SlideShare a Scribd company logo

OpenShift v3 Internal networking details

Etsuji Nakai
Etsuji Nakai

2015/03/05 ver1.1 published 2015/03/15 ver1.2 minor corrections, add references

Technology
1 of 8
Download to read offline
OpenShift v3 Internal networking details Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K. v1.2 2015/03/14
2 Disclaimer  The contents of this document is based on OpenShift Enterprise V3 Beta. Details may change in GA version.  Red Hat accepts no liability for the content of this document, or for the consequences of any actions taken on the basis of the information provided. Any views or opinions presented in this document are solely those of the author and do not necessarily represent those of Red Hat.
3 Inter-pod network OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.x.0/24 VXLAN Tunnel OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.y.0/24 VXLAN Tunnel 10.1.x.1 10.1.0.0/16 VXLAN Tunnel  VXLAN overlay network (subnet 10.1.0.0/16) is used as an interconnect of pods. – Subnet 10.1.x.0/24 is assigned to each node. – Gateway IP (10.1.x.1) is assigned to lbr0. 10.1.y.1
4 Service connection  A service is an aggregation of multiple pods, and it has a unique "service IP".  Traffic to service IP is handled as below: – First, redirected to the local openshift-node agent with local iptables rules. – Then, redirected (load balanced) to backend pods. (openshift-node agent knows the IPs of backend pods, and packets are routed via lbr0 interface.) Chain KUBE-PORTALS-CONTAINER (1 references) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 redir ports 41690 Chain KUBE-PORTALS-HOST (1 references) target prot opt source destination DNAT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 to:192.168.122.91:41690 Prerouting packes Output packes # lsof -i -P | grep 41690 openshift 988 root 16u IPv6 78852 0t0 TCP *:41690 (LISTEN) # ps -fwwp 988 UID PID PPID C STIME TTY TIME CMD root 988 1 0 16:44 ? 00:00:10 /usr/bin/openshift start node --images=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:$ {version} --kubeconfig=/var/lib/openshift/openshift.local.certificates/admin/.kubeconfig --master=https://192.168.122.90:8443 --loglevel=4 iptables rules for the redirection. openshift-node agent listening to the redirected port. # osc get services | grep hello hello-openshift-service <none> name=hello-openshift-label 172.30.17.160 27017 service IP and portservice IP and port
5 External connection  Since service IPs are private ones, they cannot be used for accessing from an external network. (Service IPs are used for inter-serivce communication.) – Packets from an externel network should be routed via a router pod. (HAporxy is running in it.)  A service which needs an external access is associated to a router with a specific hostname. Traffic to this hostname is handled as below: – DNS replies one of the nodes (accomodating a router pod), and packets are sent to that node. "hello-openshift-service": { "Name": "hello-openshift-service", "EndpointTable": { "10.1.0.8:8080": { "ID": "10.1.0.8:8080", "IP": "10.1.0.8", "Port": "8080" } }, "ServiceAliasConfigs": { "hello-openshift.cloudapps.example.com-": { "Host": "hello-openshift.cloudapps.example.com", "Path": "", "TLSTermination": "", "Certificates": null } } }, – Then, packets are DAT'ed to the router pod with local iptalbes. – HAproxy inside the router pod redirects (with load balancing) the packets to backend pods. HAproxy config inside the router pod.
6 In a nutshell...  Pods are directly interconnected via an overlay network. – Linux bridge lbr0 works as a gateway to the overlay network.  Openshift-node agents work as a proxy for service IPs.  Router pods work as a front-end LB for external access. openshift-node agent 10.1.0.0/16 VXLAN Tunnel lbr0 pod pod router pod iptables iptables openshift-node agent lbr0 pod pod router pod iptables iptables DNS round robin round robin least connection Inter-service access External access round robin least connection
7 Reference  Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 – http://www.slideshare.net/enakai/architecture-overview-kubernetes-with-red-hat- enterprise-linux-71  OpenShift V3 Training Overview – https://github.com/openshift/training
Thank you

Recommended

Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with CloudformsMichael Lessard
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for ContainersLinuxCon ContainerCon CloudOpen China
 
Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker, Inc.
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automateIlkka Tengvall
 
