![Page 1: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/1.jpg)
Pipework
![Page 2: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/2.jpg)
PipeworkThe little SDN container framework
that you should NOT use
![Page 3: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/3.jpg)
![Page 4: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/4.jpg)
JérômePetazzoni(@jpetazzo)
Grumpy French DevOps
- Go away or I will replace youwith a very small shell script
Runs everything in containers
- Docker-in-Docker
- VPN-in-Docker
- KVM-in-Docker
- Xorg-in-Docker
- ...
![Page 5: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/5.jpg)
Outline
● History● Features● Roadmap
![Page 6: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/6.jpg)
Use cases
● Performance– Linux bridge, iptables, conntrack... Ohnoes!
● Integration into existing networks– VLAN, bonding...– IP addr management
● Work at L2/L3 instead of L4– Ethernet/IP vs TCP, UDP
![Page 7: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/7.jpg)
Modus Operandi
● Create network interfaces● Move them to containers
(while they're running)● Configure network interfaces
(from outside)● Shell script
![Page 8: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/8.jpg)
Seriously
![Page 9: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/9.jpg)
Shell…?
![Page 10: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/10.jpg)
Yup.
![Page 11: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/11.jpg)
Upsides of /bin/sh
● Easy to understand● Easy to rip out the bits you (don't) need● Most things we do require exec anyway
(ip, route, brctl, etc)● Complicated stuff is hard to implement
(avoid feature creep, e.g. IPAM)
![Page 12: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/12.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24
![Page 13: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/13.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework eth0 mysql 10.1.1.1/24 ^^^^
● Physical eth0 on the machine
![Page 14: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/14.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework br0 mysql 10.1.1.1/24 ^^^
● Pre-existing bridge
![Page 15: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/15.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql 10.1.1.1/24 ^^^^^^
● Open vSwitch bridge
![Page 16: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/16.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp ^^^^
● DHCP
![Page 17: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/17.jpg)
Features
● Start a container:docker run --name db mysql
● Give it an IP address:pipework ovsbr0 mysql dhcp @10 ^^^
● VLAN
![Page 18: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/18.jpg)
Features
● Fixed address or DHCP● Random MAC or fixed MAC● Change netmask, default route● Linux bridges, OVS bridges● IP over Infiniband● Multiple interfaces
![Page 19: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/19.jpg)
Roadmap
![Page 20: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/20.jpg)
![Page 21: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/21.jpg)
Pipework:
● Will not be integrated into Docker(probably)
● Is not necessary anymore in many cases(thanks to host networking)
● Is not actively maintained(but I'll happily merge PRs)
![Page 22: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/22.jpg)
What do?
● Use it as a big toolbox● Understand how things work● Possibly extract what you need● Contribute to Docker instead
![Page 23: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/23.jpg)
Possible improvements
● Don't require host-side tooling anymore● Allow operation over Docker API● A small POC is available at:
https://github.com/jpetazzo/plumber/
![Page 24: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/24.jpg)
A brighter future
● Native Docker Multi-Host Networkinghttps://github.com/docker/docker/issues/8951
● Docker Network Drivershttps://github.com/docker/docker/issues/8952
![Page 25: Pipework: Software-Defined Network for Containers and Docker](https://reader034.vdocuments.net/reader034/viewer/2022052311/557d6003d8b42abf3d8b5087/html5/thumbnails/25.jpg)
Thank you!Questions?