Linux Bridges, IP Tables, and CNI Plug-Ins - A Container Networking Deepdive

Ғылым және технология

In Season 2, Talk 13 of NetDevOps Live! is a deep dive into the details of container networking. Explore Linux bridges, veth pairs, and how they make containers net-work!
Full details at developer.cisco.com/netdevops...
Presenter: Matt Johnson / mattdashj
Topics Covered - Time Links
- Agenda 1:18
- Linux as a Software Switch/Router 1:53
- Demo 5:53
- Linux as a Software Switch/Router FOR CONTAINERS 8:22
- Demo: Default Docker Networking 8:56
- veth Pairs 10:43
- Demo 11:41
- veth Pairs in Containers 13:46
- Linux Network Namespaces 14:12
- Demo: Network Namespaces per Docker Container 15:40
- Demo: Docker Container in Host Default Namespace 21:40
- Demo: Docker Container with NO Network 24:45
- Review: Container Networking isn't Magic 30:26
- IP Tables and Container Internet Access 34:14
- IP Tables and Container Network Security 37:46
- Multi-Host Container Networking 38:43
- Sample Solutions (ie Flannel, Weave, etc) 42:19
- Look at Calico Networking 48:37
- CNI (Container Network Interface) 50:18
- The ACI CNI Plug-In 54:04
- Industry Developments 54:44
- Summary 57:57
- Webinar Resources 58:31
- Code Exchange Challenge 59:26
- Contact Info 1:01:07
- Closing Thoughts 1:01:32
Episode Description:
Containers are everywhere these days. Containers in the cloud, containers in the data center, containers on your laptop. I think there are even containers in containers… but how do they talk to each other? And by talk, we of course mean over the network.
While everyone loves a good mystery, a mysterious network is NEVER a good thing. In this session we'll shine a bright light on the "pipes" that connect all the whales together. Bust out your overalls and explore with us.
NetDevOps Live! is produced by Cisco DevNet. Details can be found at developer.cisco.com/netdevops... and follow NetDevOps Live! on Twitter at / netdevopslive

Пікірлер: 21

  • @vikas87922
    @vikas879224 жыл бұрын

    I was looking for deep dive into container networking, this is extremely well organised and explained. Thanks Matt and Hank for creating such wonderful content.

  • @nenunene2400
    @nenunene24004 жыл бұрын

    Wow .. Pure Gold .. better than any paid courses

  • @planesmypassion
    @planesmypassion4 жыл бұрын

    Crisp and concise ! Couldn't be better . Nice job Matt !

  • @jigneshpatel5469
    @jigneshpatel54695 ай бұрын

    Very nice explanation covering lots of inner networking in depth. Thanks a lot

  • @Vladerrama21
    @Vladerrama212 жыл бұрын

    fantastic session guys! great how you built the container networking manually! thx Matt!

  • @ChrisgammaDE
    @ChrisgammaDE4 жыл бұрын

    Thank you! This is the first good talk I found in 40min

  • @aimene_tayebbey
    @aimene_tayebbey4 жыл бұрын

    i like the way of breaking things down, u should really post more videos like these get into the intricacies of how netwoking works, keep up the good work and thanks

  • @maciaren
    @maciaren2 жыл бұрын

    Extremely clear explanation - great work.

  • @jjbb7010
    @jjbb70104 жыл бұрын

    Ahhh I see so we’re not abstracting and assuming responsibilities not just for networking but also for container and switch/vnic networks... awesome!!! It’s about time!!!

  • @rafaelmartineztomas4911
    @rafaelmartineztomas49113 жыл бұрын

    Quality stuff , thanks very much!!

  • @pablogoulart9500
    @pablogoulart95004 жыл бұрын

    Amazing video!

  • @karicallegra8194
    @karicallegra81944 жыл бұрын

    Love the addition of the Cisco hold music lmao

  • @mostafaemami8331
    @mostafaemami83312 жыл бұрын

    I wonder do I need to have a bridge necessarily, can I connect couple of network namespaces vi mulitple veth interfaces?

  • @wtt1296
    @wtt12963 жыл бұрын

    Not working for me when I test through telnet, I get "no route to host" if I use host IP but if I use 127.0.0.1, successfully connect

  • @robfielding8566
    @robfielding85664 жыл бұрын

    Does anybody know how to use the normal docker command to either... setup a reverse tunnel (ie: inside the container, 127.0.0.1:27017 binds to a port in the host so that the container can get --network=none and just be given tunnels to what it needs. or: without using Kubernetes, bind two containers into the same localhost. I need this because I can't use DNS to connect between machines. I want to disable connections to anything but 127.0.0.1 ports created by a sidecar, and have the sidecar transparently do TLS between the sidecars. I would like to not use Kubernetes. I can make a much much simpler system if I can just use straight Docker commands. Right now, the only solution seems to be to Dockerfile re-package containers to have the sidecar running along side the container.

  • @jjbb7010
    @jjbb70104 жыл бұрын

    NetOps Automation or NetDevOps Analyst/Engineer/Architect/Fox - Generalized for new Networkers including Cloud...

  • @Oswee
    @Oswee3 жыл бұрын

    `sudo plotnetcfg | dot -Tpdf > topology.pdf` to generate the pdf of the current net topology on the host.

  • @yasinlachini1791
    @yasinlachini17914 жыл бұрын

    I can not find github repo. does any one has it?

  • @yashmenpara8311

    @yashmenpara8311

    2 жыл бұрын

    Did you watch till the end ? he did post all the links - Webinar Resources @58:31

  • @cryp0g00n4
    @cryp0g00n43 жыл бұрын

    I wonder if he is aware of his watch and did it on purpose.

  • @jjbb7010
    @jjbb70104 жыл бұрын

    Why are we using docker instances? Instead of Cisco virtual devices... ;/ ugh... I understand you want to share the toys but this is a Cisco Cert...

Келесі