww.petstore.com api.petstore.com :80
Scalable services Worker 1 Worker X Docker Engine Docker Engine Overlay ● Taking the existing and now packaged applications, we can deploy them as services. ● We can deploy and scale them up as needed across our cluster. ● Exposing service ports will provide load balancing across service tasks and ensure traffic is routed to where those tasks are running. OverlayApp Service Store Service
Application Architecture VM Host VLAN103 (DB) Load Balancer VM Host DB Host(s) VLAN101 (F/E) VLAN102 (app) VLAN103 (DB) VLAN101 (F/E) VLAN102 (app) VLAN103 (DB) ● Some elements of an application require direct access to the network to provide low- level services. ● Other elements may have a requirement that they have to be part of an existing network or VLAN to provide direct access to other services. ● Some elements are also based upon fixed or hard-coded IP addresses and in some cases a licensing restriction.
Preserving existing integrations Worker 1 Worker X Docker Engine Docker Engine ● The Use of Macvlan allows a container with specific requirements such as packet inspection directly on the network. ● Custom singleton applications that are hardcoded to interact with databases can make use of their original IP addresses and be part of the same segregated VLAN in which the database server(s) reside. 10.1.0.47 10.20.0.19 10.20.0.20 VLAN103
Design Patterns ●Where possible, there is a great opportunity to provide simplification of networking. ●The use of overlays (VXLAN) is all handled in software, providing software defined networking “as code”. This also has the additional benefit of simplifying network device configurations. ●Overlay provided load balancing again is specified as part of the service design simplifying the application and the network architecture design. ●Cases where VLANs or hard pinned IP connectivity are required can be met through the use of containers attached through macvlan.
Explore the hands on labs in the experience centre for some real experience. 👍🏼
Upcoming networking with the Universal Control Plane
“Disclaimer”
UCP Architecture UCP Node(s) Worker 1 Worker 2 Worker 3 Docker EngineDocker EngineDocker Engine UCP-Agent
UCP Architecture UCP Node(s) Worker 1 Worker 2 Worker 3 Kube API Kubelet Docker Engine Docker Engine Docker Engine
UCP Architecture UCP Node(s) Service Swarm Docker Engine(s) Service Kube Docker Engine(s) Ingress-Controller swarm.dockercon.com kube.dockercon.com
Summary ● Applications that can be re-homed on a network can make use of Docker networking features that will simplify their deployment and their scaling. ● Overlay networks provide the capability to place workloads through the cluster without the headache of having to be aware of task location. ● Services that are tied or hard coded to specific network requirements can still be deployed in containers.
Interested in MTA ●Stop by the booth (MTA pod) ●Download the kit www.docker.com/mta ●Look for a MTA Roadshow near you ●Contact your Account Team
Docker EE Hosted Demo Add picture here docker.com/trial ● Free 4 Hour Demo ● No Servers Required ● Full Docker EE Cluster Access
Practical Design Patterns in Docker Networking Dan Finneran @thebsdbox
Q/A

Recommended

DevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network ArchitectDevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network ArchitectJames Denton
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Nati Shalom
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudbradhedlund
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveyfauser
 
Open stack networking_101_part-1
Open stack networking_101_part-1Open stack networking_101_part-1
Open stack networking_101_part-1yfauser
 
VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld
 

Recommended

DevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network ArchitectDevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network ArchitectJames Denton
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Nati Shalom
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudbradhedlund
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveyfauser
 
Open stack networking_101_part-1
Open stack networking_101_part-1Open stack networking_101_part-1
Open stack networking_101_part-1yfauser
 
VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld 2013: Extreme Performance Series: Network Speed Ahead
VMworld 2013: Extreme Performance Series: Network Speed Ahead VMworld
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitchPrasad Mukhedkar
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)Dan Wendlandt
 
Microservices Network Architecture 101
Microservices Network Architecture 101Microservices Network Architecture 101
Microservices Network Architecture 101Cumulus Networks
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Brent Doncaster
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos NetworksCumulus Networks
 
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServerUnder the Hood: Open vSwitch & OpenFlow in XCP & XenServer
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServerThe Linux Foundation
 
