SlideShare a Scribd company logo

Introduction to the Container Networking and Security

Cloud 66
Cloud 66

This document introduces container networking and some of the challenges it poses. It discusses how Docker's default bridge networking works but has limitations around port constraints and lack of "real IP networking". Overlay networks are presented as an alternative but have drawbacks around state, isolation between networks, and requiring developers to be networking experts. Project Calico is then introduced as an open source project that aims to enable scalable, simple and secure IP networking for containers through features like equal cost multi-path routing and rich micro-service policy frameworks.

Technology
1 of 15
Download to read offline
@projectcalico Sponsored by CONTAINER NETWORKING AN INTRODUCTION Ed Harrison @eepyaich 2nd February 2016
@projectcalico Host Host Networking – why do I care? Application A service Host Yet another service … and another application … … another application  A service … another application
@projectcalico Doesn’t Docker sort this out for me? Host [10.0.0.1] Application [172.17.0.2] A service [172.17.0.3] … another [172.17.0.4] Docker Bridge  Simple  Works “out of the box”  Easily understood  … but not “real IP networking”  Onerous port assignment constraints on applications  Requires app developers to be aware of constraints IP:10.0.0.1:80IP:10.0.0.1:80IP:10.0.0.1:8080
@projectcalico What about multiple hosts, then? Overlay networks  Connect each container to a virtual Layer 2 segment  Separate “overlay” domain over “underlay” network with GRE, MPLS, VXLAN, or proprietary tunneling protocols  Allows for isolation between networks  But…  Lots of state – 1,000 machines => full mesh of 499,500 tunnels!  Breaking out of virtual network sandboxes requires NAT / router  Requires app developers to be networking experts Host [10.0.0.1] Host [10.0.0.2] 192.168.0.1 192.168.0.2 192.168.0.5 192.168.0.3192.168.0.4 172.17.0.2 172.17.0.3 192.168.0.0/16 172.17.0.0/16 10.0.0.0/24
@projectcalico  Remember these “3 tier applications”? What about security then?
@projectcalico Getting Medieval
@projectcalico Isolating Prod / Dev / Test
@projectcalico The ideal security model Port 3306 Port 80
@projectcalico Metaswitch Networks | Proprietary and confidential | © 2014 | 9
@projectcalico
@projectcalico The Internet Model Router Host Host Host Host RouterRouter IP IP IP IP … … …
@projectcalico Project Calico HostHost Router Workload Workload Workload Workload RouterRouter IP IP IP IP Plugin … … …
@projectcalico An open source project to enable scalable, simple and secure IP networking in a data center / cloud environment What is Calico? SimpleScalable Secure Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Rich micro-service policy framework
@projectcalico Life Before and after Calico Before Calico After Calico Scale challenges above few hundred servers / thousands of workloads Scale to millions of workloads with minimal CPU and network overhead Troubleshooting connectivity issues can take hours What is happening is “obvious” – traceroute, ping, etc., work as expected EXITOn/off ramps + NAT to break out of overlay Path from workload to non-virtual device or public internet (or even between data centers) is just a route High availability / load balancing across links requires LB function (virtual or physical) and/or app-specific logic Equal Cost Multi-Path (ECMP) & Anycast just work, enabling scalable resilience and full utilization of physical links C C N A CCNA or equivalent required to understand end-to-end networking, deploy applications Basic IP networking knowledge only required
@projectcalico Get Involved  Main project website: www.projectcalico.org  Github  github.com/projectcalico  Mailing list, Slack info:  projectcalico.org/contact/  freenode IRC: #calico  Download & try it out  We welcome your feedback and contributions  Follow us @projectcalico

Recommended

Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
Metaswitch Project Calico
Metaswitch Project CalicoMetaswitch Project Calico
Metaswitch Project CalicoAndrew Kennedy
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
An introduction to starter
An introduction to starterAn introduction to starter
An introduction to starterCloud 66
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project CalicoAndrew Kennedy
 

Recommended

Let's Talk about Packet
Let's Talk about PacketLet's Talk about Packet
Let's Talk about PacketPacket
 
How we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformHow we built Packet's bare metal cloud platform
How we built Packet's bare metal cloud platformPacket
 
Metaswitch Project Calico
Metaswitch Project CalicoMetaswitch Project Calico
Metaswitch Project CalicoAndrew Kennedy
 
Intro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingIntro to Project Calico: a pure layer 3 approach to scale-out networking
Intro to Project Calico: a pure layer 3 approach to scale-out networkingPacket
 
An introduction to starter
An introduction to starterAn introduction to starter
An introduction to starterCloud 66
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoSimple, Scalable and Secure Networking for Data Centers with Project Calico
Simple, Scalable and Secure Networking for Data Centers with Project CalicoEmma Gordon
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Sanjeev Rampal
 
Docker Networking with Project Calico
Docker Networking with Project CalicoDocker Networking with Project Calico
Docker Networking with Project CalicoAndrew Kennedy
 
Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introductionHazzim Anaya
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Andrew Randall
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and DockerAndrew Kennedy
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeBen Hall
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetesAnirban Sen Chowdhary
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsLibbySchulze1
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Open-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildOpen-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildPacket
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Sanjeev Rampal
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerSanjeev Rampal
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoAndrew Randall
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsDocker, Inc.
 
