Using Docker in Cloud Networks

Similar documents
Waves of adoption for NFV

The networking declaration of independence

Overlay Networks: Connecting and Protecting Across Regions with Docker. Patrick Kerpan, CEO

Platform as a Service and Container Clouds

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Intro to Docker and Containers

Building a Continuous Integration Pipeline with Docker

Linstantiation of applications. Docker accelerate

Container-based Network Function Virtualization for Software-Defined Networks

Getting Started Using Project Photon on VMware Fusion/Workstation

Designing Virtual Network Security Architectures Dave Shackleford

Software Defined Network (SDN)

Microsoft Azure Configuration

1.. Know the capabilities of the network system you are going to be adding cameras and/or DVR s to. Meaning, know if the present LAN has the

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

OpenFlow and Software Defined Networking presented by Greg Ferro. Software Defined Networking (SDN)

Firewalls for the Home & Small Business. Gordon Giles DTEC Professor: Dr. Tijjani Mohammed

2. Are explicit proxy connections also affected by the ARM config?

How To Configure Syslog over VPN

VNS3 Secure Network Appliance Service Defnition for G-Cloud 7

Cloud Security Best Practices

CenturyLink Cloud Configuration

White Paper. Cloud Security Best Practices. Part 1I: Layers of Control with VNS3. October 2014 Copyright Cohesive Networks

Cisco QuickVPN Installation Tips for Windows Operating Systems

Copyright. Robert Sandoval

Scaling the S in SDN at Azure. Albert Greenberg Distinguished Engineer & Director of Engineering Microsoft Azure Networking

the original cloud networking company Run your Business in the Cloud.

Type-C Ubuntu Product & Strategy Canonical Ltd.

Data Center Use Cases and Trends

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Virtualization and Performance NSRC

OS/390 Firewall Technology Overview

Devops n the Operating System! John Willis Director of Ecosystem Development! Docker, Inc.

WINDOWS AZURE NETWORKING

IBM Bluemix. The Digital Innovation Platform. Simon

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

Who s Endian?

How To Orchestrate The Clouddusing Network With Andn

Cloud Security with Stackato

Google Compute Engine Configuration

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

Boas Betzler. Planet. Globally Distributed IaaS Platform Examples AWS and SoftLayer. November 9, IBM Corporation

Network Virtualization Tools in Linux PRESENTED BY: QUAMAR NIYAZ & AHMAD JAVAID

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,

Cloud Gateway. Agenda. Cloud concepts Gateway concepts My work. Monica Stebbins

Creating a DUO MFA Service in AWS

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Creating a VPN with overlapping subnets

How To Set Up A Vns3 Controller On An Ipad Or Ipad (For Ahem) On A Network With A Vlan (For An Ipa) On An Uniden Vns 3 Instance On A Vn3 Instance On

Introduction to Mobile Access Gateway Installation

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Software defined networking. Your path to an agile hybrid cloud network

Using LISP for Secure Hybrid Cloud Extension

Building a cloud with Openstack. Iqbal Mohomed iqbal@us.ibm.com March 25 th 2015

DECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

NOC PS manual. Copyright Maxnet All rights reserved. Page 1/45 NOC-PS Manuel EN version 1.3

SDN CENTRALIZED NETWORK COMMAND AND CONTROL

CYAN SECURE WEB APPLIANCE. User interface manual

Network Security Demonstration - Snort based IDS Integration -

SDN and NFV in the WAN

ScotGrid. Bolting the door. Network Based Security Mechanisms. David Crooks, Mark Mitchell on behalf of ScotGrid Glasgow

NetSpective Global Proxy Configuration Guide

Software Defined Networking A quantum leap for Devops?

Ryu SDN Framework What weʼ ve learned Where weʼ ll go

Firewalls and Network Defence

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

@CodenvyHQ

Data Center Infrastructure of the future. Alexei Agueev, Systems Engineer

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

Remote Desktop With P2P VNC

Novel Systems. Extensible Networks

Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat

Configuring DHCP Snooping

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Backup Exec Private Cloud Services. Planning and Deployment Guide

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

Networking Devices. Lesson 6

IBM Bluemix, the digital innovation platform

ISLET: Jon Schipp, Ohio Linux Fest An Attempt to Improve Linux-based Software Training

Virtual Private Networks

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

CYAN Secure Web Microsoft ISA Server Deployment Guide

Copyright 2014, Oracle and/or its affiliates. All rights reserved. 2

Cisco Certified Security Professional (CCSP)

Spotlight On Backbone Technologies

Corente Cloud Services Exchange

Software AG and the AWS cloud. Past, Present and Best Practices. Jonathan Madamba Director, Solution Cloud John Fitzgerald Director, Product Marketing

Creating Overlay Networks Using Intel Ethernet Converged Network Adapters

PART D NETWORK SERVICES

Automation & Open Source. How to tame the Cloud?