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...Jim St. Leger
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationSDN Hub
 
NetScaler TCP Performance Tuning
NetScaler TCP Performance TuningNetScaler TCP Performance Tuning
NetScaler TCP Performance TuningKevin Mason
 
Docker networking
Docker networkingDocker networking
Docker networkingAlvaro Saurin
 
Troubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScalerTroubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScalerDavid McGeough
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsyfauser
 
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...Cloud Native Day Tel Aviv
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingDocker, Inc.
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 

More Related Content

What's hot

Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)Dan Wendlandt
 
Microservices Network Architecture 101
Microservices Network Architecture 101Microservices Network Architecture 101
Microservices Network Architecture 101Cumulus Networks
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Brent Doncaster
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos NetworksCumulus Networks
 
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServerUnder the Hood: Open vSwitch & OpenFlow in XCP & XenServer
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServerThe Linux Foundation
 
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...Jim St. Leger
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationSDN Hub
 
NetScaler TCP Performance Tuning
NetScaler TCP Performance TuningNetScaler TCP Performance Tuning
NetScaler TCP Performance TuningKevin Mason
 
Troubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScalerTroubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScalerDavid McGeough
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsyfauser
 
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...Cloud Native Day Tel Aviv
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 

What's hot (20)

Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauser
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)
 
Microservices Network Architecture 101
Microservices Network Architecture 101Microservices Network Architecture 101
Microservices Network Architecture 101
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
 
Configuration & Routing of Clos Networks
Configuration & Routing of Clos NetworksConfiguration & Routing of Clos Networks
Configuration & Routing of Clos Networks
 
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServerUnder the Hood: Open vSwitch & OpenFlow in XCP & XenServer
Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer
 
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network Virtualization
 
NetScaler TCP Performance Tuning
NetScaler TCP Performance TuningNetScaler TCP Performance Tuning
NetScaler TCP Performance Tuning
 
Docker networking
Docker networkingDocker networking
Docker networking
 
Troubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScalerTroubleshooting Common Network Related Issues with NetScaler
Troubleshooting Common Network Related Issues with NetScaler
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetups
 
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on Linux
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
 

Similar to Network Design patters with Docker

Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingDocker, Inc.
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Docker meetup
Docker meetupDocker meetup
Docker meetupsyed1
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerThierry Gayet
 
When Docker Engine 1.12 features unleashes software architecture
When Docker Engine 1.12 features unleashes software architecture When Docker Engine 1.12 features unleashes software architecture
When Docker Engine 1.12 features unleashes software architecture Adrien Blind
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker, Inc.
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker, Inc.
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalMichelle Antebi
 
Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...IJECEIAES
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
 
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)DynamicInfraDays
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Brad Eckert
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30Khelender Sasan
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on DockerBen Hall
 
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Kristoffer Sheather
 

Similar to Network Design patters with Docker (20)

Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Docker meetup
Docker meetupDocker meetup
Docker meetup
 
Managing multicast/igmp stream on Docker
Managing multicast/igmp stream on DockerManaging multicast/igmp stream on Docker
Managing multicast/igmp stream on Docker
 
When Docker Engine 1.12 features unleashes software architecture
When Docker Engine 1.12 features unleashes software architecture When Docker Engine 1.12 features unleashes software architecture
When Docker Engine 1.12 features unleashes software architecture
 
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu VenugopalDocker Meetup: Docker Networking 1.11 with Madhu Venugopal
Docker Meetup: Docker Networking 1.11 with Madhu Venugopal
 
Docker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking ShowcaseDocker 1.11 Meetup: Networking Showcase
Docker 1.11 Meetup: Networking Showcase
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
 
Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project Calico
 
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)
ContainerDays Boston 2016: "Docker For the Developer" (Borja Burgos)
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 
Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30Docker container a-brief_introduction_2016-01-30
Docker container a-brief_introduction_2016-01-30
 
Running .NET on Docker
Running .NET on DockerRunning .NET on Docker
Running .NET on Docker
 
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Network Design patters with Docker

