New Container Network Model @ Docker 1.9

Docker 1.9 new networking is Software Defined Networking (SDN) for containers. Pushing the experimental version to the public was a right thing Docker Inc. did few months back and now when it is production ready, it is surely going to make Docker, an Enterprise Ready product.With SDN ,developers can breathe a flexibility to network their apps as you want without having to wait on the network operations team.

Docker 1.9 brings totally a new way of getting started with Networking straight away by using the new docker network command.In Docker 1.9, Networking is ready to use in production and works with Swarm and Compose. Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They seamlessly communicate with each other wherever they are – thus enabling true distributed applications.

Docker networking allows connectivity for containers to each other across different physical or virtual hosts. An Interesting stuff is containers using Networking can be easily stopped, started and restarted without disrupting the connections to other containers –    You don’t need to create a container before you can link to it. With Networking containers be created in any order and discover each other using their container names.

Libnetwork implements Container Network Model (CNM) which offers networking for containers while providing an abstraction that can be used to support multiple network drivers. It lies on 3 major components:

network-2

Sandbox

A Sandbox contains the configuration of a container’s network stack. This includes management of the container’s interfaces, routing table and DNS settings. An implementation of a Sandbox could be a Linux Network Namespace, a FreeBSD Jail or other similar concept. A Sandbox may contain many endpoints from multiple networks.

Endpoint

An Endpoint joins a Sandbox to a Network. An implementation of an Endpoint could be a veth pair, an Open vSwitch internal port or similar. An Endpoint can belong to only one network but may only belong to one Sandbox.

Network

A Network is a group of Endpoints that are able to communicate with each-other directly. An implementation of a Network could be a Linux bridge, a VLAN, etc. Networks consist of many endpoints.

I spent couple of hours understanding how Docker network actually works.

Let me share my findings with you all:

Installing Docker 1.9 on Ubuntu 14.04.3

Below script will help you setup Docker 1.9 on Ubuntu 14.04.3 on the fly:

root@dell-virtual-machine:~# less script

# Check that HTTPS transport is available to APT
if [ ! -e /usr/lib/apt/methods/https ]; then
apt-get update
apt-get install -y apt-transport-https
fi

# Add the repository to your APT sources
echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list

# Then import the repository key
apt-key adv –keyserver hkp://p80.pool.sks-keyservers.net:80 –recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

# Install docker
apt-get update
apt-get install -y lxc-docker

#
# Alternatively, just use the curl-able install.sh script provided at https://get.docker.com
#

Executing the script will help you with Docker 1.9. I could see lxc-docker getting installing removing docker.io package. Good going ..

The following extra packages will be installed:
lxc-docker-1.9.0
The following packages will be REMOVED:
docker.io
The following NEW packages will be installed:
lxc-docker lxc-docker-1.9.0
0 upgraded, 2 newly installed, 1 to remove and 181 not upgraded.
Need to get 8,487 kB of archives.
After this operation, 1,236 kB of additional disk space will be used.
Get:1 https://get.docker.com/ubuntu/ docker/main lxc-docker amd64 1.9.0 [2,092 B]
Fetched 8,487 kB in 40s (211 kB/s)
(Reading database … 209652 files and directories currently installed.)
Removing docker.io (1.6.2~dfsg1-1ubuntu4~14.04.1) …
docker stop/waiting
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Selecting previously unselected package lxc-docker-1.9.0.
(Reading database … 209562 files and directories currently installed.)
Preparing to unpack …/lxc-docker-1.9.0_1.9.0_amd64.deb …
Unpacking lxc-docker-1.9.0 (1.9.0) …
Selecting previously unselected package lxc-docker.
Preparing to unpack …/lxc-docker_1.9.0_amd64.deb …
Unpacking lxc-docker (1.9.0) …
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Processing triggers for ureadahead (0.100.0-16) …
Setting up lxc-docker-1.9.0 (1.9.0) …
Installing new version of config file /etc/init.d/docker …
Installing new version of config file /etc/init/docker.conf …
docker start/running, process 1838
Processing triggers for ureadahead (0.100.0-16) …
Setting up lxc-docker (1.9.0) …
root@dell-virtual-machine:~#

Running Docker daemon

root@dell-virtual-machine:~# docker daemon -H unix:///var/run/docker.sock       INFO[0000] API listen on /var/run/docker.sock
INFO[0000] [graphdriver] using prior storage driver “aufs”
INFO[0000] Firewalld running: true
INFO[0000] Default bridge (docker0) is assigned with an IP address 172.17.42.1/16. Daemon option –bip can be used to set a preferred IP address
WARN[0000] Your kernel does not support swap memory limit.
INFO[0000] Loading containers: start.
………………………………………………………………………………………………………………………………….
INFO[0000] Loading containers: done.
INFO[0000] Daemon has completed initialization
INFO[0000] Docker daemon                                 commit=76d6bc9 execdriver=native-0.2 graphdriver=aufs version=1.9.0

Switch to new terminal in case you are keen on seeing what goes behind the hood.

