Titus AWS VPC networking for containers

•

0 likes•305 views

Andrew Leung

An overview of how Netflix integrates AWS VPC networking into Titus, its container cloud.

Technology

7
Titus
mesos
executor
Titus network
driver
Docker engine
EC2 Instance
In: Network params
Out: Network pod root
New task
Container create/start
--net=container:<pod id>
Task Status
create/start pod
container

9
Create
NS Configurator
IP Allocator
NS Allocator
Http
IP +
params
NS ref
Configured
network ns
(pod root)
params
Container id

EC2 Instanceeth1
ENI1
SecGrp=A
eth2
ENI2
SecGrp=X
eth3
ENI3
SecGrp=Y,Z
IP 2 (primary)
IP 3
IP 6 (primary)IP 1 (primary)
IP 4
IP 5
IP 7
IP 8

No IP, SecGrp A
Task 0
SecGrp Y,Z
Task 1 Task 2 Task 3
Titus EC2 Host VMeth1
ENI1
SecGrp=A
eth2
ENI2
SecGrp=X
eth3
ENI3
SecGrp=Y,Z
IP 1
IP 2
IP 3
pod root
veth<id>
app
SecGrp X
pod root
veth<id>
app
SecGrp X
pod root
veth<id>
appapp
veth<id>
Linux Policy Based
Routing + Traffic Control
Titus
EC2
Metadata
Proxy
169.254.169.254
IPTables NAT (*)
* **
169.254.169.254
Non-routable IP
*

● Container IP: 100.66.23.19
● Container Device: vethA
● Eni IP: 100.66.30.31/20
● Eni GW: 100.66.16.1
● Eni Device: eth1
● Routing tables:
○ tocontainer, fromcontainer
20

# ip addr show eth0
eth0: … mtu 1500 qdisc tbf state UP group default
inet 100.66.23.19/32 ...
# ip route show
default via 100.66.30.31 dev eth0
100.66.30.31 dev eth0 scope link
21

# ip route show | grep eth1
100.66.16.0/20 dev eth1 proto kernel scope link src 100.66.30.31
# ip rule show | grep 100.66.23.19
from all to 100.66.23.19 iif eth1 lookup tocontainer
from 100.66.23.19 iif vethA lookup fromcontainer
# ip route show table tocontainer | grep 100.66.23.19
100.66.23.19 dev vethA scope link
# ip route show table fromcontainer
default via 100.66.16.1 dev eth1
22

What's hot

The Ring programming language version 1.5.3 book - Part 72 of 184Mahmoud Samir Fayed

The Ring programming language version 1.3 book - Part 45 of 88Mahmoud Samir Fayed

The Ring programming language version 1.9 book - Part 8 of 210Mahmoud Samir Fayed

The Ring programming language version 1.10 book - Part 10 of 212Mahmoud Samir Fayed

Multi qubit entanglementVijayananda Mohire

Parallel computing with GParsPablo Molnar

GEO mapbox geo_api_develop2 IntroMax Kleiner

The Node.js Event Loop: Not So Single ThreadedBryan Hughes

Performance testing of microservices in ActionAlexander Kachur

The Weather of the Century Part 2: High PerformanceMongoDB

Weather of the Century: Design and PerformanceMongoDB

[Lightning] Microsoft q# on vsts mvp lightningRolf Huisman

JVM performance options. How it worksDmitriy Dumanskiy

Compiler basics: lisp to assemblyPhil Eaton

The Ring programming language version 1.5.4 book - Part 62 of 185Mahmoud Samir Fayed

The Ring programming language version 1.5.1 book - Part 58 of 180Mahmoud Samir Fayed

Quantum circuit example in QiskitVijayananda Mohire

Cocos2d実践編 1.0.0rcYuichi Higuchi

The Ring programming language version 1.8 book - Part 84 of 202Mahmoud Samir Fayed

Debugging TV Frame 0x0DDmitry Vostokov

What's hot (20)