  • 1. Practical Design Patterns in Docker Networking Dan Finneran EMEA Solutions Architect, Docker
  • 3. Agenda ● The evolving architecture of application networking ● Docker networking ● Infrastructure design patterns ● Design Patterns when modernizing a traditional application ● [REDACTED] ● Summary and Q/A
  • 4. The evolving architecture of application networking
  • 5. Physically hosted applications ● Services, application components are 1:1 with network addresses and architecture. ● Often flat or simplistic networks defined by physical network ports or VLANs used to segregate the application from the network. ● High availability is provided by clustering software or DNS/load-balancer across multiple deployments/sites.
  • 6. [Active VIP] 10.1.0.310.1.0.2 Witness host Physically hosted applications DNS 10.0.0.310.0.0.2 10.0.0.4 10.0.0.5 10.0.0.6 Tier 1 Storage Replication to secondary site Tier 2
  • 7. Virtual (Machine) applications ● Services and Applications are broken down into smaller VM allocations resulting in an explosion of network resources ● The tight-packing of numerous VMs per host has resulted in numerous networks being provisioned to every host. ● Virtual LANs are used as the method for providing segregation between applications and application tiers.
  • 8. Virtual (Machine) applications VM Host VM Host VLAN101 (F/E) VLAN101 (F/E) VLAN102 (App) VLAN102 (App) VLAN103 (B/E) VLAN103 (B/E) Load Balancer
  • 10. Docker Networking docker network ls NETWORK ID NAME DRIVER SCOPE 4507d8b4dd86 bridge bridge local 8866a19c0751 docker_gwbridge bridge local b88e79e31749 host host local vlujsum8my0u ingress overlay swarm e12df2f39d06 none null local ed60df3f6402 mac_net macvlan local [dan@dockercon ~]$ [dan@dockercon ~]$
  • 11. 172.17.0.1 172.17.0.1 Host/Bridge Networking Docker Engine Bridge | NAT Docker Engine Bridge | NAT Docker Engine Bridge | NAT 172.17.0.1 10.0.0.1 10.0.0.2 10.0.0.3 :80 docker run –-net=host nginx [dan@dockercon ~]$ [dan@dockercon ~]$ ● The host flag will start the container in the same namespace as the host itself allowing a container to use the hosts networking stack directly. ● Provides near metal speed, however can result in port conflicts. :80
  • 12. 172.17.0.1 172.17.0.1 Host/Bridge Networking Docker Engine Bridge | NAT Docker Engine Bridge | NAT Docker Engine Bridge | NAT 172.17.0.0/16 172.17.0.1 10.0.0.1 10.0.0.2 10.0.0.3 docker run dockerimage:latest [dan@dockercon ~]$ [dan@dockercon ~]$ ● Containers are started and connected by default to the internal bridge network. ● These containers wont expose any network connectivity to the outside world by design, however can speak to one another whilst on the same host. :80:80
  • 13. 172.17.0.1 172.17.0.1 Host/Bridge Networking Docker Engine Bridge | NAT Docker Engine Bridge | NAT Docker Engine Bridge | NAT 172.17.0.1 172.17.0.2 :80 10.0.0.1 10.0.0.2 10.0.0.3 docker run –p 80:80 nginx [dan@dockercon ~]$ [dan@dockercon ~]$ ● The –p flag will expose an external port on the host and map it to a port on the container. ● Only containers with services need to expose their ports potentially solving port-conflicts. :80 :80:80 172.17.0.0/16
  • 14. Swarm Overlay networking Docker Engine Overlay Docker Engine Overlay Docker Engine Overlay 10.0.0.1 10.0.0.2 10.0.0.3 docker service create –-name web --replicas 2 --publish 8080:80 nginx [dan@dockercon ~]$ :8080 :8080 :8080 :80 :80 ● The Overlay network makes use of VXLAN in order to create an overlay network over the underlying network. ● The tunnel allows containers across hosts to communicate.
  • 15. Swarm Overlay networking Docker Engine Overlay Docker Engine Overlay Docker Engine Overlay 10.0.0.1 10.0.0.2 10.0.0.3 :80 :80 :8080 :8080 :8080 ● By default the overlay is encrypted with the AES algorithm and hosts will rotate their keys every 12 hours. ● Publishing a port applies to all nodes in the swarm cluster. Regardless of node connected to, the request is forwarded to a node running the task. docker service create –-name web --replicas 2 --publish 8080:80 nginx [dan@dockercon ~]$
  • 16. Swarm Overlay networking Docker Engine Overlay Docker Engine Overlay Docker Engine Overlay 10.0.0.1 10.0.0.2 10.0.0.3 :80 :80 ● Each container gets a pair of IP addresses. ● One IP address exists on the Overlay network, this allows all containers on the network to communicate ● The other IP address carries the tunnel to other hosts in the cluster and contains all the actual data that needs to leave the host. 10.0.0.3 10.0.0.4 172.18.0.3 172.18.0.4
