Docker in Production

About Host networking

[2015/8/19] Docker Meetup Tokyo #5

Yu Yamanaka (@yuurelx)

DevOps engineer at peroli, Inc.

By the way,

do you know largest curation media in Japan?

The largest one is NAVER matome by LINE

And MERY

PV = 250 million

UU = 19 millon

Web Media + Native Apps + Ad Platform + ??

We are using Docker in our Production!

Main Topic

About

Host networking

We are deploying containers with Host net. mode

Because it makes

easier to lay out network and faster than default mode

1. About networking modes

2. Host net. is easier

3. Host net. is faster

Subtopics

1. Docker Networking modes

  • Bridge (default)
  • Host  (--net=host)
  • Container
  • None

Bridge mode

(From: "http://www.agilegroup.co.jp/technote/docker-network-in-bridge.html")

Host mode

Using host machine's network stack!

2. Host net. is easier

Bridge mode

We need to pass host's IP to conatiners...

$ HOST_IP=`ip addr show eth0 | grep -oE 'inet [^/]+' | cut -d ' ' -f 2`
$ docker run -d -E DB_HOST=$HOST_IP awesome_app:latest

config/database.yml
------------------------------
production:
  host: <%= ENV['DB_HOST'] %>
  username: user
  password: secret
...
------------------------------

etc...

What a hassle!

Host mode

Only specifying '127.0.0.1'

like a native one!

$ docker run -d --net=host awesome_app:latest

config/database.yml
------------------------------
production:
  host: 127.0.0.1
  username: user
  password: secret
...
------------------------------

etc...

127.0.0.1

Of course, elegant solution is  containerizing all software on a server and link each other.

"Great idea, but not so good in reality"

3. Host net. is faster

Native vs Docker (bridge net.)

Apache Bench

container

100%

110%

About 10% slower...

1000 reqs

(by 65 sessions)

DB

Native vs Docker (host net.)

Apache Bench

container

100%

100%

No overhead!

DB

FASTER IS BETTER

Conclusion

Host net. mode makes

easier to lay out network and faster than default mode

But it sacrifices Docker's portability and  independence. (e.g. port collision)

You should use this with caution!

Let's deploy containers

to your production!

Thank you for your attention!

Yu Yamanaka (@yuurelx)

DevOps engineer at peroli, Inc.