[Docker] The network after Docker1.9

..
Statement:
This blog welcome forwarding, but please keep the original author information!
Blog Address: Http://blog.csdn.net/halcyonbaby
Sina Weibo: Searching for Miracles

The content of my study, research and summary, if there is similar, it is honored!

Introduction and use of network after Docker1.9

After 1.9, the network from the experimental features to the formal feature release in Docker.
From the command line, you can see the following new command:

[[email protected] system]# docker help networkUsage:  docker network [OPTIONS] COMMAND [OPTIONS]Commands:  create                   Create a network  connect                  Connect container to a network  disconnect               Disconnect container from a network  inspect                  Display detailed network information  ls                       List all networks  rm                       Remove a networkRun ‘docker network COMMAND --help‘ for more information on a command.  --help=false       Print usage

You can see that 3 networks were created by default after Docker daemon started:
Bridge, NULL, host three built-in network driver are used respectively.

[[email protected] system]# docker network lsNETWORK ID          NAME                DRIVERf280d6a13422        bridge              bridgef5d11bed22a2        none                null18642f53648f        host                host

Let's take a closer look at the details of the three networks:
Name is the name of the network and can be defined by the user.
The ID is the UUID inside the network and is globally unique.
Scope currently has two values of "local", "remote", indicating whether it is a native network or a multi-machine network.
Driver refers to the name of network driver.
Ipam is the driver name and configuration information that is responsible for IP management (we can see that information in the Bridge Network).
Information about containers using this network is recorded in the container.
The options document the various configuration information required by the driver.

[[email protected] temp]# Docker network inspect none[{"Name": "None", "Id": "1abfa4750ada3be20927            C3c168468f9a64efd10705d3be8958ae1eef784b28ef "," Scope ":" Local "," Driver ":" null "," IPAM ": { "Driver": "Default", "Config": []}, "Containers": {}, "Options": {}}][[email  Protected] temp]# Docker network inspect host[{"Name": "Host", "Id": "001c9c9047d90efff0b64bf80e49ff7ec 33421374b2c895169a0f9e096eb791d "," Scope ":" Local "," Driver ":" Host "," IPAM ": {" Driver ": "Default", "Config": []}, "Containers": {}, "Options": {}}][[email protected] Te mp]# Docker Network Inspect bridge[{"Name": "Bridge", "Id": "201fbcb64b75977889f5d9c1e88c756308a090eb61 1397dbd0bb5c824d429276 "," Scope ":" Local "," Driver ":" Bridge "," IPAM ": {" Driver ":" Defaul T "," Config ": [{"Subnet": "172.17.42.1/16", "Gateway": "172.17.42.1" }]}, "Containers": {"4d4d37853115562080613393c6f605a9ec2b06c3660dfa0ca4e27f2da2                66773d ": {" EndpointId ":" 09e332644c539cec8a9852a11d402893bc76a5559356817192657b5840fe2de3 ",            "MacAddress": "02:42:ac:11:00:01", "ipv4address": "172.17.0.1/16", "ipv6address": "" }}, "Options": {"Com.docker.network.bridge.default_bridge": "true", "Com.docker . NETWORK.BRIDGE.ENABLE_ICC ":" true "," Com.docker.network.bridge.enable_ip_masquerade ":" true "," com. " Docker.network.bridge.host_binding_ipv4 ":" 0.0.0.0 "," Com.docker.network.bridge.name ":" Docker0 "," C OM.DOCKER.NETWORK.DRIVER.MTU ":" 1500 "}}]

Various operations of the container network:
Create/Add/remove/delete networks

[[email protected] temp]# docker network create -d bridge --ip-range=192.168.1.0/24 --gateway=192.168.1.1 --subnet=192.168.1.0/24  bridge2b18f4fb74ebd32b9f67631fd3fd842d09b97c30440efebe254a786d26811cf66[[email protected] temp]# docker network lsNETWORK ID          NAME                DRIVER1abfa4750ada        none                null001c9c9047d9        host                hostb18f4fb74ebd        bridge2             bridge201fbcb64b75        bridge              

Introduction to driver plugin mechanism and driver plugin implementation

Docker plugin at a glance:
http://docs.docker.com/engine/extend/plugins/
The plugin of Docker uses a out-of-process approach.
This has two benefits, facilitates expansion, dynamically increases deletion, and fully decouples the code from Docker.

Plugin is a process that runs on a docker host and is registered with Docker by placing a file in the plugin directory.
Discovered by the Docker discovery mechanism.

The plugin name suggests using shorter lowercase words. The plug-in can run inside or outside the container and is recommended outside the container.

Plugin Directory

Three types of files can be placed in the plugin directory:

.sock files are UNIX domain sockets..spec files are text files containing a URL, such as unix:///other.sock..json files are text files containing a full json specification for the plugin.

. Sock files are generally placed under/run/docker/plugins;. spec/.json files are generally placed in/etc/docker/plugins
or/usr/lib/docker/plugins under.