  • 17. Macvlan driver Docker Engine 10.0.0.1 10.1.0.1 10.1.0.2 Docker Engine 10.0.0.2 10.1.0.3 10.1.0.4 ● The Macvlan driver provides a hardware (MAC) address for each container, allowing them to have a full TCP/IP stack. ● Allows containers to become part of the traditional network, and use things like external IPAM or VLAN trunking when numerous networks are needed. ● No overhead from technologies such as VXLAN or NAT.
  • 18. Macvlan driver Docker Engine 10.0.0.1 10.1.0.2 10.1.0.3 Docker Engine 10.0.0.2 10.1.0.4 10.1.0.5 docker network create -d macvlan --subnet=10.1.0.0/24 --gateway=10.1.0.1 -o parent=eth0 mac_net [dan@dockercon ~]$ ● Create a network using the macvlan network and assign the ranges/gateway and the parent adapter (or sub-adapter for vlans e.g eth0.120)
  • 19. Macvlan driver Docker Engine 10.0.0.1 10.1.0.2 10.1.0.3 Docker Engine 10.0.0.2 10.1.0.4 10.1.0.5 docker run --net=mac_net --ip=10.1.0.2 nginx [dan@dockercon ~]$ ● When starting a container you can apply a physical IP address on that network. ● The container is effectively another host on the underlay network.
  • 20. Macvlan driver 10.1.0.1 10.1.0.2 10.1.0.3 10.1.0.4 ● The use of the macvlan driver essentially makes a Docker container a first class citizen on the network. ● This functionality however carries additional overhead in terms of network management, as each container will now exist on the network as its own entity. 10.1.0.5 10.1.0.6 10.1.0.7 10.1.0.8 10.1.0.9 10.1.0.10 10.1.0.11 10.1.0.12 10.1.0.13 10.1.0.14 10.1.0.15 10.1.0.16
  • 21. Networking plugins Docker Engine 10.0.0.2 Plugin Docker Engine 10.0.0.1 Plugin ● Docker networking plugins allow vendors to extend the functionality of their network devices and technologies into the Docker Engine. ● Providing features such as vendor specific IP Address Management or enabling the network to configure itself to provide functionality to containers through their lifecycle such as (overlays/QOS/Load balancing). Configuration
  • 23. Separate data/control planes Docker Engine Docker Engine 10.0.0.1 10.0.0.2 docker swarm init --advertise-addr eth0 --data-path-addr eth1 [dan@dockercon ~]$ Overlay 10.1.0.1 10.1.0.2 ● When initially configuring a Docker swarm cluster on hosts with multiple NICs there is the option of separating the data and control planes. ● This provides physical and logical separation of traffic leaving the host.
  • 24. Separate data/control planes Docker Engine Docker Engine 10.0.0.1 10.0.0.2 docker swarm join --token XYZ --advertise-addr eth0 --data-path-addr eth1 10.0.0.1:2377 [dan@dockercon ~]$ Overlay Overlay 10.1.0.1 10.1.0.2 ● Joining additional nodes to the swarm cluster takes two additional flags to specify the traffic carried by a particular adapter. ● Any services created will then be part of the data plane and have traffic segregated from the control plane.
  • 25. Design Patterns when modernizing a traditional application
  • 26. Docker Enterprise Edition ● Docker Enterprise Edition provides a full CaaS platform (Containers as a Service). ● Comes with Integrated Container Orchestration, management platform and increased security (RBAC, images scanning etc.) ● Enterprise supported platform for production deployments.
  • 27. Universal Control Plane ● The Docker UCP provides a clustered enterprise grade management platform for Docker. ● A centralized platform for managing and monitoring swarm container clusters and container infrastructure. ● Extended functionalisation of the Docker platform making it easier to deploy applications at scale. ● Can be controlled through the UI or through the CLI (client bundle) or through the Docker APIs.
  • 28. Docker Trusted Registry ● Enterprise grade storage for all your Docker Images, allowing users to host their images locally. ● Can become part of the CI/CD processes simplifying the process to build, ship and run your applications. ● Images can be automatically scanned for vulnerabilities ensuring that only compliant images can be deployed.
  • 29. Application Architecture VLAN101 (F/E) VLAN102 (app) VLAN101 (F/E) VLAN102 (app) VM Host VM Host Load Balancer VLAN103 (DB) DB Host(s) VLAN103 (DB) VLAN103 (DB)
