Docker Networking

eth0

vethxxxx

vethyyyy

eth0

bridge

docker host

Sandbox

container network configurations

interfaces

dns

routing table

libnetwork

network namespace

network partition

linux

windows

CNM

sandbox

endpoint

endpoint

veth pair

virtual
 NICs

linux

windows

endpoint

networks

bridge

vswitch

linux

windows

network

namespace

eth0

vethxxx

overlay

app

libnetwork

driver (e.g. overlay)

docker engine

bridge

stack1

stack2

bridge1

stack1

stack2

bridge2

host

front tier

back tier

back tier

multi host networking

Src: The Container Network Model by libnetwork project by Docker . Released under Apache 2.0 License https://github.com/docker/libnetwork/blob/master/docs/design.md

CNM

```
Sandbox
```
```
Endpoint
```
```
Network
```

ingress

docker_gwbridge

docker_gwbridge

docker_gwbridge

ingress

docker_gwbridge

ingress-sbox

eth0

eth1

vethxx

vethyy

vx-001000-pqr

ov-001000-pqr

vxlan

bridge

veth pair

docker_gwbridge

swarm default networking on a host

ingress

ingress

docker_gwbridge

ingress-sbox

ov-001000-pqr

docker_gwbridge

container_sbox

ov-001002-lmn

vote overlay

eth0

eth1

user defined overlay network

redis

ov-001002-lmn

vote overlay n/w

redis

ov-001002-lmn

worker

vxlan

vxlan

services in overlay network

redis

vote overlay n/w

redis

worker

services in overlay network simplified

c1

c2

c3

task1.redis

services

c1

c2

c3

task2.redis

task3.redis

redis

10.0.0.5

10.0.0.12

10.0.0.8

10.0.0.15

vip

10.0.0.15

10.0.0.5

10.0.0.8

10.0.0.12

task3.redis

task2.redis

task1.redis

redis

swarm dns

scenario :  worker wants to discover redis and connect to it

redis

worker

c1

c2

c3

redis2

vote overlay n/w

redis1

worker

services in overlay network simplified

dockerd

dns

127.0.0.11

resolve

```
resolve request
```
```
dns => vip resolution
```
```
iptables (mangle)
```
```
ipvs
```
```
overlay
```

iptables

ipvs

worker

dockerd

dns

127.0.0.11

resolve

```
resolve request
```
```
dns => vip resolution
```
```
iptables (mangle)
```
```
ipvs
```
```
overlay
```

iptables

ipvs

redis2

vote overlay n/w

redis1

worker

dockerd

dns

```
resolve request
```
```
dns => vip resolution
```
```
iptables (mangle)
```
```
ipvs
```
```
overlay
```

iptables

ipvs

Internal Service Discovery /LB

redis2

ingress overlay n/w

redis1

ingress-sbox

External Service Discovery /LB

dockerd

dns

```
host:port
```
```
iptables,  
```
```
ingress-sbox, iptables
```
```
ipvs
```
```
ingress overlay
```
```
iptables port redirect
```

iptables

ipvs

host1:3000

docker_gwbridge

iptables

iptables redirect

Made with Slides.com