JSON file Example:

{  "Name": "plugin-example",  "Addr": "https://example.com/docker/plugin",  "TLSConfig": {    "InsecureSkipVerify": false,    "CAFile": "/usr/shared/docker/certs/example-ca.pem",    "CertFile": "/usr/shared/docker/certs/example-cert.pem",    "KeyFile": "/usr/shared/docker/certs/example-key.pem",  }}

Additional Instructions for plug-ins

The plugin needs to be started before the Docker starts, and the plugin needs to be stopped before the Docker daemon is updated and then the Docker daemon is started.

Plug-ins are activated the first time they are used. Docker will look in the plugin directory based on the name of the plugin specified. (Feel Docker should add an interface to query the list of native plugins)

Used between Docker and plugin, the JSON-formatted RPC message is based on HTTP, and the message type is post.

Handshake message:

/Plugin.ActivateRequest: empty bodyResponse:{    "Implements": ["VolumeDriver"]}

Plugin implementation

The main need to implement the following message:

/Plugin.Activate/NetworkDriver.GetCapabilities/NetworkDriver.CreateNetwork/NetworkDriver.DeleteNetwork/NetworkDriver.CreateEndpoint/NetworkDriver.EndpointOperInfo/NetworkDriver.DeleteEndpoint/NetworkDriver.Join/NetworkDriver.Leave/NetworkDriver.DiscoverNew /NetworkDriver.DiscoverDelete

Detailed reference:
Https://github.com/docker/libnetwork/blob/master/docs/remote.md

Libnetwork and Docker call relationships:

Docker Daemon-->libnetwork-–>network Plugin

CNM Introduction

Https://github.com/docker/libnetwork/blob/master/docs/design.md
CNM Full name container Network Model. This paper mainly defines the network model of Libnetwork.

There are three main concepts:

• Network
  A group of endpoint that can communicate directly with each other. The usual means of implementation are Linux Bridge/ovs and so on.
• Sandbox
  The sandbox contains a network stack of containers. Typically contains interface/route/dns settings, and so on. Generally implemented through namespace.
  A sandbox can contain multiple endpoint that belong to different network.
• Endpoint
  Endpoint to connect a sandbox to a network.
  You can usually use technologies such as Veth pair or OvS internal port for Linux Bridge.

The main objects of CNM are

• Networkcontroller
  Primarily responsible for managing driver, providing the creation of network interfaces.
• Driver
  Provides the implementation of Network/sandbox/endpoint.
• Network
• Endpoint
• Sandbox

Code Analysis Docker Daemon

• Three networks created during daemon initialization
  Daemon.go function Newdaemon:

func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemon, err error) {...d.netController, err = d.initNetworkController(config)    if err != nil {        return nil, fmt.Errorf("Error initializing network controller: %v", err)    }...}

The
• initnetworkcontroller function, in Daemon_unix.go/daemon_windows.go, takes Unix as an example:
  basically does the following things:
  Initialize the controller, Initialize Null/host/bridge three built-in networks.

Func (daemon *daemon) initnetworkcontroller (config *config) (libnetwork.    Networkcontroller, error) {netoptions, err: = daemon.networkoptions (config) if err! = Nil {return nil, err } controller, Err: = Libnetwork.    New (Netoptions ...) If err! = Nil {return nil, fmt. Errorf ("Error obtaining controller instance:%v", err)}//Initialize default network on "null" if _, err: = Con Troller. Newnetwork ("null", "none", Libnetwork. Networkoptionpersist (false)); Err! = Nil {return nil, fmt.  Errorf ("Error creating default \" Null\ "Network:%v", err)}//Initialize default network on "host" If _, err: = Controller. Newnetwork ("Host", "host", Libnetwork. Networkoptionpersist (false)); Err! = Nil {return nil, fmt. Errorf ("Error creating default \" Host\ "Network:%v", err)} if!config.  Disablebridge {//Initialize default driver "bridge" if err: = Initbridgedriver (Controller, config); Err! =  Nil {return nil, err      }} return controller, nil} 

• Create a network when the container is started

Api/server/router/container/container.golocal.newpostroute ("/containers/{name:.*}/start", R.postContainersStart ), the Containerstart function daemon/start.gofunc (daemon *daemon) Containerstart (container *container) was called in Postcontainersstart (Err Error) {... if err: = Daemon.initializenetworking (container); Err! = nil {return err} ...} Daemon/container_unix.gofunc (daemon *daemon) initializenetworking (container *container) Error {... If err: = daemon.al Locatenetwork (container); Err! = Nil {return err} ...} Func (daemon *daemon) allocatenetwork (container *container) error {... for n: = Range container.            Networksettings.networks {if err: = Daemon.connecttonetwork (container, N, updatesettings); Err! = Nil { Return err}} ...} Func (daemon *daemon) connecttonetwork (Container *container, idorname string, updatesettings bool) (err Error) {...//create en Dpointep, err = N.createendpoint (Endpointname, createoptions ...) ...//get SANDBOXSB: = daemon.geTnetworksandbox (Container) ...//access sandbox if err: = EP. Join (SB); Err! = Nil {return err} ...}