  • 30. “Behind the scenes the developers and application maintainers have repackaged our applications into containers”
  • 31. Application Architecture VLAN101 (F/E) VLAN102 (app) VLAN101 (F/E) VLAN102 (app) VM Host VM Host Load Balancer VLAN103 (DB) DB Host(s) VLAN103 (DB) VLAN103 (DB) ● The explosion of VMs also drove the explosion of VLANs, which were a recommended network architectural choice in order to provide segregation of tiers of virtual infrastructure. ● However we can simplify the network greatly by making use of overlays (VXLAN), which not only provide segregation but also encryption.
  • 32. Front-End with HRM Worker 1 Worker X Docker Engine Docker Engine Overlay ● Docker EE provides the HTTP Routing Mesh capability, which simplifies the routing between services. ● The HRM will inspect the hostname that has been requested and route the traffic to that particular service. ● This allows multiple overlays to exist in harmony and traffic to be routed to them as requests hit the HRM port. Overlaywww.petstore.com api.petstore.com :80
  • 33. Scalable services Worker 1 Worker X Docker Engine Docker Engine Overlay ● Taking the existing and now packaged applications, we can deploy them as services. ● We can deploy and scale them up as needed across our cluster. ● Exposing service ports will provide load balancing across service tasks and ensure traffic is routed to where those tasks are running. OverlayApp Service Store Service
  • 34. Application Architecture VM Host VLAN103 (DB) Load Balancer VM Host DB Host(s) VLAN101 (F/E) VLAN102 (app) VLAN103 (DB) VLAN101 (F/E) VLAN102 (app) VLAN103 (DB) ● Some elements of an application require direct access to the network to provide low- level services. ● Other elements may have a requirement that they have to be part of an existing network or VLAN to provide direct access to other services. ● Some elements are also based upon fixed or hard-coded IP addresses and in some cases a licensing restriction.
  • 35. Preserving existing integrations Worker 1 Worker X Docker Engine Docker Engine ● The Use of Macvlan allows a container with specific requirements such as packet inspection directly on the network. ● Custom singleton applications that are hardcoded to interact with databases can make use of their original IP addresses and be part of the same segregated VLAN in which the database server(s) reside. 10.1.0.47 10.20.0.19 10.20.0.20 VLAN103
  • 36. Design Patterns ●Where possible, there is a great opportunity to provide simplification of networking. ●The use of overlays (VXLAN) is all handled in software, providing software defined networking “as code”. This also has the additional benefit of simplifying network device configurations. ●Overlay provided load balancing again is specified as part of the service design simplifying the application and the network architecture design. ●Cases where VLANs or hard pinned IP connectivity are required can be met through the use of containers attached through macvlan.
  • 37. Explore the hands on labs in the experience centre for some real experience. 👍🏼
  • 38. Upcoming networking with the Universal Control Plane
  • 40. UCP Architecture UCP Node(s) Worker 1 Worker 2 Worker 3 Docker EngineDocker EngineDocker Engine UCP-Agent
  • 41. UCP Architecture UCP Node(s) Worker 1 Worker 2 Worker 3 Kube API Kubelet Docker Engine Docker Engine Docker Engine
  • 42. UCP Architecture UCP Node(s) Service Swarm Docker Engine(s) Service Kube Docker Engine(s) Ingress-Controller swarm.dockercon.com kube.dockercon.com
  • 43. Summary ● Applications that can be re-homed on a network can make use of Docker networking features that will simplify their deployment and their scaling. ● Overlay networks provide the capability to place workloads through the cluster without the headache of having to be aware of task location. ● Services that are tied or hard coded to specific network requirements can still be deployed in containers.
  • 44. Interested in MTA ●Stop by the booth (MTA pod) ●Download the kit www.docker.com/mta ●Look for a MTA Roadshow near you ●Contact your Account Team
  • 45. Docker EE Hosted Demo Add picture here docker.com/trial ● Free 4 Hour Demo ● No Servers Required ● Full Docker EE Cluster Access
  • 46. Practical Design Patterns in Docker Networking Dan Finneran @thebsdbox
  • 47. Q/A

