Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Illustrated Guide To Kubernetes Networking
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tim Hockin
September 21, 2016
Technology
71k
97
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Illustrated Guide To Kubernetes Networking
A short walk through of some ideas around container networking.
Tim Hockin
September 21, 2016
More Decks by Tim Hockin
See All by Tim Hockin
Kubernetes in the 2nd Decade
thockin
0
540
Why Service is the worst API in Kubernetes, and what we can do about it
thockin
2
1.1k
Kubernetes Pod Probes
thockin
6
4.9k
Go Workspaces for Kubernetes
thockin
2
1.1k
Code Review in Kubernetes
thockin
2
1.9k
Multi-cluster: past, present, future
thockin
0
610
Kubernetes Controllers - are they loops or events?
thockin
11
4.2k
Kubernetes Network Models (why is this so dang hard?)
thockin
9
2.1k
KubeCon EU 2020: SIG-Network Intro and Deep-Dive
thockin
8
1.4k
Other Decks in Technology
See All in Technology
なぜ私たちのSREプラクティスはなかなか機能しないのか 〜システムより先に組織を見る〜 / Why our SRE practices aren't really working
vtryo
1
1.7k
クラウド上のデータ復旧で見落としがちな制約: 医療系 SaaS の BCP 設計から得た教訓
kakehashi
PRO
0
1.5k
証券システムを10年Scalaで作り続けるということ - 関数型まつり2026
krrrr38
3
700
Oracle Exadata Database Service on Cloud@Customer X11M (ExaDB-C@C) サービス概要
oracle4engineer
PRO
2
8.3k
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
510
ゼロをイチにする仕事が終わったあと
smasato
0
310
Why is RC4 still being used?
tamaiyutaro
0
300
Foxgloveについて 実際にExtensionを開発して公開するまでの話 / About Foxglove: The Story of Developing and Releasing an Extension
ry0_ka
0
180
グローバルチームと挑むプロダクト開発
sansantech
PRO
1
160
Baseline対応のDOMの型定義を作った
uhyo
3
710
SRE歴2ヶ月でも開発6年の知見を活かして、チームで止まっていた環境改善を前に進めた話
a_ono
1
210
攻撃者がいなくてもAIエージェントはインシデントを起こす
nomizone
0
200
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Navigating Team Friction
lara
192
16k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
150
XXLCSS - How to scale CSS and keep your sanity
sugarenia
250
1.3M
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
640
The Spectacular Lies of Maps
axbom
PRO
1
850
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Amusing Abliteration
ianozsvald
1
220
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4.1k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.6k
Building an army of robots
kneath
306
46k
Transcript
Google Cloud Platform An Illustrated Guide to Kubernetes Networking Tim
Hockin <
[email protected]
> Senior Staff Software Engineer @thockin
Google Cloud Platform Layer 2: ethernet
Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16
01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 switch
Google Cloud Platform node-a node-c node-b node-d L2 to: 192.168.1.3
from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04
Google Cloud Platform node-d node-b node-a node-c L2 to: <broadcast>
from: 11:22:33:44:55:01 who has 192.168.1.3? to: 192.168.1.3 from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 “ARP request”
Google Cloud Platform node-a node-c node-b node-d L2 to: 192.168.1.3
from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 to: 11:22:33:44:55:01 from: 11:22:33:44:55:03 I have 192.168.1.3 “ARP response”
Google Cloud Platform node-a node-c node-b node-d L2 to: 192.168.1.3
via: 11:22:33:44:55:03 from: 192.168.1.1 GET / 192.168.1.1/16 11:22:33:44:55:01 192.168.1.2/16 01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04
Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 11:22:33:44:55:01 L2
with containers cbr0: 10.0.1.1/24 ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24
Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16
01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02
Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16
01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 from: 10.0.1.2 GET /
Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16
01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 from: 10.0.1.2 GET / to: <broadcast> from: aa:bb:cc:dd:e1:01 who has 10.0.3.2? “ARP request”
Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16
01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 from: 10.0.1.2 GET / to: aa:bb:cc:dd:e1:01 from: 11:22:33:44:55:03 I have 10.0.3.2 “proxy ARP response”