The Ring programming language version 1.5.3 book - Part 72 of 184

The Ring programming language version 1.3 book - Part 45 of 88

The Ring programming language version 1.9 book - Part 8 of 210

The Ring programming language version 1.10 book - Part 10 of 212

Multi qubit entanglement

Parallel computing with GPars

GEO mapbox geo_api_develop2 Intro

The Node.js Event Loop: Not So Single Threaded

Performance testing of microservices in Action

The Weather of the Century Part 2: High Performance

Weather of the Century: Design and Performance

[Lightning] Microsoft q# on vsts mvp lightning

JVM performance options. How it works

Compiler basics: lisp to assembly

The Ring programming language version 1.5.4 book - Part 62 of 185

The Ring programming language version 1.5.1 book - Part 58 of 180

Quantum circuit example in Qiskit

Cocos2d実践編 1.0.0rc

The Ring programming language version 1.8 book - Part 84 of 202

Debugging TV Frame 0x0D

Viewers also liked

AWS Webcast - Continuous integration with AWS and RavelloAmazon Web Services

Introduction of aws-cliMasaaki HIROSE

Deep Dive into AWS CLI - the command line interfaceJohn Varghese

Enterprise Application on AWSfurbing

Continuous delivery and deployment on AWSShiva Narayanaswamy

Deployment and Management on AWS:  A Deep Dive on Options and ToolsDanilo Poccia

Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...Amazon Web Services

AWS Webinar: How to architect and deploy a multi tier share point server farm...Amazon Web Services

AWS May 2016 Webinar Series - AWS Services OverviewAmazon Web Services

Overview of AWS Services for your Enterprise Blazeclan Technologies Private Limited

The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessAmazon Web Services

Deep Dive: AWS Command Line InterfaceAmazon Web Services

Amazon EC2 MasterclassAmazon Web Services

Scale New Business Peaks with Amazon AutoScaling - Harish GanesanAmazon Web Services

AWS September Webinar Series - Build Cross-Platform Mobile Apps with AWS and...Amazon Web Services

Applying systems thinking to AWS enterprise application migrationKacy Clarke

Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman

[AWSマイスターシリーズ] AWS CLI / AWS Tools for Windows PowerShellAmazon Web Services Japan

AWS 101: Introduction to AWSIan Massingham

AWS Services Overview - September 2016 Webinar SeriesAmazon Web Services

Viewers also liked (20)

AWS Webcast - Continuous integration with AWS and Ravello

Introduction of aws-cli

Deep Dive into AWS CLI - the command line interface

Enterprise Application on AWS

Continuous delivery and deployment on AWS

Deployment and Management on AWS:  A Deep Dive on Options and Tools

Webinar aws 101 a walk through the aws cloud- introduction to cloud computi...

AWS Webinar: How to architect and deploy a multi tier share point server farm...

AWS May 2016 Webinar Series - AWS Services Overview

Overview of AWS Services for your Enterprise

The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business

Deep Dive: AWS Command Line Interface

Amazon EC2 Masterclass

Scale New Business Peaks with Amazon AutoScaling - Harish Ganesan

AWS September Webinar Series - Build Cross-Platform Mobile Apps with AWS and...

Applying systems thinking to AWS enterprise application migration

Introduction to AWS VPC, Guidelines, and Best Practices

[AWSマイスターシリーズ] AWS CLI / AWS Tools for Windows PowerShell

AWS 101: Introduction to AWS

AWS Services Overview - September 2016 Webinar Series

Similar to Titus AWS VPC networking for containers

Deploying MongoDB sharded clusters easily with Terraform and AnsibleAll Things Open

Tools for developing Android GamesPlatty Soft

Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, ConfluentHostedbyConfluent

Fun with Network InterfacesKernel TLV

Percona XtraDB 集群内部YUCHENG HU

PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companionPGConf APAC

CodiLime Tech Talk - Michał Sochoń: Configuration management hellCodiLime

Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan

Building a Serverless Sensor Network in Javascript - Josh MarinacciWithTheBest

PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet

Designate Install and Operate WorkshopGraham Hayes

Free5 gc installationChia-An Lee

Keynote: Scaling Sensu GoSensu Inc.

Bringing Kafka Without Zookeeper Into Production with Colin McCabe | Kafka Su...HostedbyConfluent

XPDDS17: NoXS: Death to the XenStore - Filipe Manco, NECThe Linux Foundation

Troubleshooting MySQL from a MySQL Developer PerspectiveMarcelo Altmann

Juggva cloudJean-Frederic Clere

Google V8 engineXuân Thu Nguyễn

Experiences with Power 9 at A*STAR CRCGanesan Narayanasamy

Mirko Damiani - An Embedded soft real time distributed system in Golinuxlab_conf

Similar to Titus AWS VPC networking for containers (20)

Deploying MongoDB sharded clusters easily with Terraform and Ansible

Tools for developing Android Games

Kafka’s New Control Plane: The Quorum Controller | Colin McCabe, Confluent

Fun with Network Interfaces

Percona XtraDB 集群内部

PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companion

CodiLime Tech Talk - Michał Sochoń: Configuration management hell

Let's trace Linux Lernel with KGDB @ COSCUP 2021

Building a Serverless Sensor Network in Javascript - Josh Marinacci

PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...

Designate Install and Operate Workshop

Free5 gc installation

Keynote: Scaling Sensu Go

Bringing Kafka Without Zookeeper Into Production with Colin McCabe | Kafka Su...

