Magnum Networking Update Daneyon Hansen

Background

•  Container networking is going through BIG changes •  Libraries and plugins… oh my! •  OpenStack’s getting in the game

•  Magnum container networking today: •  Flannel for Kubernetes

2

Magnum Networking Goals

•  Network containers across multiple nodes for all bay types.

•  Provide a pluggable container networking stack.

•  Make it simple… “batteries included but removable/swappable”.

•  Align with container ecosystem

3

Magnum Networking Plan

•  The Magnum Container Networking Spec proposes: •  Standardizing on libnetwork •  Removing Flannel from top-level templates •  Refactoring Heat templates and template definitions

•  Questions •  Labels or expose network parameters? •  network.py? •  Docker services????

•  Review and vote on the spec please J

4

Libnetwork Introduction

5

•  Separates networking from Docker core/libcontainer

•  Networking functions are implemented through drivers

•  Drivers are either native or remote

•  Implements Docker’s Container Network Model (CNM).

•  Still experimental

Libnetwork Details

6

•  API •  REST API endpoint

•  driverapi •  API interface for drivers

•  drivers •  Implement the Driver API

•  libkv •  Library to extract common store

operations for multiple k/v stores.

More on Drivers

7

•  Native Drivers •  Bridge: 1 per network •  Overlay: netns per net, bridge/vxlan tunnel per

host, nat between netns & host

•  Remote Drivers •  Create networks and endpoints •  Live outside of libnetwork codebase •  Run on the host or in a container •  Experimental •  May rely on remote components to work

What About Flannel?

8

•  A L3 solution

•  Leverages Docker bridging code for L2

$ docker -d --bip=${FLANNEL_SUBNET}

•  Is currently NOT a libnetwork remote driver

•  Testing will be conducted to have Flannel use libnetwork native bridge driver

•  CoreOS willing to accept pull for libnetwork remote driver

Container Networking Model

9

•  Sandbox •  Encompasses the config of a container’s network

stack.

•  Endpoint (Service) •  Joins a Sandbox to a Network.

•  Network •  A group of endpoints that can communicate with

one another directly.

CNM Examples

10

•  Sandbox •  network namespace

•  Endpoint •  Veth pair

•  Network •  Linux bridge

Docker Networking Example

11

$ docker network create -d overlay prod

$ docker network info prod Network Id: 5ac68be2518959b48ad102e9ec3d8f42fb2ec72056aa9592eb5abd0252203012 Name: prod Type: overlay

Docker Networking Example Cont..

12

$ docker service publish db1.prod

$ docker service info db1.prod Service Id: aea23b224acfd2da9b893870e0d632499188a1a4b3881515ba042928a9d3f465 Name: db1 Network: prod

$ cid=$(docker run -itd -p 8000:8000 ubuntu)

$ docker service attach $cid db1.prod

Libnetwork Roadmap

13

•  Exit experimental

•  Add label support for networks/services

•  Additional driver extension points •  IPAM •  Service discovery

•  User controllable network parameters

•  Tooling

Questions?

14

Thank you

15