Highly available Docker networking with BGP

OpenDNS

• Internet security company• 70+ billion queries• 25 data centers around the world

Good problems to have, but...

Put it all in a container!• Deployments are easier

• Keeps things tidier, but...

Hardware

• Lots of hardware

• Just not fast enough

The cloud

• What about AWS?

• Direct connect

Direct connect

Not all that easy

• IP addresses for all

• Our own IP space

• Many containers per host

• $$$

What if...

• Sending traffic to/from AWS

Challenges

• Establish GRE tunnel

• Encapsulate

• Remove GRE headers

Generic Routing Encapsulation

Challenge

• Containers come and go• Need to provide redundancy

Dynamic routing with BGP

• Routers decide

• Adapts to changes

• BGP

Border Gateway Protocol

• Exterior routing protocol for exchanging routing information between networks

“The protocol that makes the Internet work”

DEMO

Overlay network

• Benefits• Use our own IPs inside AWS• Redundancy• Routing adapts to changes in our hosts

AWS VPC

OpenDNS Data CentreOpenDNS Router

AWS Direct Connect

GRE

iBGP

DOCKER HOSTDOCKER HOST DOCKER HOST DOCKER HOST

Highly available?

AWS VPC

OpenDNS Data CentreOpenDNS Router

AWS Direct Connect

GRE

iBGP

DOCKER HOSTDOCKER HOST DOCKER HOST DOCKER HOST

Challenge

• High availability

Anycast

Anycast

Transit provider146.112.63.0/24

146.112.63.0/24146.112.63.0/24

146.112.63.0/24

Anycast

Transit provider146.112.63.0/24

146.112.63.0/24

DEMO

Anycast

• Benefits• High availability• Geo routing

Thank you

alrex@opendns.com

@ianchici

More info about protocols GRE - http://juni.pr/1HW01M6 BGP & Anycast - http://bit.ly/1K5Q3GX