Introduction to Containers and Container Networking (Melbourne Cisco Data Centre Users Group)

Transcript

1. Chris Gascoigne Technical Solutions Architect October 2017 Introduction to Containers

   and Container Networking

2. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential What are containers?

3. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential Running applications – bare metal Server OS App Server OS App Server OS App Server OS App

4. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential Server OS App Hypervisor OS App OS App Server OS App Hypervisor OS App OS App Server OS App Hypervisor OS App OS App Server OS App Hypervisor OS App OS App Running applications – virtualisation

5. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Running applications – containers

6. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential • Yes and No … • Yes • Run multiple applications per host • Isolate adjacent applications to prevent conflict • Fair resource usage • No • Shared kernel – security implications • Shared kernel – (generally) containers must be same operating system • Containers use less resources (i.e. much quicker start up, less RAM/CPU required without hypervisor) So containers are like VMs?

7. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential So containers eliminate VMs? • Yes and No … • … deploying container hosts as VMs is very common Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Hypervisor Hypervisor Hypervisor Hypervisor

8. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential Why are customers adopting containers?

9. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

   Confidential I’ll give you a hint, it is not … … because of lower resource requirements

10. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential I’ll give you a hint, it is not … … because containers start up quicker

11. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential I’ll give you a hint, it is not … … to save money on vSphere licenses

12. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential I’ll give you a hint, it is not … … because they’re required for microservices

13. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential so? …

14. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Traditional application deployment environment C ++ .Net Java Developers Write Code Development Environment C ++ .Net Java Ops / IT Setup runtime environment IIS / Tomcat / JRE / … Linux / Windows / Unix Production Environment
15. None

16. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Modern application deployment environment Developers Ops / IT Write Code Setup container environment Container platform App Runtime OS packages App Runtime OS packages App Runtime OS packages Containers
17. None

18. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Docker architecture Image source:https://docs.docker.com/introduction/understanding-docker/

19. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Demo

20. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • CLI tool for defining and running multi container applications • Uses a YAML file • Leverages container linking • Can use dockerfiles Docker Compose https://www.docker.com/docker-compose

21. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Demo

22. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Who are the players?

23. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Container Ecosystem

24. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Container Ecosystem

25. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Container Ecosystem - Scheduling Docker Swarm

26. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Container Ecosystem - Scheduling Kubernetes

27. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Linux/Win App App App App Container Ecosystem - PaaS Kubernetes OpenShift <code>

28. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential

29. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Container Networking

30. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Proposed by Docker • Used by Docker Engine, Swarm, Compose, etc. • Driver APIs for • IPAM • Networks Container Networking Model (CNM)

31. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential libnetwork 31 BRKCLD-2022 Remote Drivers Contiv, Calico, Weave…. Native Drivers none, bridge, overlay, macvlan Docker Engine Libnetwork (CNM) IPAM • Service Discovery • Distributed Key Value Store • IP Address Mgmt • Gossip Protocol • Encryption “batteries included, but removable”

32. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Built-in network drivers Driver Model Bridge Host-only bridge NAT to expose services Host Host network namespaces All containers use same interfaces Overlay VXLAN encapsulation Docker control plane MACVLAN IP per container No NAT, No encapsulation

33. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Docker Bridge Driver

34. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Docker MACVLAN Driver

35. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Docker Overlay Driver

36. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential • Proposed by CoreOS • Used by Kubernetes • No separate IPAM driver Container Networking Interface (CNI)

37. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Networking challenges for containers

38. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Demo

39. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential 100% Open Source The Most Powerful Container Networking Fabric L2, L3, Overlay or ACI Rich Policies DevOps IT Admin Any Networking Any Platform Any Infrastructure Application Intent Rich Policy Declarative Simple Install GUI + CLI LDAP/RBAC Cisco Contiv

40. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential Docker Certified Plugin 41 https://store.docker.com/plugins/contiv

41. © 2017 Cisco and/or its affiliates. All rights reserved. Cisco

    Confidential • Use the network model that suits the infrastructure • Contiv provides flexibility on the network side with consistency on the application side • References: • https://github.com/contiv/netplugin • https://github.com/contiv/install Summary
42. None