• Create Network
  The Newnetwork interface is actually called Libnetwork.
  All of the network's APIs are routed to functions in Daemon/network.go

daemon/network.go// CreateNetwork creates a network with the given name, driver and other optional parametersfunc (daemon *Daemon) CreateNetwork(name, driver string, ipam network.IPAM, options map[string]string) (libnetwork.Network, error) {    c := daemon.netController    if driver == "" {        driver = c.Config().Daemon.DefaultDriver    }    nwOptions := []libnetwork.NetworkOption{}    v4Conf, v6Conf, err := getIpamConfig(ipam.Config)    if err != nil {        return nil, err    }    nwOptions = append(nwOptions, libnetwork.NetworkOptionIpam(ipam.Driver, "", v4Conf, v6Conf))    nwOptions = append(nwOptions, libnetwork.NetworkOptionDriverOpts(options))    return c.NewNetwork(driver, name, nwOptions...)}

• Connect Container to Network
  Let's look at the Connect container to the network again.
  You can see that the last is also the interface that called Libnetwork.
  Create EP, add Sandbox.

Connectcontainertonetwork connects the given container to the given//network. If either cannot be found, an err is returned. If the//Network cannot be set up, a err is returned.func (daemon *daemon) connectcontainertonetwork (ContainerName, Netwo Rkname string) Error {container, err: = Daemon. Get (containername) if err! = Nil {return err} return daemon. Connecttonetwork (container, networkname)}//Connecttonetwork connects a container to a networkfunc (daemon *daemon) Conne Cttonetwork (Container *container, idorname string) error {if!container. Running {return derr. Errorcodenotrunning.withargs (container.id)} if Err: = Daemon.connecttonetwork (container, idorname, true); Err! = Nil {return err} if err: = Container.todisklocking (); Err! = Nil {return FMT. Errorf ("Error saving container to disk:%v", err)} return Nil}func (daemon *daemon) connecttonetwork (Container *con Tainer, idorname string, updatesettings bool) (Err ERror) {if Container.hostConfig.NetworkMode.IsContainer () {return runconfig. Errconflictsharednetwork} if Runconfig. Networkmode (Idorname). Isbridge () && Daemon.configStore.DisableBridge {container. Config.networkdisabled = True Return nil} controller: = Daemon.netcontroller N, err: = Daemon. Findnetwork (idorname) if err! = Nil {return Err} if updatesettings {if err: = Daemon.updatenetwo Rksettings (container, n);        Err! = Nil {return err}} EP, Err: = Container.getendpointinnetwork (n) If Err = = Nil { Return to FMT. Errorf ("Container already connected to network%s", Idorname)} If _, OK: = Err. (Libnetwork. Errnosuchendpoint);!ok {return err} createoptions, err: = Container.buildcreateendpointoptions (n) If ER R! = Nil {return err} endpointname: = Strings. Trimprefix (container. Name, "/") EP, err = N.createendpoint (Endpointname, createoptions...) If err! = Nil {return err} defer func () {if err! = Nil {if e: = Ep. Delete (); E! = Nil {Logrus. WARNF ("Could not rollback container connection to network%s", Idorname)}}} () If err: = Daemon. Updateendpointnetworksettings (Container, N, EP); Err! = Nil {return err} SB: = Daemon.getnetworksandbox (container) if SB = = nil {options, err: = Daemon.buildsandboxoptions (container, N) if err! = Nil {return err} SB, err = Controller .        Newsandbox (container.id, Options ...) If err! = Nil {return err} container.updatesandboxnetworksettings (SB)} If Err: = EP. Join (SB); Err! = Nil {return err} if err: = Container.updatejoininfo (n, EP); Err! = Nil {return Derr. Errorcodejoininfo.withargs (ERR)} return nil}

Other features are similar to the above analysis.

Libnetwork

Several driver are built into the Libnetwork code, respectively (bridge,null,host,overlay,remote,windows), where Bridge,null,host is a common local driver.
Overlay is the newly released Multi-host Network solution for Docker. Remote can communicate with third-party custom driver plugin.
Refer to the Libnetwork/dirvers/remote/driver.go function, and finally, send rest messages with plugin communication.

...func (d *driver) CreateNetwork(id string, options map[string]interface{}, ipV4Data, ipV6Data []driverapi.IPAMData) error {    create := &api.CreateNetworkRequest{        NetworkID: id,        Options:   options,        IPv4Data:  ipV4Data,        IPv6Data:  ipV6Data,    }    return d.call("CreateNetwork", create, &api.CreateNetworkResponse{})}func (d *driver) DeleteNetwork(nid string) error {    delete := &api.DeleteNetworkRequest{NetworkID: nid}    return d.call("DeleteNetwork", delete, &api.DeleteNetworkResponse{})}...

[Docker] The network after Docker1.9