Understanding and Deploying Virtual Networks
Download
Report
Transcript Understanding and Deploying Virtual Networks
Docker Networking
Tutorial – CoreOS Flannel
Srini Seetharaman
[email protected]
November, 2014
CoreOS Flannel
CoreOS
• Lightweight OS based on Gentoo Linux
• Has a distributed key-value store at the core
• Read-only rootfs. Writeable /etc
o All services are in containers
Flannel Basic
• One CIDR subnet per machine, like Kubernetes
o Host 1: 10.10.10.0/24
o Host 2: 10.10.11.0/24
• No Docker port-based mapping
• Containers reach each other through IP
• Peer network configs exchanged over etcd
• Packets encapsulated using UDP, and soon VxLAN
4
Instructions to Run Flannel
1. Build flannel on each host
$ git clone https://github.com/coreos/flannel.git
$ cd flannel
$ docker run -v `pwd`:/opt/flannel -i -t google/golang /bin/bash -c "cd
/opt/flannel && ./build"
2. Set key in etcd for network config
$ curl -L http://127.0.0.1:4001/v2/keys/coreos.com/network/config
-XPUT -d value='{
"Network": "10.0.0.0/8",
"SubnetLen": 20,
"SubnetMin": "10.10.0.0",
"SubnetMax": "10.99.0.0",
"Backend": {"Type": "udp",
"Port": 7890}}
6
Instructions to Run Flannel (contd.)
3. Start flannel.
o
flanneld port created and route is set for the full flat IP range.
$ sudo ./bin/flanneld &
Output:
I1219
I1219
I1219
I1219
I1219
I1219
I1219
17:34:41.159822
17:34:41.160030
17:34:41.160579
17:34:41.212157
17:34:41.217829
17:34:41.218953
17:34:41.219349
00809
00809
00809
00809
00809
00809
00809
main.go:247] Installing signal handlers
main.go:118] Determining IP address of default interface
main.go:205] Using 192.168.111.14 as external interface
subnet.go:83] Subnet lease acquired: 10.12.224.0/20
main.go:215] UDP mode initialized
udp.go:239] Watching for new subnet leases
udp.go:264] Subnet added: 10.13.128.0/20
core@coreos-05 ~ $ route -n
Kernel IP routing table
Destination
Gateway
0.0.0.0
192.168.111.1
10.0.0.0
0.0.0.0
10.12.224.0
0.0.0.0
192.168.111.0
0.0.0.0
Genmask
0.0.0.0
255.0.0.0
255.255.240.0
255.255.255.0
Flags
UG
U
U
U
Metric
1024
0
0
0
Ref
0
0
0
0
Use
0
0
0
0
Iface
eth0
flannel0
docker0
eth0
7
Instructions to Run Flannel (contd.)
4. Restart docker daemon with appropriate bridge IP
$ source /run/flannel/subnet.env
$ sudo ifconfig docker0 ${FLANNEL_SUBNET}
$ sudo docker -d --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} &
8
Testing Flannel Networking
•
Ping between two bash containers on two different hosts
succeeds. The traffic on wire is encapsulated by flanneld
bash
bash
Docker0
10.12.224.1
Docker0
10.13.128.1
192.168.111.14
192.168.111.13
$ docker run -i -t ubuntu /bin/bash
root@36484def3b03:/# ifconfig eth0
eth0 Link encap:Ethernet
HWaddr 02:42:0a:0c:e0:02
inet addr:10.12.224.2
Bcast:0.0.0.0
Mask:255.255.240.0
$ docker run -i -t ubuntu /bin/bash
root@e0b9dd20d146:/# ifconfig eth0
eth0 Link encap:Ethernet
HWaddr 02:42:0a:0d:80:02
inet addr:10.13.128.2
Bcast:0.0.0.0
Mask:255.255.240.0
root@36484def3b03:/# ping 10.13.128.2
Success!
9
Packet on the Wire
Flannel
introduced encap
UDP header
Original ICMP
packet between
the two containers
10
Limitations
• IP address overlap not possible
o VxLAN not used to create container groups
• User-space encapsulation and forwarding
o Potential performance bottleneck
11
Thank you.
http://lorispack.io
© 2014 Copyright Reserved