XPDDS17: NoXS: Death to the XenStore - Filipe Manco, NEC

Troubleshooting MySQL from a MySQL Developer Perspective

Juggva cloud

Google V8 engine

Experiences with Power 9 at A*STAR CRC

Mirko Damiani - An Embedded soft real time distributed system in Go

Recently uploaded

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

🐬 The future of MySQL is Postgres 🐘RTylerCroy

04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG

Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes

Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik

08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh

IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge

Slack Application Development 101 Slidespraypatel2

Finology Group – Insurtech Innovation Award 2024The Digital Insurer

The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los

08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung

Boost PC performance: How more available memory can improve productivityPrincipled Technologies

CNv6 Instructor Chapter 6 Quality of Servicegiselly40

Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC

Understanding the Laravel MVC ArchitecturePixlogix Infotech

Scaling API-first – The story of a global engineering organizationRadu Cotescu

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison

🐬 The future of MySQL is Postgres 🐘

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners

Injustice - Developers Among Us (SciFiDevCon 2024)

08448380779 Call Girls In Friends Colony Women Seeking Men

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Slack Application Development 101 Slides

Finology Group – Insurtech Innovation Award 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Boost PC performance: How more available memory can improve productivity

CNv6 Instructor Chapter 6 Quality of Service

Breaking the Kubernetes Kill Chain: Host Path Mount

Understanding the Laravel MVC Architecture

Scaling API-first – The story of a global engineering organization

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

Titus AWS VPC networking for containers

1. ● ○ ○ ● ○ ○ ○ 1

2. ● ● ○ ○ ● ○ ● ○ 2

3. ● ○ ○ ○ ○ ● ● ○ ■ 3

4. ● ○ ● ○ ○ ■ ■ 4

5. ● ○ ○ ● ○ ■ ○ ○ 5

6. ● ● ● ● ● ○ ● 6

7. 7 Titus mesos executor Titus network driver Docker engine EC2 Instance In: Network params Out: Network pod root New task Container create/start --net=container:<pod id> Task Status create/start pod container

8. ● ○ ● ○ ● ○ ○ ● 8

9. 9 Create NS Configurator IP Allocator NS Allocator Http IP + params NS ref Configured network ns (pod root) params Container id

10. ● ● ● ● ● ○ ● ● ○ 10

11. EC2 Instanceeth1 ENI1 SecGrp=A eth2 ENI2 SecGrp=X eth3 ENI3 SecGrp=Y,Z IP 2 (primary) IP 3 IP 6 (primary)IP 1 (primary) IP 4 IP 5 IP 7 IP 8

12. 12

13. ● ○ ● ● ○ ● ● ○ 13

14. ● ○ ● ● ● ○ ○ ● 14

15. ● ○ ● ○ ● ○ 15

16. ● ○ ● ● ○ ● ○ ● 16

17. No IP, SecGrp A Task 0 SecGrp Y,Z Task 1 Task 2 Task 3 Titus EC2 Host VMeth1 ENI1 SecGrp=A eth2 ENI2 SecGrp=X eth3 ENI3 SecGrp=Y,Z IP 1 IP 2 IP 3 pod root veth<id> app SecGrp X pod root veth<id> app SecGrp X pod root veth<id> appapp veth<id> Linux Policy Based Routing + Traffic Control Titus EC2 Metadata Proxy 169.254.169.254 IPTables NAT (*) * ** 169.254.169.254 Non-routable IP *

18. ● ○ ○ ● 18

19. ● ● <IP>/32 ○ via eth0 ● ● 19

20. ● Container IP: 100.66.23.19 ● Container Device: vethA ● Eni IP: 100.66.30.31/20 ● Eni GW: 100.66.16.1 ● Eni Device: eth1 ● Routing tables: ○ tocontainer, fromcontainer 20

21. # ip addr show eth0 eth0: … mtu 1500 qdisc tbf state UP group default inet 100.66.23.19/32 ... # ip route show default via 100.66.30.31 dev eth0 100.66.30.31 dev eth0 scope link 21

22. # ip route show | grep eth1 100.66.16.0/20 dev eth1 proto kernel scope link src 100.66.30.31 # ip rule show | grep 100.66.23.19 from all to 100.66.23.19 iif eth1 lookup tocontainer from 100.66.23.19 iif vethA lookup fromcontainer # ip route show table tocontainer | grep 100.66.23.19 100.66.23.19 dev vethA scope link # ip route show table fromcontainer default via 100.66.16.1 dev eth1 22

23. ● ● ● ● 23

24. ● ● ○ ● ○ ● 24

25. ● ○ ○ ○ ○ ○ ● ○ 25

26. 26

27. 27

28. 28

29. ● ● ● ○ ● ○ ○ 29