Illustrated Guide To Kubernetes Networking

569f10721398d92f5033097ac6d9132c?s=47 Tim Hockin
September 21, 2016
Technology
79
31k

Illustrated Guide To Kubernetes Networking

A short walk through of some ideas around container networking.

569f10721398d92f5033097ac6d9132c?s=128

Tim Hockin

September 21, 2016
Tweet

More Decks by Tim Hockin

See All by Tim Hockin
569f10721398d92f5033097ac6d9132c?s=48 thockin
3
180
569f10721398d92f5033097ac6d9132c?s=48 thockin
4
570
569f10721398d92f5033097ac6d9132c?s=48 thockin
2
160
569f10721398d92f5033097ac6d9132c?s=48 thockin
37
5.7k
569f10721398d92f5033097ac6d9132c?s=48 thockin
54
29k
569f10721398d92f5033097ac6d9132c?s=48 thockin
23
1.4k
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
130
569f10721398d92f5033097ac6d9132c?s=48 thockin
3
320
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
140

Other Decks in Technology

See All in Technology
53850955f15249a1a9dc49df6113e400?s=48 line_developers
1
420
D65bdfdd4762c763f71d08fd4d9fa511?s=48 sky_joker
2
490
Ccb58352bdd1be66ebb2daf12ba1b993?s=48 mirie_sd
0
170
405fe9ab689473f267e2cfbd95f78c75?s=48 kyonmm
0
1.5k
97a7f7899e0df28c3636b8d44bbe6578?s=48 korodroid
3
640
66a1bb94b08fe5dcd07635a59681626c?s=48 agilesingapore
0
160
0479057e04d0dbef40692b5f171f60e4?s=48 takanakahiko
0
120
457ada693e168bd1102fec3914040b5d?s=48 uipath_friends
0
130
457ada693e168bd1102fec3914040b5d?s=48 uipath_friends
0
130
3f848c0c0b9a6603894e157da93e4655?s=48 sadayoshitada0919
0
150
1b177b37d966f573b1df5d7218a5f560?s=48 k2wanko
1
200
0d29d155ce5c5a93ed46363626da3ea7?s=48 ocise
1
1.9k

Featured

See All Featured
245cee81a9c424266e5e401d844ea881?s=48 lara
590
60k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
366
42k
B47b288784fda77a94aeb234ca743c24?s=48 keavy
105
14k
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
6
730
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
3
370
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
154
6.2k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
5
540
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
622
40k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
319
53k
245cee81a9c424266e5e401d844ea881?s=48 lara
13
2.4k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
775
240k
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
399
20k

Transcript

  1. Google Cloud Platform An Illustrated Guide to Kubernetes Networking Tim

    Hockin <thockin@google.com> Senior Staff Software Engineer @thockin

  2. Google Cloud Platform Layer 2: ethernet

  3. Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16

    01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 switch

  4. Google Cloud Platform node-a node-c node-b node-d L2 to: 192.168.1.3

    from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04

  5. Google Cloud Platform node-d node-b node-a node-c L2 to: <broadcast>

    from: 11:22:33:44:55:01 who has 192.168.1.3? to: 192.168.1.3 from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 “ARP request”

  6. Google Cloud Platform node-a node-c node-b node-d L2 to: 192.168.1.3

    from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 to: 11:22:33:44:55:01 from: 11:22:33:44:55:03 I have 192.168.1.3 “ARP response”

  7. Google Cloud Platform node-a node-c node-b node-d L2 to: 192.168.1.3

    via: 11:22:33:44:55:03 from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04

  8. Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 11:22:33:44:55:01 L2

    with containers cbr0: 10.0.1.1/24 ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24

  9. Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16

    01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02

  10. Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16

    01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 from: 10.0.1.2 GET /

  11. Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16

    01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 from: 10.0.1.2 GET / to: <broadcast> from: aa:bb:cc:dd:e1:01 who has 10.0.3.2? “ARP request”

  12. Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16

    01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 from: 10.0.1.2 GET / to: aa:bb:cc:dd:e1:01 from: 11:22:33:44:55:03 I have 10.0.3.2 “proxy ARP response”

  13. Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16

    01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 via: 11:22:33:44:55:03 from: 10.0.1.2 GET /

  14. Google Cloud Platform Layer 3 - IP

  15. Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 gateway

  16. Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 to: 192.168.1.3 from: 192.168.1.1 GET /

  17. Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 to: 192.168.1.3 from: 192.168.1.1 GET /

  18. Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 to: 192.168.1.3 from: 192.168.1.1 GET / routing decision, static or learned (e.g. BGP)

  19. Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2

  20. Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET /

  21. Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET /

  22. Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET / routing decision, static or learned (e.g. BGP)

  23. Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32

    192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET /

  24. Google Cloud Platform Overlays Q: When should I use an

    overlay? A: When nothing else works, or when you have specific reasons to want it (e.g. the added value of management)

  25. Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 Overlay (e.g.

    flannel, weave) cbr0: 10.0.1.1/24 ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16

  26. Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24

    ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)

  27. Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24

    ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)

  28. Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24

    ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)

  29. Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24

    ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 192.168.1.3 from: 192.168.1.1 encap: to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)

  30. Google Cloud Platform node-a 192.168.1.1/16 node-c node-b node-d 192.168.1.2/16 192.168.1.3/16

    192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 Overlay (e.g. flannel, weave)

  31. Google Cloud Platform node-c root netns eth0: 192.168.1.3/16 cbr0: 10.0.3.1/24

    ctr-4 eth0: 10.0.3.2/24 ctr-5 eth0: 10.0.3.3/24 ctr-6 eth0: 10.0.3.4/24 flannel0: 10.0.3.254/16 to: 192.168.1.3 from: 192.168.1.1 encap: to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)

  32. Google Cloud Platform node-c root netns eth0: 192.168.1.3/16 cbr0: 10.0.3.1/24

    ctr-4 eth0: 10.0.3.2/24 ctr-5 eth0: 10.0.3.3/24 ctr-6 eth0: 10.0.3.4/24 flannel0: 10.0.3.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)

  33. Google Cloud Platform node-c root netns eth0: 192.168.1.3/16 cbr0: 10.0.3.1/24

    ctr-4 eth0: 10.0.3.2/24 ctr-5 eth0: 10.0.3.3/24 ctr-6 eth0: 10.0.3.4/24 flannel0: 10.0.3.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)

  34. Google Cloud Platform Overlays - the hard part

  35. Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16

    192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 Overlay (e.g. flannel, weave)

  36. Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16

    192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 192.168.1.2 GET / Overlay (e.g. flannel, weave)

  37. Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16

    192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 192.168.1.2 GET / Overlay (e.g. flannel, weave)

  38. Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16

    192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 192.168.1.2 GET / ?!?! Overlay (e.g. flannel, weave)

  39. Google Cloud Platform We need a bridge between the physical

    and overlay networks...

  40. Google Cloud Platform We need a bridge between the physical

    and overlay networks... • could: route to nodes • could: route to 1 or more bridge machines • could: run flannel on client machines

  41. Google Cloud Platform We need a bridge between the physical

    and overlay networks... • could: route to nodes • could: route to 1 or more bridge machines • could: run flannel on client machines • see “When should I use an overlay?”