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Transcription:

Using Docker in Cloud Networks Chris Swan, CTO @cpswan the original cloud networking company 1

Agenda Docker Overview Dockerfile and DevOps Docker in Cloud Networks Some Trip Hazards My Docker Wish List 2

Docker overview 3

Open source project released in March 2013 background Docker is a Container System for Code Image Credit: Docker..io 4

A different granularity of virtualisation Image Credit: Docker..io 5

Continuing the container analogy Image Credit: Docker..io 6

What s outside the box? Linux containers (LXC) Similar to Solaris zones, FreeBSD jails, IBM LPAR etc. > chroot < any hardware (VT) protected hypervisor A union file system (e.g. AUFS) Containers are made up out of layers May also use ZFS or BTRFS Docker command line tool to manage lifecycle of containers run, start, stop, ps, import, export etc. 7

Going inside the box - Hello World 8

Stacking containers Image Credit: Docker..io 9

Containers and Images Image Credit: Docker..io 10

Hello World from Dockerfile 11

A real example of Dockerfile 12

Dockerfile and DevOps 13

John Boyd s OODA loop 14

Dockerfile makes mistakes very cheap 15

Docker and networking 16

When the Docker daemon starts Creates a docker0 bridge if not present Other bridges can be manually configured Searches for an IP address range which doesn t overlap with an existing route Default is 172.17.0.0/16 Picks an IP in the selected range and assigns it to the docker0 bridge Default is 172.17.42.1 Containers get a virtual interface that s bonded to the docker0 bridge Starting with 172.17.0.2 17

Port mapping Map a random host port to a container port sudo docker run -d -p 1234 \ cpswan/demoapp Map a specific host port to a container port sudo docker run -d -p 1234:1234 \ cpswan/demoapp 18

Container linking Docker takes named links to other containers to populate env variables: # start the database sudo docker run -d -p 3306:3306 -name todomvc_db \ -v /data/mysql:/var/lib/mysql cpswan/todomvc.mysql # start the app server sudo docker run -d -p 4567:4567 -name todomvc_app \ -link todomvc_db:db cpswan/todomvc.sinatra # start the web server sudo docker run -d -p 443:443 -name todomvc_ssl \ -link todomvc_app:app cpswan/todomvc.ssl Use the env variable in the app server: dburl = 'mysql://root:pa55word@' + ENV['DB_PORT_3306_TCP_ADDR'] + '/todomvc' DataMapper.setup(:default, dburl) 19

Docker in cloud networks 20

Before Docker VNS3 is a virtual appliance Swiss Army Knife for networking VNS3 Router IPsec/SSL VPN concentrator Switch Protocol Redistributor Firewall Dynamic & Scriptable SDN Tool for building secure networks in virtual infrastructures, private & public cloud 21

A typical customer use case Public Cloud Web App IPsec Tunnel VNS3 Firewall / VPN Data Center Servers On-Site Hardware 22

That annoying extra VM Public Cloud Web App IPsec Tunnel VNS3 Firewall / VPN Internet traffic Data Center Servers On-Site Hardware 23

With Docker VNS3 3.5 allows customers to embed features and functions provided by other vendors - or developed in house, safely and securely into their Cloud Network. VNS3 (Reverse) Proxy SSL Termination Content Caching Load Balancing Intrusion Detection More... Customer controlled, & co-created, for best Router Switch Firewall IPsec/SSL VPN Concentrator Protocol Redistributor Dynamic & Scriptable SDN hybrid cloud experience 24

Getting rid of that annoying extra VM Public Cloud Web App IPsec Tunnel VNS3 Firewall / VPN Internet traffic Data Center Servers On-Site Hardware 25

Seeding the ecosystem 26

and on github 27

as Dockerfile doesn t stand alone 28

Some trip hazards 29

Inconsistent package repos 30

Beware apt-get upgrade Not a problem in the official Docker.io images But... if you re using images from somewhere else then it s not good when they try to build an initramfs 31

Non deterministic actions apt-get install whatever -y You want this to be cached in the short term You might not want it to be cached long term (I m not going to wade into the security tar pit right now) 32

Local vs Global image namespace sudo docker build -t cpswan/haproxy. sudo docker run -d cpswan/haproxy!= sudo docker run -d cpswan/haproxy Nothing there to make you pull before you push Global namespace is managed, local namespace isn t Intermediate/private repositories for extra fun :-0 33

This can happen docker ps : 34

and also this docker ps --all : 35

My Docker wish list 36

If only it would... Docker CLI Disk quotas Route propagation 37

At least one of those wishes might be granted... 38

Summary 39

Summary Docker provides a shipping container for apps Dockerfile tightens the DevOps OODA loop Docker has given us a way to move from closed platform to open platform (and be part of an ecosystem) It s not perfect yet, but it s not finished yet (and software rarely is anyway) 40

Questions? Paddington, London, UK ContactMe@cohesiveft.com +44 20 8144 0156 @CohesiveFT 41

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information