Networking support in Docker was primitive till now. Single host connectivity was through Linux bridge and there was no native mechanism to connect Containers across hosts. With Pipework, we could do a hacky approach to connect Containers across hosts. Companies like Socketplane, Weave have been working to address this Networking gap. I have written multiple blogs before on Docker Networking and they can be referred here. Socketplane was recently acquired by Docker and they provide the native batteries-included Docker Networking solution and solutions like from Weave will be available as a Docker Networking plugin. With Docker experimental release, we can connect Containers across hosts using Docker native solution as well as use Networking plugins to connect Containers across hosts. In this blog, I will cover some basics of the solution and will walk-through some of the hands-on stuff that I tried with the experimental Docker release.
Docker Networking blocks:
At high level, the diagram above describes the flow for Docker Networking.
- Docker runtime was integrated previously with Networking and there was no way to separate the 2. Libnetwork is the new Networking library that provides the Networking functionality and is seperated from Core Docker. Docker 1.7 release has already included the libnetwork and is backward compatible from enduser perspective.
- Drivers implement the APIs provided by libnetwork. Docker is leaning towards plugin approach for major functionalities like Networking, Storage, Orchestration where Docker provides a native solution which can be substituted with technologies with other vendors as long as they implement the APIs provided by the common library. In this case, Bridge and Overlay are the Native Docker networking drivers and remote drivers can be implemented by third-party. There are already many remote drivers available like Weave.
- Docker container attaches to the Network using the Endpoint.
- Multiple endpoints share a network. In other words, only endpoints located in same network can talk to each other.
- Libnetwork provides Service discovery whereby Containers can discover other endpoints in the same network. There is a plan in the future to make Service discovery as a plugin. Services can talk to each other using Service name rather than the IP address.
- Sandbox is the Network namespace where endpoints and networks are located.
- A single container can have multiple endpoints/services and a single Service can be attached to multiple networks.
- Lets take an example. nginx is a container that provides web services. nginx container is connected to database container like redis/mysql using service S1 in overlay network. The same service S1 is also exposed to the localhost using a bridge network. Load balance container connects to nginx container using Service S2 in another overlay network.
Docker experimental hands-on:
There are 3 broad approaches to try Docker experimental networking.
Install Docker experimental Daemon directly on Linux host.
wget -qO- https://experimental.docker.com/ | sh
I tried this on my Ubuntu 14.04 machine. By default, Ubuntu 14.04 comes from Linux 3.13 version, it is needed to update Kernel to post 3.16 to use Overlay driver. This can be done by:
sudo apt-get install linux-generic-lts-vivid
We need to reboot host after Kernel update. Following is the kernel version that I am running after this.
$ uname -a Linux jungle1 3.19.0-21-generic #21~14.04.1-Ubuntu SMP Sun Jun 14 18:45:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Use docker-machine and Virtualbox driver. The default boot2docker iso has the Docker 1.7 image. To get the experimental Docker image, we need to point Docker machine to use the experimental driver. Following link captures the steps needed for this. I used the procedure as described in the link to create Docker machine.
docker-machine create -d virtualbox --virtualbox-boot2docker-url=http://sirile.github.io/files/boot2docker-1.8.iso dev
Use docker-machine and any cloud driver like AWS driver. We can use other Cloud providers like Digital Ocean etc. We need to specify the experimental image location so that default Docker image will be substituted with experimental image. Docker-machine uses Ubuntu 14.04 AWS image by default. Following command will create Docker machine in AWS cloud.
docker-machine create --driver=amazonec2 --amazonec2-access-key=xxx --amazonec2-secret-key=xxx --amazonec2-vpc-id=vpc-5f77c23a --amazonec2-region=us-west-2 --engine-install-url "https://experimental.docker.com" awstest
Amazon Ubuntu image also comes with 3.13 kernel. It is necessary to update kernel to 3.16+ using the command mentioned above to use Overlay driver.
- Experimental Github page
- Experimental Networking Github page
- Compose, Swarm, Networking Github page
- Libnetwork Github page
- Feedback for Docker Experimental Networking
- Dockercon 2015 Networking session
1 of the picture used in the blog is from references.