Hurray!! a new Docker 1.9 is right there on your Ubuntu box.

root@dell-virtual-machine:/home/dell# docker version
Client:
Version:      1.9.0
API version:  1.21
Go version:   go1.4.3
Git commit:   76d6bc9
Built:        Tue Nov  3 19:20:09 UTC 2015
OS/Arch:      linux/amd64

Server:
Version:      1.9.0
API version:  1.21
Go version:   go1.4.3
Git commit:   76d6bc9
Built:        Tue Nov  3 19:20:09 UTC 2015
OS/Arch:      linux/amd64
root@dell-virtual-machine:/home/dell#

I am keen on looking what new commands has arrived right there:

docker-network

root@dell-virtual-machine:/home/dell# docker
Usage: docker [OPTIONS] COMMAND [arg…]
docker daemon [ –help | … ]
docker [ –help | -v | –version ]

A self-sufficient runtime for containers.

Options:

–config=~/.docker                 Location of client config files
-D, –debug=false                  Enable debug mode
–disable-legacy-registry=false    Do not contact legacy registries
-H, –host=[]                      Daemon socket(s) to connect to
-h, –help=false                   Print usage
-l, –log-level=info               Set the logging level
–tls=false                        Use TLS; implied by –tlsverify
–tlscacert=~/.docker/ca.pem       Trust certs signed only by this CA
–tlscert=~/.docker/cert.pem       Path to TLS certificate file
–tlskey=~/.docker/key.pem         Path to TLS key file
–tlsverify=false                  Use TLS and verify the remote
-v, –version=false                Print version information and quit

Commands:
attach    Attach to a running container
build     Build an image from a Dockerfile
commit    Create a new image from a container’s changes
cp        Copy files/folders between a container and the local filesystem
create    Create a new container
diff      Inspect changes on a container’s filesystem
events    Get real time events from the server
exec      Run a command in a running container
export    Export a container’s filesystem as a tar archive
history   Show the history of an image
images    List images
import    Import the contents from a tarball to create a filesystem image
info      Display system-wide information
inspect   Return low-level information on a container or image
kill      Kill a running container
load      Load an image from a tar archive or STDIN
login     Register or log in to a Docker registry
logout    Log out from a Docker registry
logs      Fetch the logs of a container
network   Manage Docker networks
pause     Pause all processes within a container
port      List port mappings or a specific mapping for the CONTAINER
ps        List containers
pull      Pull an image or a repository from a registry
push      Push an image or a repository to a registry
rename    Rename a container
restart   Restart a container
rm        Remove one or more containers
rmi       Remove one or more images
run       Run a command in a new container
save      Save an image(s) to a tar archive
search    Search the Docker Hub for images
start     Start one or more stopped containers
stats     Display a live stream of container(s) resource usage statistics
stop      Stop a running container
tag       Tag an image into a repository
top       Display the running processes of a container
unpause   Unpause all processes within a container
version   Show the Docker version information
volume    Manage Docker volumes
wait      Block until a container stops, then print its exit code

Run ‘docker COMMAND –help’ for more information on a command.
root@dell-virtual-machine:/home/dell#

Docker 1.9.0 Client Binary
Docker Machine 0.5.0
Docker Compose 0.5.0
Docker Toolbox 1.9.0
Docker Swarm 1.0.0

Wow…swarm, toolbox, compose, machine all with a new version. Awesome !!

