Docker Demo Brief
Docker Swarm & PLUMgrid
PLUMgrid ONS + Docker Swarm
Secure and Scalable Networking for Container Clusters
Introduction
Micro-segmentation for Multitenancy
Security Policies
Containers are transforming application development and delivery with lightweight and
massively scalable resources. Containers are the next step forward in creating a virtual
infrastructure that provides resources to build, deploy and instantiate applications. Proven to
accelerate application delivery, containers simplify the packaging of applications along with
their dependencies.
As container deployments rise, users are seeking advanced virtual networking services that
are beyond connectivity. PLUMgrid now offers a SDN plugin for Docker containers at
https://github.com/plumgrid/libnetwork-plugin to enable rich networking functions,
secure multi-tenancy, multi-host networking, high availability, and distributed scale-out
performance for Docker clouds.
Distributed Scale-out Performance
High Scalability and Performance
Integrated Networking and
Volumes
Flexible Container Scheduling
PLUMgrid ONS and Docker Containers
PLUMgrid Open Networking Suite (ONS) provides a scalable and extensible virtual network
infrastructure, with the right building blocks of networking for Docker containers from the
ground up. When an application is spread across multiple hosts and containers, PLUMgrid
ONS provides Docker based environment an ability to coordinate applications across IP
infrastructure without the need for complex communication buses. PLUMgrid supports
Docker with the following:
PLUMgrid Virtual Domains
PLUMgrid Virtual Domains provide a clean veth to each container, which results in the
following:
Container Networking with
PLUMgrid ONS
For more information on how
PLUMgrid ONS supports networking for
containers, visit:
All protocols can be pushed to containers and not tied to a single physical server.
If NAT is still needed, the use of real IP addresses is not one per compute node, but a set
of IP addresses are allocated to a tenant
http://www.plumgrid.com/containernetworking/
The security policies with PLUMgrid solution can scale and do not run into limitations of
iptables
www.plumgrid.com
GAS316_v1.0_0616
1/2
2016 PLUMgrid, Inc. All rights reserved.
�Docker Demo Brief
Docker UI is an unofficial project, used for visual of
Docker cluster.
Docker Swarm
DISTRIBUTED
ARCHITECTURE
NON-STOP
FORWARDING
PLUMgrid VNF
LIBRARY
1,000s
SERVICE
INSERTION
VXLAN BASED OVERLAY NETWORK
100s
PLUMgrid Service Insertion Architecture
As PLUMgrid solution has the capability to do Service
Insertion of third-party network functions, they can be
inserted into the data plane path directly when they are
containerized. In such scenario, third party functions can
be routers, load-balancers, firewalls and more. Currently,
PLUMgrid Service Insertion Architecture (SIA) allows the
deployment of a container on an edge. Therefore, a container
is deployed through a VM residing on an edge. When using a
container based mode, all traffic is hair pinned through the
inserted container.
Swarm manager is responsible for talking to Docker
daemons to provision networking, containers etc.
Swarm agent is responsible for Docker swarm cluster
node forming and reporting information regarding the
node.
Docker Daemon is the local instance running on each
node, provide the local API for managing containers and
networks.
Consul is the key-value store for Docker and used by
Docker services for node/service discovery.
PLUMgrid Director/Edge/Gateway are PLUMgrid ONS
components
Docker
CLI
How does the Docker Swarm & PLUMgrid Joint
Solution Work?
In this Docker Swarm & PLUMgrid Joint Solution demo, we
use the Vagrant + VirtualBox framework to automate the
whole installation process. PLUMgrid enables networking
for containers via the PLUMgrid libnetwork plugin. With the
PLUMgrid & Docker Swarm joint solution demo setup we have
three nodes:
Swarm Manager
Master-node runs PLUMgrid Director, PLUMgrid Gateway,
Swarm Manager and Consul (kv-store)
c-node0 runs PLUMgrid Edge/IOvisor and Swarm Agent
c-node1 also runs PLUMgrid Edge/IOvisor and Swarm
Agent
Heres a brief description about the component roles that
runs in the solution (as shown in the diagram on the right):
Docker CLI talks to Docker Swarm manager using external
IP:PORT and provide standard Docker CLI for the entire
cluster.
Docker
UI
Consul
Master-node
Swarm Agent
Docker Daemon
c-node0
Swarm Agent
Docker Daemon
c-node1
Conclusion
As container adoption rises, data centers need secure and
scalable virtual network infrastructure to connect application
and workloads. PLUMgrid provides a comprehensive software
suite that addresses hybrid OpenStack environments with
bare metal, virtual machine and container based workloads.
PLUMgrid ONS with advanced network functions and service
insertion architecture enables hybrid data centers seamlessly.
PLUMgrid is a leader of secure and scalable software-defined networking (SDN) solutions for OpenStack clouds.
To learn more about PLUMgrid visit: http://www.plumgrid.com/contact-us/
www.plumgrid.com
GAS316_v1.0_0616
2/2
2016 PLUMgrid, Inc. All rights reserved.
