Slide 1
Slide 1 text
Google Cloud Platform
An Illustrated Guide to
Kubernetes Networking
Tim Hockin
Senior Staff Software Engineer
@thockin
Slide 2
Slide 2 text
Google Cloud Platform
Layer 2: ethernet
Slide 3
Slide 3 text
Google Cloud Platform
node-a
node-c
node-b
node-d
192.168.1.1/16
11:22:33:44:55:01
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
L2
switch
Slide 4
Slide 4 text
Google Cloud Platform
node-a
node-c
node-b
node-d
L2
to: 192.168.1.3
from: 192.168.1.1
GET / 192.168.1.1/16
11:22:33:44:55:01
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
Slide 5
Slide 5 text
Google Cloud Platform
node-d
node-b
node-a
node-c
L2
to:
from: 11:22:33:44:55:01
who has 192.168.1.3?
to: 192.168.1.3
from: 192.168.1.1
GET / 192.168.1.1/16
11:22:33:44:55:01
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
“ARP request”
Slide 6
Slide 6 text
Google Cloud Platform
node-a
node-c
node-b
node-d
L2
to: 192.168.1.3
from: 192.168.1.1
GET / 192.168.1.1/16
11:22:33:44:55:01
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
to: 11:22:33:44:55:01
from: 11:22:33:44:55:03
I have 192.168.1.3
“ARP response”
Slide 7
Slide 7 text
Google Cloud Platform
node-a
node-c
node-b
node-d
L2
to: 192.168.1.3
via: 11:22:33:44:55:03
from: 192.168.1.1
GET /
192.168.1.1/16
11:22:33:44:55:01
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
Slide 8
Slide 8 text
Google Cloud Platform
node-a
root netns
eth0: 192.168.1.1/16
11:22:33:44:55:01
L2 with containers
cbr0: 10.0.1.1/24
ctr-1
eth0: 10.0.1.2/24
ctr-2
eth0: 10.0.1.3/24
ctr-3
eth0: 10.0.1.4/24
Slide 9
Slide 9 text
Google Cloud Platform
node-a
192.168.1.1/16
11:22:33:44:55:01
node-c
node-b
node-d
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
L2
ctr-1 10.0.1.2
aa:bb:cc:dd:e1:01
ctr-2 10.0.3.2
aa:bb:cc:dd:e3:02
Slide 10
Slide 10 text
Google Cloud Platform
node-a
192.168.1.1/16
11:22:33:44:55:01
node-c
node-b
node-d
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
L2
ctr-1 10.0.1.2
aa:bb:cc:dd:e1:01
ctr-2 10.0.3.2
aa:bb:cc:dd:e3:02
to: 10.0.3.2
from: 10.0.1.2
GET /
Slide 11
Slide 11 text
Google Cloud Platform
node-a
192.168.1.1/16
11:22:33:44:55:01
node-c
node-b
node-d
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
L2
ctr-1 10.0.1.2
aa:bb:cc:dd:e1:01
ctr-2 10.0.3.2
aa:bb:cc:dd:e3:02
to: 10.0.3.2
from: 10.0.1.2
GET /
to:
from: aa:bb:cc:dd:e1:01
who has 10.0.3.2?