Drive into calico architecture
Drive into calico architectureDrive into calico architecture
Drive into calico architectureAnirban Sen Chowdhary
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadJeremy Schulman
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of ThingsAll Things Open
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016Apcera
 
Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
How (and why!) we built Packet
How (and why!) we built Packet How (and why!) we built Packet
How (and why!) we built Packet Bob Sokol
 

More Related Content

What's hot

Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introductionHazzim Anaya
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Andrew Randall
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and DockerAndrew Kennedy
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeBen Hall
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsLibbySchulze1
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Weaveworks
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Open-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildOpen-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildPacket
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Sanjeev Rampal
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerSanjeev Rampal
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoAndrew Randall
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Codemotion
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsDocker, Inc.
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadJeremy Schulman
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of ThingsAll Things Open
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016Apcera
 

What's hot (20)

Project calico - introduction
Project calico - introductionProject calico - introduction
Project calico - introduction
 
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
Container Networking: the Gotchas (Mesos London Meetup 11 May 2016)
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and Docker
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetes
 
Deploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vmsDeploying vn fs with kubernetes pods and vms
Deploying vn fs with kubernetes pods and vms
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
 
Open-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam RothschildOpen-IX Presentation: Datacenter Selection by Adam Rothschild
Open-IX Presentation: Datacenter Selection by Adam Rothschild
 
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
Triangle Kubernetes Meetup: Container cloud networking - Contiv for K8S & Ope...
 
NYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on DockerNYC Docker Meetup: Contiv networking on Docker
NYC Docker Meetup: Contiv networking on Docker
 
Onug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no videoOnug lunch talk may 12 2015 no video
Onug lunch talk may 12 2015 no video
 
Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...Microservices and containers networking: Contiv, an industry leading open sou...
Microservices and containers networking: Contiv, an industry leading open sou...
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
 
Drive into calico architecture
Drive into calico architectureDrive into calico architecture
Drive into calico architecture
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
 
Open Source & The Internet of Things
Open Source & The Internet of ThingsOpen Source & The Internet of Things
Open Source & The Internet of Things
 
KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016KURMA - A Containerized Container Platform - KubeCon 2016
KURMA - A Containerized Container Platform - KubeCon 2016
 

Similar to Introduction to the Container Networking and Security

Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingLee Calcote
 
How (and why!) we built Packet
How (and why!) we built Packet How (and why!) we built Packet
How (and why!) we built Packet Bob Sokol
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Cisco Canada
 
Building The Right Network
Building The Right NetworkBuilding The Right Network
Building The Right NetworkCisco Canada
 
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationDocker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationAdrien Blind
 
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...mCloud
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysAdam Johnson
 
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...DaoliCloud Ltd
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Brad Eckert
 
2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in production2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in productionSandor Szuecs
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCohesive Networks
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreCisco Canada
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITDocker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITStijn Wijndaele
 
'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPS'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPSACA IT-Solutions
 
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...Gilles Fedak
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Ryan Koop
 
Integrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementIntegrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementJoel W. King
 

Similar to Introduction to the Container Networking and Security (20)

Overlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container NetworkingOverlay/Underlay - Betting on Container Networking
Overlay/Underlay - Betting on Container Networking
 
How (and why!) we built Packet
How (and why!) we built Packet How (and why!) we built Packet
How (and why!) we built Packet
 
Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...Integration and Interoperation of existing Nexus networks into an ACI Archite...
Integration and Interoperation of existing Nexus networks into an ACI Archite...
 
Building The Right Network
Building The Right NetworkBuilding The Right Network
Building The Right Network
 
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationDocker cloud hybridation & orchestration
Docker cloud hybridation & orchestration
 
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization Overlays
 
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
A Novel Use of Openflow and Its Applications in Connecting Docker and Dummify...
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in production2018 04-06 kubernetes ingress in production
2018 04-06 kubernetes ingress in production
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centre
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITDocker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-IT
 
'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPS'DOCKER' & CLOUD: ENABLERS For DEVOPS
'DOCKER' & CLOUD: ENABLERS For DEVOPS
 
DevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDKDevCon5 (July 2014) - Acision SDK
DevCon5 (July 2014) - Acision SDK
 
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
Devcon3 : iExec Allowing Scalable, Efficient, and Virtualized Off-chain Execu...
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014
 
