转载

有容云：刀客微播报 v7

1. Docker 推荐 Docker 大会的 PPT 新版本 Docker 的网络功能深度介绍

http://www.slideshare.net/Madh ... -dive

ppt 内容梗概如下：

1.) Docker for Ops: Docker Networking Deep Dive Madhu Venugopal @MadhuVenugopal Jana Radhakrishnan @mrjana

2. ) Overview What is libnetwork New features in 1.12 Agenda Deep Dive Multihost networking Secure Control Plane Secure Data plane Service Discovery Native Loadbalacing Routing Mesh Finish Demo Q&A

3. ) Overview

4. ) It is not just a driver interface • Docker networking fabric • Defines Container Networking Model • Provides builtin IP address management • Provides native multi-host networking • Provides native Service Discovery and Load Balancing • Allows for extensions by the ecosystem What is libnetwork?

5.) New features in 1.12 swarm mode CNM Routing Mesh Multi-host Networking without external k/v store Service Discovery Secure Data-Plane Secure Control-Plane Load Balancing • Cluster aware • De-centralized control plane • Highly scalable

6. ) Macvlan driver • Out of experimental • Integrates with Underlay • Place containers in your existing vlans

7. )MacVlan # Create a macvlan network $ docker network create -d macvlan --subnet=192.168.0.0/16 —-ip-range=192.168.41.0/24 --aux-address="favorite_ip_ever=192.168.41.2" --gateway=192.168.41.1 -o parent=eth0.41 macnet41 # First address is the specified gateway, second is aux $ docker run --net=macnet41 -it --rm alpine /bin/sh

8. ) Deep Dive Docker swarm-mode networking design

9. )Multi-host networking Manager Network Create Orchestrator Allocator Scheduler Dispatcher Service Create Task Create Task Dispatch Task Dispatch Gossip Worker1 Worker2 Engine Libnetwork Engine Libnetwork • The VXLAN based data path remains unchanged • No external key-value store necessary • Central resource allocation • Improved performance • Highly scalable

10. ) • Gossip based protocol • Network scoped • Fast convergence • Secure by default • periodic key rotations • swarm native key-exchange • Highly scalable Network control plane Cluster Scope Gossip W1 W2 W3 W1 W5 W4 Network Scope Gossip Network Scope Gossip

11. ) • Available as an option during overlay network creation • Uses kernel IPSec modules • On-demand tunnel setup • Swarm native key-exchange • Periodic key rotations • Highly performant Secure dataplane Worker1 Worker2 Worker3 secure network secure network IPSec Tunnel IPSec Tunnel IPSec Tunnel secure network secure network non- secure network non- secure network Open UDP traffic

12.) • Provided by embedded DNS • Highly available • Uses Network Control Plane to learn state • Can be used to discover both tasks and services Service Discovery engine DNS Server DNS Resolver DNS Resolver DNS requests

13. ) • Provided by embedded DNS • Highly available • Uses Network Control Plane to learn state • Can be used to discover both tasks and services • Minimal Overhead because of CNM • Can use DNS RR instead as an option Internal Load balancer Task1 Service A Task2 Service A Task3 Service A Client1 Client2 VIP LB VIP LB

14.) • Builtin routing mesh for edge routing • Worker nodes themselves participate in ingress routing mesh • All worker nodes accept connection requests on PublishedPort • Port translation happens at the worker node • Same internal load balancing mechanism used to load balance external requests Routing mesh External Loadbalancer (optional) Task1 ServiceA Task1 ServiceA Task1 ServiceA Worker1 Worker2 Ingress Network 8080 8080 VIP LB VIP LB 8080->80 8080->80

15. ) Finish Demo and Q&A

16. )Thank you!

2.Docker 推荐blog ，介绍五种 Docker 监控工具： http://logz.io/blog/docker-mon ... 2016/

3. Docker 推荐 blog，如何使用 docker-compose 做集成测试 https://hharnisc.github.io/201 ... .html

4.Docker 推荐 blog ，下一代的编排系统展望 http://www.abronan.com/what-co ... tion/

本文来源： http://www.youruncloud.com/blog/73.html

温馨提示

对 Docker容器技术或容器生产实施感兴趣的朋友欢迎加群讨论。我们汇集了Docker容器技术落地实施团队精英及业内技术派高人，在线为您分享Docker技术干货。我们的宗旨是为了大家拥有更专业的平台交流Docker实战技术，我们将定期邀请嘉宾做各类话题分享及回顾，共同实践研究Docker容器生态圈。

加微信群方法:

1.关注【有容云】公众号

2.留言”我要加群”

QQ群号:454565480

有容云：刀客微播报 v7