“ARP request”
Slide 12
Slide 12 text
Google Cloud Platform
node-a
192.168.1.1/16
11:22:33:44:55:01
node-c
node-b
node-d
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
L2
ctr-1 10.0.1.2
aa:bb:cc:dd:e1:01
ctr-2 10.0.3.2
aa:bb:cc:dd:e3:02
to: 10.0.3.2
from: 10.0.1.2
GET /
to: aa:bb:cc:dd:e1:01
from: 11:22:33:44:55:03
I have 10.0.3.2
“proxy ARP
response”
Slide 13
Slide 13 text
Google Cloud Platform
node-a
192.168.1.1/16
11:22:33:44:55:01
node-c
node-b
node-d
192.168.1.2/16
01:23:45:67:89:02
192.168.1.3/16
11:22:33:44:55:03
192.168.1.4/16
01:23:45:67:89:04
L2
ctr-1 10.0.1.2
aa:bb:cc:dd:e1:01
ctr-2 10.0.3.2
aa:bb:cc:dd:e3:02
to: 10.0.3.2
via: 11:22:33:44:55:03
from: 10.0.1.2
GET /
Slide 14
Slide 14 text
Google Cloud Platform
Layer 3 - IP
Slide 15
Slide 15 text
Google Cloud Platform
node-a
node-c
node-b
node-d
192.168.1.1/32 192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
gateway
Slide 16
Slide 16 text
Google Cloud Platform
node-a
node-c
node-b
node-d
192.168.1.1/32 192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
to: 192.168.1.3
from: 192.168.1.1
GET /
Slide 17
Slide 17 text
Google Cloud Platform
node-a
node-c
node-b
node-d
192.168.1.1/32 192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
to: 192.168.1.3
from: 192.168.1.1
GET /
Slide 18
Slide 18 text
Google Cloud Platform
node-a
node-c
node-b
node-d
192.168.1.1/32 192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
to: 192.168.1.3
from: 192.168.1.1
GET /
routing decision,
static or learned
(e.g. BGP)
Slide 19
Slide 19 text
Google Cloud Platform
node-a
192.168.1.1/32
node-c
node-b
node-d
192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
ctr-1 10.0.1.2
ctr-2 10.0.3.2
Slide 20
Slide 20 text
Google Cloud Platform
node-a
192.168.1.1/32
node-c
node-b
node-d
192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
ctr-1 10.0.1.2
ctr-2 10.0.3.2
to: 10.0.3.2
from: 10.0.1.2
GET /
Slide 21
Slide 21 text
Google Cloud Platform
node-a
192.168.1.1/32
node-c
node-b
node-d
192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
ctr-1 10.0.1.2
ctr-2 10.0.3.2
to: 10.0.3.2
from: 10.0.1.2
GET /
Slide 22
Slide 22 text
Google Cloud Platform
node-a
192.168.1.1/32
node-c
node-b
node-d
192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
ctr-1 10.0.1.2
ctr-2 10.0.3.2
to: 10.0.3.2
from: 10.0.1.2
GET /
routing decision,
static or learned
(e.g. BGP)
Slide 23
Slide 23 text
Google Cloud Platform
node-a
192.168.1.1/32
node-c
node-b
node-d
192.168.1.2/32
192.168.1.3/32 192.168.1.4/32
L3
ctr-1 10.0.1.2
ctr-2 10.0.3.2
to: 10.0.3.2
from: 10.0.1.2
GET /
Slide 24
Slide 24 text
Google Cloud Platform
Overlays
Q: When should I use an overlay?
A: When nothing else works, or when you have
specific reasons to want it (e.g. the added value
of management)
Slide 25
Slide 25 text
Google Cloud Platform
node-a
root netns
eth0: 192.168.1.1/16
Overlay (e.g. flannel, weave)
cbr0: 10.0.1.1/24
ctr-1
eth0: 10.0.1.2/24
ctr-2
eth0: 10.0.1.3/24
ctr-3
eth0: 10.0.1.4/24
flannel0: 10.0.1.254/16
Slide 26
Slide 26 text
Google Cloud Platform
node-a
root netns
eth0: 192.168.1.1/16
cbr0: 10.0.1.1/24
ctr-1
eth0: 10.0.1.2/24
ctr-2
eth0: 10.0.1.3/24
ctr-3
eth0: 10.0.1.4/24
flannel0: 10.0.1.254/16
to: 10.0.3.2
from: 10.0.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 27
Slide 27 text
Google Cloud Platform
node-a
root netns
eth0: 192.168.1.1/16
cbr0: 10.0.1.1/24