Let’s start playing around Docker network command. I am going to pull nginx first.

root@dell-virtual-machine:~# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
d0ca40da9e35: Pull complete
d1f66aef36c9: Pull complete
192997133528: Pull complete
c4b09a941684: Pull complete
4174aa7c7be8: Pull complete
0620b22b5443: Pull complete
87c3b9f58480: Pull complete
7d984375a5e7: Pull complete
e491c4f10eb2: Pull complete
edeba58b4ca7: Pull complete
a96311efcda8: Pull complete
914c82c5a678: Pull complete
Digest: sha256:b24651e86659a5d1e4103f8c1ea49567335528281c1678697783ae7569114e1e
Status: Downloaded newer image for nginx:latest
root@dell-virtual-machine:~#

Let’s see what Docker network has to say:

root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
c03582079d99        none                null
9a7a4791e2ec        host                host
root@dell-virtual-machine:~#

Cool…

Its time to start nginx on the new network of my interest. I will name it “web”.(sounds good Huh !!!)

root@dell-virtual-machine:~# docker run -itd –net=web –name web nginx
2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f
root@dell-virtual-machine:~#

Let me check the docker network again.
root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
c03582079d99        none                null
9a7a4791e2ec        host                host
root@dell-virtual-machine:~#

Fair enough. I can see it listed here.

Let’s play around it again. This time let me name it as “newapp”.

root@dell-virtual-machine:~# docker run -itd –net=newapp –net=myapp nginx
23722f062a29e735d027c324968e732124215e028d72d416f601807c5e28d448
root@dell-virtual-machine:~#

Let’s check it again.

root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
c03582079d99        none                null
9a7a4791e2ec        host                host
8fdc0ce3c468        myapp               bridge
root@dell-virtual-machine:~#

Yipee.. there goes my “myapp” listed.

let us connect my web container to myapp network as shown:

root@dell-virtual-machine:~# docker network connect myapp web
root@dell-virtual-machine:~# docker network ls
NETWORK ID          NAME                DRIVER
c03582079d99        none                null
9a7a4791e2ec        host                host
8fdc0ce3c468        myapp               bridge
69b253ef50d1        bridge              bridge
a743bde2e8b9        web                 bridge
root@dell-virtual-machine:~#

Good. Let us try to see if inspect works for network command too.

root@dell-virtual-machine:~# docker network inspect myapp
[
{
“Name”: “myapp”,
“Id”: “8fdc0ce3c468e8fccd513acc63171e168a823f80d61aca3529605961c5b96aab”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{}
]
},
“Containers”: {
“2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f”: {
“EndpointID”: “fa6efb254809007debb75ea3ce694624809452466a14a1306844eaf97ca2094a”,
“MacAddress”: “02:42:ac:13:00:03”,
“IPv4Address”: “172.19.0.3/16”,
“IPv6Address”: “”
},
“23722f062a29e735d027c324968e732124215e028d72d416f601807c5e28d448”: {
“EndpointID”: “35cfb86fe4c7bab266a1e671a37fc3ea28fb5382ccd7e1d032f6d1c53b50e509”,
“MacAddress”: “02:42:ac:13:00:02”,
“IPv4Address”: “172.19.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {}
}
]
root@dell-virtual-machine:~#

root@dell-virtual-machine:~# docker network inspect web
[
{
“Name”: “web”,
“Id”: “a743bde2e8b912838dc1216b338b367b0c8fc9f224c7625f1078fbf96a7990ef”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{}
]
},
“Containers”: {
“2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f”: {
“EndpointID”: “e3297e59f8613806ad1e4d9fb505f9636e581ad9986c3e5bbd2b1391d0d488ed”,
“MacAddress”: “02:42:ac:12:00:02”,
“IPv4Address”: “172.18.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {}
}
]

This is super cool. I can see detailed information of all container tied to my web applications.

How about network bridge? Let’s try it :

root@dell-virtual-machine:~# docker network inspect bridge
[
{
“Name”: “bridge”,
“Id”: “69b253ef50d1640934b467c9a1ced5dee1b187082fa95da9ed6c9e1e9eb972bb”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{
“Subnet”: “172.17.42.1/16”,
“Gateway”: “172.17.42.1”
}
]
},
“Containers”: {},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
“com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
}
}
]
root@dell-virtual-machine:~#

root@dell-virtual-machine:~# docker network inspect host
[
{
“Name”: “host”,
“Id”: “9a7a4791e2ecc6b745721109d7d77c4ef5fa601e3b43c4b6415fd4851351d759”,
“Scope”: “local”,
“Driver”: “host”,
“IPAM”: {
“Driver”: “default”,
“Config”: []
},
“Containers”: {},
“Options”: {}
}
]
root@dell-virtual-machine:~#

I think the new “docker network” command is simply awesome.Docker is all about application and Docker folks have done a right job of concentrating completely on application design. This tool is surely going to be an amazing tool for developers as they now don’t have to worry about “Network Administrator” job. Its all purely “Dev-Ops Re-Org”.

Will be back with more exploration on “Docker Networking”.

Leave a Reply

Your email address will not be published. Required fields are marked *