OpenShift Origin Internals
OpenShift Origin Internals OpenShift Origin Internals
OpenShift Origin Internals OpenShift Origin
 
Openshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeOpenshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeMark Atwood
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 

Recommended

Integrate Openshift with Cloudforms
Integrate Openshift with CloudformsIntegrate Openshift with Cloudforms
Integrate Openshift with CloudformsMichael Lessard
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for ContainersLinuxCon ContainerCon CloudOpen China
 
Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker Orchestration at Production Scale
Docker Orchestration at Production Scale Docker, Inc.
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automateIlkka Tengvall
 
OpenShift Origin Internals
OpenShift Origin Internals OpenShift Origin Internals
OpenShift Origin Internals OpenShift Origin
 
Openshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeOpenshift + Openstack + Fedora = Awesome
Openshift + Openstack + Fedora = AwesomeMark Atwood
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context ConstraintsAlessandro Arrichiello
 
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Debra Robertson
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosLakmal Warusawithana
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetesLiran Cohen
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210Che-Chia Chang
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel DevelopmentLinuxCon ContainerCon CloudOpen China
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsSreenivas Makam
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with ContainersLinuxCon ContainerCon CloudOpen China
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101HungWei Chiu
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanNeependra Khare
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetesinwin stack
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchAll Things Open
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&KubernetesHungWei Chiu
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Imesh Gunaratne
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101Kublr
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
 
OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantumopenstackindia
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 

More Related Content

What's hot

Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Debra Robertson
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosLakmal Warusawithana
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetesLiran Cohen
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210Che-Chia Chang
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking OverviewSreenivas Makam
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsSreenivas Makam
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101HungWei Chiu
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanNeependra Khare
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetesinwin stack
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchAll Things Open
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingSreenivas Makam
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&KubernetesHungWei Chiu
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Imesh Gunaratne
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101Kublr
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
 

What's hot (20)

Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210K8s storage-glusterfs-20180210
K8s storage-glusterfs-20180210
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
 
Docker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing optionsDocker Networking Tip - Load balancing options
Docker Networking Tip - Load balancing options
 
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai Vallirajan
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 
Head First to Container&Kubernetes
Head First to Container&KubernetesHead First to Container&Kubernetes
Head First to Container&Kubernetes
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016
 

Similar to OpenShift v3 Internal networking details

Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話upaa
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenesinbroker
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxM.Qasim Arham
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networksOCTO Technology
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDNOpenStack Korea Community
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDNSungman Jang
 
Netforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebayNetforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebayAliasgar Ginwala
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation ToolsEdwin Beekman
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchRamses Ramirez
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basicsnshah061
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Hervé Leclerc
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric OverviewMichelle Holley
 

Similar to OpenShift v3 Internal networking details (20)

OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantum
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
Cohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 AdministrationCohesive Networks Support Docs: VNS3 Administration
Cohesive Networks Support Docs: VNS3 Administration
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenes
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networks
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
 
Netforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebayNetforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebay
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
nested-kvm
nested-kvmnested-kvm
nested-kvm
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
 
Octo talk : docker multi-host networking
Octo talk : docker multi-host networking Octo talk : docker multi-host networking
Octo talk : docker multi-host networking
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 

More from Etsuji Nakai

「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考えるEtsuji Nakai
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Etsuji Nakai
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowEtsuji Nakai
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスEtsuji Nakai
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモEtsuji Nakai
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsEtsuji Nakai
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English LearningEtsuji Nakai
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎Etsuji Nakai
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門Etsuji Nakai
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineEtsuji Nakai
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2Etsuji Nakai
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersEtsuji Nakai
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterEtsuji Nakai
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginnersEtsuji Nakai
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQNEtsuji Nakai
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかEtsuji Nakai
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜Etsuji Nakai
 

More from Etsuji Nakai (20)

PRML11.2-11.3
PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
 
「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービス
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモ
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOps
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English Learning
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container Engine
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application Developers
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with Jupyter
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginners
 
Life with jupyter
Life with jupyterLife with jupyter
Life with jupyter
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQN
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきか
 
PRML7.2
PRML7.2PRML7.2
PRML7.2
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
 