ctr-1
eth0: 10.0.1.2/24
ctr-2
eth0: 10.0.1.3/24
ctr-3
eth0: 10.0.1.4/24
flannel0: 10.0.1.254/16
to: 10.0.3.2
from: 10.0.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 28
Slide 28 text
Google Cloud Platform
node-a
root netns
eth0: 192.168.1.1/16
cbr0: 10.0.1.1/24
ctr-1
eth0: 10.0.1.2/24
ctr-2
eth0: 10.0.1.3/24
ctr-3
eth0: 10.0.1.4/24
flannel0: 10.0.1.254/16
to: 10.0.3.2
from: 10.0.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 29
Slide 29 text
Google Cloud Platform
node-a
root netns
eth0: 192.168.1.1/16
cbr0: 10.0.1.1/24
ctr-1
eth0: 10.0.1.2/24
ctr-2
eth0: 10.0.1.3/24
ctr-3
eth0: 10.0.1.4/24
flannel0: 10.0.1.254/16
to: 192.168.1.3
from: 192.168.1.1
encap:
to: 10.0.3.2
from: 10.0.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 30
Slide 30 text
Google Cloud Platform
node-a
192.168.1.1/16
node-c
node-b
node-d
192.168.1.2/16
192.168.1.3/16 192.168.1.4/16
ctr-1 10.0.1.2
ctr-2 10.0.3.2
Overlay (e.g. flannel, weave)
Slide 31
Slide 31 text
Google Cloud Platform
node-c
root netns
eth0: 192.168.1.3/16
cbr0: 10.0.3.1/24
ctr-4
eth0: 10.0.3.2/24
ctr-5
eth0: 10.0.3.3/24
ctr-6
eth0: 10.0.3.4/24
flannel0: 10.0.3.254/16
to: 192.168.1.3
from: 192.168.1.1
encap:
to: 10.0.3.2
from: 10.0.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 32
Slide 32 text
Google Cloud Platform
node-c
root netns
eth0: 192.168.1.3/16
cbr0: 10.0.3.1/24
ctr-4
eth0: 10.0.3.2/24
ctr-5
eth0: 10.0.3.3/24
ctr-6
eth0: 10.0.3.4/24
flannel0: 10.0.3.254/16
to: 10.0.3.2
from: 10.0.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 33
Slide 33 text
Google Cloud Platform
node-c
root netns
eth0: 192.168.1.3/16
cbr0: 10.0.3.1/24
ctr-4
eth0: 10.0.3.2/24
ctr-5
eth0: 10.0.3.3/24
ctr-6
eth0: 10.0.3.4/24
flannel0: 10.0.3.254/16
to: 10.0.3.2
from: 10.0.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 34
Slide 34 text
Google Cloud Platform
Overlays - the hard part
Slide 35
Slide 35 text
Google Cloud Platform
node-a
192.168.1.1/16
node-c
non-node
node-d
192.168.1.2/16
192.168.1.3/16 192.168.1.4/16
ctr-1 10.0.1.2
ctr-2 10.0.3.2
Overlay (e.g. flannel, weave)
Slide 36
Slide 36 text
Google Cloud Platform
node-a
192.168.1.1/16
node-c
non-node
node-d
192.168.1.2/16
192.168.1.3/16 192.168.1.4/16
ctr-1 10.0.1.2
ctr-2 10.0.3.2
to: 10.0.3.2
from: 192.168.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 37
Slide 37 text
Google Cloud Platform
node-a
192.168.1.1/16
node-c
non-node
node-d
192.168.1.2/16
192.168.1.3/16 192.168.1.4/16
ctr-1 10.0.1.2
ctr-2 10.0.3.2
to: 10.0.3.2
from: 192.168.1.2
GET /
Overlay (e.g. flannel, weave)
Slide 38
Slide 38 text
Google Cloud Platform
node-a
192.168.1.1/16
node-c
non-node
node-d
192.168.1.2/16
192.168.1.3/16 192.168.1.4/16
ctr-1 10.0.1.2
ctr-2 10.0.3.2
to: 10.0.3.2
from: 192.168.1.2
GET /
?!?!
Overlay (e.g. flannel, weave)
Slide 39
Slide 39 text
Google Cloud Platform
We need a bridge between the
physical and overlay networks...
Slide 40
Slide 40 text
Google Cloud Platform
We need a bridge between the
physical and overlay networks...
• could: route to nodes
• could: route to 1 or more bridge machines
• could: run flannel on client machines
Slide 41
Slide 41 text
Google Cloud Platform
We need a bridge between the
physical and overlay networks...
• could: route to nodes
• could: route to 1 or more bridge machines
• could: run flannel on client machines
• see “When should I use an overlay?”