Google Cloud Platform node-a 192.168.1.1/16 11:22:33:44:55:01 node-c node-b node-d 192.168.1.2/16
01:23:45:67:89:02 192.168.1.3/16 11:22:33:44:55:03 192.168.1.4/16 01:23:45:67:89:04 L2 ctr-1 10.0.1.2 aa:bb:cc:dd:e1:01 ctr-2 10.0.3.2 aa:bb:cc:dd:e3:02 to: 10.0.3.2 via: 11:22:33:44:55:03 from: 10.0.1.2 GET /
Google Cloud Platform Layer 3 - IP
Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 gateway
Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 to: 192.168.1.3 from: 192.168.1.1 GET /
Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 to: 192.168.1.3 from: 192.168.1.1 GET /
Google Cloud Platform node-a node-c node-b node-d 192.168.1.1/32 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 to: 192.168.1.3 from: 192.168.1.1 GET / routing decision, static or learned (e.g. BGP)
Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2
Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET /
Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET /
Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET / routing decision, static or learned (e.g. BGP)
Google Cloud Platform node-a 192.168.1.1/32 node-c node-b node-d 192.168.1.2/32 192.168.1.3/32
192.168.1.4/32 L3 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 10.0.1.2 GET /
Google Cloud Platform Overlays Q: When should I use an
overlay? A: When nothing else works, or when you have specific reasons to want it (e.g. the added value of management)
Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 Overlay (e.g.
flannel, weave) cbr0: 10.0.1.1/24 ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16
Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24
ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24
ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24
ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-a root netns eth0: 192.168.1.1/16 cbr0: 10.0.1.1/24
ctr-1 eth0: 10.0.1.2/24 ctr-2 eth0: 10.0.1.3/24 ctr-3 eth0: 10.0.1.4/24 flannel0: 10.0.1.254/16 to: 192.168.1.3 from: 192.168.1.1 encap: to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-a 192.168.1.1/16 node-c node-b node-d 192.168.1.2/16 192.168.1.3/16
192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 Overlay (e.g. flannel, weave)
Google Cloud Platform node-c root netns eth0: 192.168.1.3/16 cbr0: 10.0.3.1/24
ctr-4 eth0: 10.0.3.2/24 ctr-5 eth0: 10.0.3.3/24 ctr-6 eth0: 10.0.3.4/24 flannel0: 10.0.3.254/16 to: 192.168.1.3 from: 192.168.1.1 encap: to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-c root netns eth0: 192.168.1.3/16 cbr0: 10.0.3.1/24
ctr-4 eth0: 10.0.3.2/24 ctr-5 eth0: 10.0.3.3/24 ctr-6 eth0: 10.0.3.4/24 flannel0: 10.0.3.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-c root netns eth0: 192.168.1.3/16 cbr0: 10.0.3.1/24
ctr-4 eth0: 10.0.3.2/24 ctr-5 eth0: 10.0.3.3/24 ctr-6 eth0: 10.0.3.4/24 flannel0: 10.0.3.254/16 to: 10.0.3.2 from: 10.0.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform Overlays - the hard part
Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16
192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 Overlay (e.g. flannel, weave)
Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16
192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 192.168.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16
192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 192.168.1.2 GET / Overlay (e.g. flannel, weave)
Google Cloud Platform node-a 192.168.1.1/16 node-c non-node node-d 192.168.1.2/16 192.168.1.3/16
192.168.1.4/16 ctr-1 10.0.1.2 ctr-2 10.0.3.2 to: 10.0.3.2 from: 192.168.1.2 GET / ?!?! Overlay (e.g. flannel, weave)
Google Cloud Platform We need a bridge between the physical
and overlay networks...
Google Cloud Platform We need a bridge between the physical
and overlay networks... • could: route to nodes • could: route to 1 or more bridge machines • could: run flannel on client machines
Google Cloud Platform We need a bridge between the physical
and overlay networks... • could: route to nodes • could: route to 1 or more bridge machines • could: run flannel on client machines • see “When should I use an overlay?”