Recently uploaded

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

OpenShift v3 Internal networking details

  • 1. OpenShift v3 Internal networking details Etsuji Nakai Senior Solution Architect and Cloud Evangelist Red Hat K.K. v1.2 2015/03/14
  • 2. 2 Disclaimer  The contents of this document is based on OpenShift Enterprise V3 Beta. Details may change in GA version.  Red Hat accepts no liability for the content of this document, or for the consequences of any actions taken on the basis of the information provided. Any views or opinions presented in this document are solely those of the author and do not necessarily represent those of Red Hat.
  • 3. 3 Inter-pod network OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.x.0/24 VXLAN Tunnel OVS:br0 vxlan0 eth0 vovsbr LinuxBridge:lbr0 vlinuxbr veth pair vethXXX pod eth0 vethXXX pod eth0 10.1.y.0/24 VXLAN Tunnel 10.1.x.1 10.1.0.0/16 VXLAN Tunnel  VXLAN overlay network (subnet 10.1.0.0/16) is used as an interconnect of pods. – Subnet 10.1.x.0/24 is assigned to each node. – Gateway IP (10.1.x.1) is assigned to lbr0. 10.1.y.1
  • 4. 4 Service connection  A service is an aggregation of multiple pods, and it has a unique "service IP".  Traffic to service IP is handled as below: – First, redirected to the local openshift-node agent with local iptables rules. – Then, redirected (load balanced) to backend pods. (openshift-node agent knows the IPs of backend pods, and packets are routed via lbr0 interface.) Chain KUBE-PORTALS-CONTAINER (1 references) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 redir ports 41690 Chain KUBE-PORTALS-HOST (1 references) target prot opt source destination DNAT tcp -- 0.0.0.0/0 172.30.17.160 tcp dpt:27017 to:192.168.122.91:41690 Prerouting packes Output packes # lsof -i -P | grep 41690 openshift 988 root 16u IPv6 78852 0t0 TCP *:41690 (LISTEN) # ps -fwwp 988 UID PID PPID C STIME TTY TIME CMD root 988 1 0 16:44 ? 00:00:10 /usr/bin/openshift start node --images=docker-buildvm-rhose.usersys.redhat.com:5000/openshift3_beta/ose-${component}:$ {version} --kubeconfig=/var/lib/openshift/openshift.local.certificates/admin/.kubeconfig --master=https://192.168.122.90:8443 --loglevel=4 iptables rules for the redirection. openshift-node agent listening to the redirected port. # osc get services | grep hello hello-openshift-service <none> name=hello-openshift-label 172.30.17.160 27017 service IP and portservice IP and port
  • 5. 5 External connection  Since service IPs are private ones, they cannot be used for accessing from an external network. (Service IPs are used for inter-serivce communication.) – Packets from an externel network should be routed via a router pod. (HAporxy is running in it.)  A service which needs an external access is associated to a router with a specific hostname. Traffic to this hostname is handled as below: – DNS replies one of the nodes (accomodating a router pod), and packets are sent to that node. "hello-openshift-service": { "Name": "hello-openshift-service", "EndpointTable": { "10.1.0.8:8080": { "ID": "10.1.0.8:8080", "IP": "10.1.0.8", "Port": "8080" } }, "ServiceAliasConfigs": { "hello-openshift.cloudapps.example.com-": { "Host": "hello-openshift.cloudapps.example.com", "Path": "", "TLSTermination": "", "Certificates": null } } }, – Then, packets are DAT'ed to the router pod with local iptalbes. – HAproxy inside the router pod redirects (with load balancing) the packets to backend pods. HAproxy config inside the router pod.
  • 6. 6 In a nutshell...  Pods are directly interconnected via an overlay network. – Linux bridge lbr0 works as a gateway to the overlay network.  Openshift-node agents work as a proxy for service IPs.  Router pods work as a front-end LB for external access. openshift-node agent 10.1.0.0/16 VXLAN Tunnel lbr0 pod pod router pod iptables iptables openshift-node agent lbr0 pod pod router pod iptables iptables DNS round robin round robin least connection Inter-service access External access round robin least connection
  • 7. 7 Reference  Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1 – http://www.slideshare.net/enakai/architecture-overview-kubernetes-with-red-hat- enterprise-linux-71  OpenShift V3 Training Overview – https://github.com/openshift/training