Upload
opendns
View
340
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Rahim Lalani is a Systems Engineer at OpenDNS. He gave a talk at the Docker Vancouver meetup on May 8th, 2014 covering some experiments that he did along with Andree Toonk, OpenDNS's Network Engineering Manager, to route OpenDNS IP address space into containers running on AWS EC2 instances. Addtional details can be found in his blog post: http://engineering.opendns.com/2014/07/01/ip-routing-aws-docker/
Citation preview
Project Quadra
- PaaS built on Docker- Python- Run on EC2, OpenStack, Bare Metal
Amazon EC2
- VPC- direct connect- extends our internal network- secondary ip address limitations
Overlay network
- GRE- MTU issues- EC2 instances with jumbo frame support CC2, C3, R3, CG1, CR1 G2, HS1, HI1, I2, M3
GRE configuration#ip tunnel del gre1
ip tunnel add gre1 mode gre remote 67.215.78.24 local 10.70.74.187 ttl 255
ip tunnel add gre1 mode gre remote 10.1.1.1 local 10.70.74.187 ttl 255
ip link set gre1 up
ip addr add 10.71.0.2/30 dev gre1
echo 200 quadranet >> /etc/iproute2/rt_tables
ip rule add from 10.71.1.0/24 table quadranet
ip route add default via 10.71.0.1 dev gre1 table quadranet
BGP: Border Gateway Protocol
● dynamic routing protocol● core internet routing protocol● quagga, bird, exabgp
Quagga configurationrouter bgp 65535
bgp router-id 10.70.74.187
redistribute kernel
timers bgp 3 20
neighbor 10.71.0.1 remote-as 36692
neighbor 10.71.0.1 prefix-list DOCKER out
neighbor 10.71.0.1 next-hop-self
neighbor 10.71.0.1 route-map anycast-out out
!
ip prefix-list DOCKER seq 5 permit 10.71.1.0/24 le 32
ip prefix-list DOCKER seq 10 deny any
!
route-map anycast-out permit 10
set local-preference 100
set origin igp
Docker Networking
- docker0 bridge- veth interfaces- 172.17.0.0/16- iptables nat rules
Linux Network Namespaces# Add the address to the containers loopback interfaceip netns exec "${NSPID}" ip addr add "${GUEST_IPADDR}" dev lo
# Add a route to the host's table for the guest's new IPip route add "${GUEST_IPADDR}/32" via "${DOCKER_IPADDR}"
DEMO
Whats next?
● OSPF?● fully meshed network● automated GRE tunnels● public ip addresses
SORRY NO QUESTIONS!!!