April 02, 2017

Container Networking Model (CNM)

Container Networking Model (CNM)

    • Network Basics
      • IP address
        • IPv4
        • IPv6
        • Partitions/subnets
      • Ports
        • Well-known ports
          • port numbers from 0 to 1023
          • used by system processes for widely used network services
          • requires super-user privileges to bind port
        • Registered ports
          • port numbers from 1024 to 49151
          • assigned by IANA for specific services
          • does not require super-user privileges to bind port
        • Ephemeral ports (dynamic, or private)
          • port numbers from 49152 to 65535
          • ports not available to be registered with IANA
          • used for temporary, private services and automatic allocation
        • Port Forwarding
          • Redirect incoming requests to specific services by port number
      • NAT (Network Address Translation)

    • Container Network Model (CNM)
    • CNM provides the forwarding rules, network segmentation, and management tools for complex network policies. It formalizes the steps required to enable networking for containers while providing an abstraction that can be used to support multiple network drivers. Docker uses several networking technologies to implement the CNM network drivers including Linux bridges, network namespaces, veth pairs, and iptables.

      • The CNM is built on three components, sandbox, endpoint, network:

        • Sandbox
          • contains the configuration of a container's network stack, e.g.
            • container interface management
            • routing table
            • DNS settings
          • implemented as a Linux Network Namespace
          • may contain multiple endpoints from multiple networks
          • local scope - associated with a specific host
        • Endpoint
          • joins a Sandbox to a Network
          • Endpoint can be a veth pair
        • Network
          • group of Endpoints that can directly communicate with one other
          • implemented as a Linux bridge, a VLAN, etc.

    • Libnetwork
      • is Docker’s extensibility model
      • Is a code library that adds networking capability to the Docker daemon


No comments:

Post a Comment