Building a Digital Telco
Building a Digital TelcoBuilding a Digital Telco
Building a Digital Telco
 
Integrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud managementIntegrating Ansible Tower with security orchestration and cloud management
Integrating Ansible Tower with security orchestration and cloud management
 
ACI Hands-on Lab
ACI Hands-on LabACI Hands-on Lab
ACI Hands-on Lab
 

More from Cloud 66

An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content) An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content) Cloud 66
 
How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?Cloud 66
 
Cloud66 workshop handouts
Cloud66 workshop handoutsCloud66 workshop handouts
Cloud66 workshop handoutsCloud 66
 
Workshop presentation
Workshop presentationWorkshop presentation
Workshop presentationCloud 66
 
Docker at Digital Ocean
Docker at Digital OceanDocker at Digital Ocean
Docker at Digital OceanCloud 66
 
An introduction to habitus
An introduction to habitusAn introduction to habitus
An introduction to habitusCloud 66
 

More from Cloud 66 (6)

An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content) An introduction to Starter (Updated Content)
An introduction to Starter (Updated Content)
 
How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?How the hell do I run my microservices in production, and will it scale?
How the hell do I run my microservices in production, and will it scale?
 
Cloud66 workshop handouts
Cloud66 workshop handoutsCloud66 workshop handouts
Cloud66 workshop handouts
 
Workshop presentation
Workshop presentationWorkshop presentation
Workshop presentation
 
Docker at Digital Ocean
Docker at Digital OceanDocker at Digital Ocean
Docker at Digital Ocean
 
An introduction to habitus
An introduction to habitusAn introduction to habitus
An introduction to habitus
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Introduction to the Container Networking and Security

  • 1. @projectcalico Sponsored by CONTAINER NETWORKING AN INTRODUCTION Ed Harrison @eepyaich 2nd February 2016
  • 2. @projectcalico Host Host Networking – why do I care? Application A service Host Yet another service … and another application … … another application  A service … another application
  • 3. @projectcalico Doesn’t Docker sort this out for me? Host [10.0.0.1] Application [172.17.0.2] A service [172.17.0.3] … another [172.17.0.4] Docker Bridge  Simple  Works “out of the box”  Easily understood  … but not “real IP networking”  Onerous port assignment constraints on applications  Requires app developers to be aware of constraints IP:10.0.0.1:80IP:10.0.0.1:80IP:10.0.0.1:8080
  • 4. @projectcalico What about multiple hosts, then? Overlay networks  Connect each container to a virtual Layer 2 segment  Separate “overlay” domain over “underlay” network with GRE, MPLS, VXLAN, or proprietary tunneling protocols  Allows for isolation between networks  But…  Lots of state – 1,000 machines => full mesh of 499,500 tunnels!  Breaking out of virtual network sandboxes requires NAT / router  Requires app developers to be networking experts Host [10.0.0.1] Host [10.0.0.2] 192.168.0.1 192.168.0.2 192.168.0.5 192.168.0.3192.168.0.4 172.17.0.2 172.17.0.3 192.168.0.0/16 172.17.0.0/16 10.0.0.0/24
  • 5. @projectcalico  Remember these “3 tier applications”? What about security then?
  • 8. @projectcalico The ideal security model Port 3306 Port 80
  • 9. @projectcalico Metaswitch Networks | Proprietary and confidential | © 2014 | 9
  • 11. @projectcalico The Internet Model Router Host Host Host Host RouterRouter IP IP IP IP … … …
  • 12. @projectcalico Project Calico HostHost Router Workload Workload Workload Workload RouterRouter IP IP IP IP Plugin … … …
  • 13. @projectcalico An open source project to enable scalable, simple and secure IP networking in a data center / cloud environment What is Calico? SimpleScalable Secure Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Rich micro-service policy framework
  • 14. @projectcalico Life Before and after Calico Before Calico After Calico Scale challenges above few hundred servers / thousands of workloads Scale to millions of workloads with minimal CPU and network overhead Troubleshooting connectivity issues can take hours What is happening is “obvious” – traceroute, ping, etc., work as expected EXITOn/off ramps + NAT to break out of overlay Path from workload to non-virtual device or public internet (or even between data centers) is just a route High availability / load balancing across links requires LB function (virtual or physical) and/or app-specific logic Equal Cost Multi-Path (ECMP) & Anycast just work, enabling scalable resilience and full utilization of physical links C C N A CCNA or equivalent required to understand end-to-end networking, deploy applications Basic IP networking knowledge only required
  • 15. @projectcalico Get Involved  Main project website: www.projectcalico.org  Github  github.com/projectcalico  Mailing list, Slack info:  projectcalico.org/contact/  freenode IRC: #calico  Download & try it out  We welcome your feedback and contributions  Follow us @projectcalico