Find Session: http://sched.co/70Nr

libnetwork

  • Docker networking fabric
  • Defines Container networking model
  • Provides built in IP address management
  • Provides native multi-host networking
  • Provides native Service Discovery and load balancing
  • Allows for extensions by the ecosystem

New features in 1.12

New Features

  • Requests sent to any node are load balanced to the correct containers.

Macvlan driver

macvlan

  • Now production ready in 1.12
  • Allows fine grain control over network creation
#Create network
Docker network create -d macvlan -options macnet14  
Docker run --net=macnet14  

Deep Dive

Deep dive

  • Manager nodes in swam maintain the network.

Network Control Plane

  • Gossip based protocol
    • Hosts contain gossiped networks
    • Clusters have a higher level scoop that contains host networks
    • Gossip can scale to any number of nodes (10,000!)
  • Network Scoped
  • Fast Convergence
  • Secure by default, out of the box
    • Periodic key rotations (default 30 seconds)
    • Swarm native key-exchange
  • Highly scalable

Secure data plane

  • Not enabled by default
  • Available as an option during network overlay creation
  • Uses Kernel IPSec modules
  • On-Demand tunnel setup
  • Swarm native key exchange
  • High performance
    • Overhead is encryption or encapsulation

Service Discovery

  • Privided by embedded DNS
  • Highly available by default
  • Uses Network Control Plane to learn state
  • Can be used to discover both tasks and services
  • DNS Server runs directly on the Docker Engine

Internal Load

  • Provided by embedded DNS
  • Highly available, on by default
  • Uses Network Control Pane to learn state
  • Can be used to discover both tasks and services
  • Minimal overhead
  • Can use DNS RR instead as an option

Routing Mesh

  • Like a load balancer, but for edge routing
  • Worker nodes themselves participate in ingress routing
  • All worker nodes accept connection requests on PublishedPort
  • Port translation happens at the worker node
  • Same internal load balancing mechanism used to load balance external requests
  • Hit any port on any container, it should know where to go.
Docker swarm init  
Docker swarm join node-name  
Docker swarm ls  
#networking defined at /var/run/docker/netns
docker service create ...