Editor's Notes

  1. Been with Docker for four months, however i've been a user and contributor to Docker projects for the last eighteen months. Prior to Docker I've worked at numerous companies and had roles ranging from System Administrator, Infrastructure engineer, Architect and Consultant... So i've pretty much managed the full set so far :) I'm also quite passionate about automation and things "as code", so i'm the person that has left scripts and small utilities behind at various organisations that "hopefully" have kept the lights on (but noone can fathom out how they work). (sorry)
  2. There is still a lot of people/businesses wanting to learn the basics of Container/Docker networking There are a lot of people who are starting to look towards migrating their applications into services and are wanting to learn about some of the design patterns that they can apply when they are migrating the application to a new containerised network.
  3. This is the agenda for the Practical Design patterns session, if you were in yesterdays keynote then you may have an idea what the [redacted] topic will be .. and if not well you'll just have to stay and find out..
  4. We're starting off with having a look at how application networking has changed and evolved as technologies have forced changes in application design.
  5. TODO: Density / IP /
  6. That was a quick tour of the landscape of "legacy applications" there are still a lot of places where that will the architecture that hosts these applications. Indeed there are many places that have only just started the path to virtualisation.
  7. This is comparable to how a lot of home networks are configured. Typically the router that is provided to you from your Internet Service provider where all devices that are connected to the router inside of the house (laptops/smart phones toasters) are part of that internal bridge, they can use Network address translation to go outbound .. however they're protected as they don't expose any network connectivity to the outside world. Which leads on to exposing connectivity
  8. Only expose the ports required, all containers that are part of the Bridge will be able to communicate
  9. As the Docker engine spins up the overlay network, all hosts in the cluster will be added to a VXLAN tunnel which as the name overlay suggests is essentially a network on top of a network. When a container needs to speak to another container (and that container is on a different host) then the traffic will enter the VXLAN tunnel and be transmitted to the VTEP (VXLAN tunnel endpoint) on the host where the container is currently running.
  10. The one caveat being that Overlay networking encryption isn’t currently available on Windows
  11. As the Docker engine spins up the overlay network, all hosts in the cluster will be added to a VXLAN tunnel which as the name overlay suggests is essentially a network on top of a network. When a container needs to speak to another container (and that container is on a different host) then the traffic will enter the VXLAN tunnel and be transmitted to the VTEP (Vxlan tunnel endpoint) on the host where the container is currently running.
  12. The key concept here is that we can make use of overlays in order to provide: - Simplification of networking architecture - Simpler networking configuration on the actual networking devices - Security through isolation of services with VXLAN - Security through encryption of overlays - Simpler networking configuration on the actual networking devices
  13. Providing only a high level overview of how networking will be providing through UCP + Swarm/Kubernetes, the reason behind this is really to show the design patterns moving forward. So, other than providing the high level overview I’m not going to be able to answer any questions about the integration in detail. (CLICK) If you do have questions though, I’d like to collect them afterwards so that we can start to look at putting together a FAQ.
  14. Providing only a high level overview of how networking will be providing through UCP + Swarm/Kubernetes, the reason behind this is really to show the design patterns moving forward. So, other than providing the high level overview I’m not going to be able to answer any questions about the integration in detail. (CLICK) If you do have questions though, I’d like to collect them afterwards so that we can start to look at putting together a FAQ.