Linux Bridges, IP Tables, and CNI Plug-Ins - A Container Networking Deepdive
Вставка
- Опубліковано 28 чер 2024
- In Season 2, Talk 13 of NetDevOps Live! is a deep dive into the details of container networking. Explore Linux bridges, veth pairs, and how they make containers net-work!
Full details at developer.cisco.com/netdevops...
Presenter: Matt Johnson / mattdashj
Topics Covered - Time Links
- Agenda 1:18
- Linux as a Software Switch/Router 1:53
- Demo 5:53
- Linux as a Software Switch/Router FOR CONTAINERS 8:22
- Demo: Default Docker Networking 8:56
- veth Pairs 10:43
- Demo 11:41
- veth Pairs in Containers 13:46
- Linux Network Namespaces 14:12
- Demo: Network Namespaces per Docker Container 15:40
- Demo: Docker Container in Host Default Namespace 21:40
- Demo: Docker Container with NO Network 24:45
- Review: Container Networking isn't Magic 30:26
- IP Tables and Container Internet Access 34:14
- IP Tables and Container Network Security 37:46
- Multi-Host Container Networking 38:43
- Sample Solutions (ie Flannel, Weave, etc) 42:19
- Look at Calico Networking 48:37
- CNI (Container Network Interface) 50:18
- The ACI CNI Plug-In 54:04
- Industry Developments 54:44
- Summary 57:57
- Webinar Resources 58:31
- Code Exchange Challenge 59:26
- Contact Info 1:01:07
- Closing Thoughts 1:01:32
Episode Description:
Containers are everywhere these days. Containers in the cloud, containers in the data center, containers on your laptop. I think there are even containers in containers… but how do they talk to each other? And by talk, we of course mean over the network.
While everyone loves a good mystery, a mysterious network is NEVER a good thing. In this session we'll shine a bright light on the "pipes" that connect all the whales together. Bust out your overalls and explore with us.
NetDevOps Live! is produced by Cisco DevNet. Details can be found at developer.cisco.com/netdevops... and follow NetDevOps Live! on Twitter at / netdevopslive - Наука та технологія
I was looking for deep dive into container networking, this is extremely well organised and explained. Thanks Matt and Hank for creating such wonderful content.
Crisp and concise ! Couldn't be better . Nice job Matt !
Thank you! This is the first good talk I found in 40min
i like the way of breaking things down, u should really post more videos like these get into the intricacies of how netwoking works, keep up the good work and thanks
fantastic session guys! great how you built the container networking manually! thx Matt!
Wow .. Pure Gold .. better than any paid courses
Extremely clear explanation - great work.
Very nice explanation covering lots of inner networking in depth. Thanks a lot
Ahhh I see so we’re not abstracting and assuming responsibilities not just for networking but also for container and switch/vnic networks... awesome!!! It’s about time!!!
Quality stuff , thanks very much!!
Amazing video!
Love the addition of the Cisco hold music lmao
I wonder do I need to have a bridge necessarily, can I connect couple of network namespaces vi mulitple veth interfaces?
Not working for me when I test through telnet, I get "no route to host" if I use host IP but if I use 127.0.0.1, successfully connect
Does anybody know how to use the normal docker command to either... setup a reverse tunnel (ie: inside the container, 127.0.0.1:27017 binds to a port in the host so that the container can get --network=none and just be given tunnels to what it needs. or: without using Kubernetes, bind two containers into the same localhost. I need this because I can't use DNS to connect between machines. I want to disable connections to anything but 127.0.0.1 ports created by a sidecar, and have the sidecar transparently do TLS between the sidecars. I would like to not use Kubernetes. I can make a much much simpler system if I can just use straight Docker commands. Right now, the only solution seems to be to Dockerfile re-package containers to have the sidecar running along side the container.
NetOps Automation or NetDevOps Analyst/Engineer/Architect/Fox - Generalized for new Networkers including Cloud...
I can not find github repo. does any one has it?
Did you watch till the end ? he did post all the links - Webinar Resources @58:31
`sudo plotnetcfg | dot -Tpdf > topology.pdf` to generate the pdf of the current net topology on the host.
I wonder if he is aware of his watch and did it on purpose.
Why are we using docker instances? Instead of Cisco virtual devices... ;/ ugh... I understand you want to share the toys but this is a Cisco Cert...