Thursday, July 31, 2014

The Container World | Part 2 Networking

This is part 2 of a blog post series that I have started on Linux container and container-based technology. In part 1, I gave an overview of LXC technology and finished up with a short tutorial on installing the necessary packages. In this post I will give a short discussion on the host networking and how it works and then sum up with a quick tutorial (I know. Just get to creating the containers already!). Will once again be demoing on a CentOS 7 machine. Hope you enjoy!


Networking 


It is important to understand how networking works for LXC and understand your options. This is important because without correct network configuration on the host, you will not be able to do things such as ssh into your containers. Containers support several different virtual networking types in which the majority of these types require a configured a bridge device on the host for any network communication. So for the sake of majority and the sake of this tutorial we will be setting up a bridge on our host.

When it comes to networking, containers are just like regular operating systems or any other device on a network and are assigned their own IP addresses for communication. By setting up a bridge interface on the host, the host's interface will act similar to a switch and allow traffic to flow to and from the containers from other devices on the network . Here is a good illustration of a network bridge interface from Oracle if you are like me and need visuals.

Image: docs.oracle.com

This particular bridging method shown above is called a veth bridge (which we will be using when we create our containers in later tutorials). The networking aspect of LXC is not that difficult to grasp but I believe it is important to understand what is right for your environment. You should know what options you have for things like high availability and being able to access your container across the network. With that being said, lets begin our short demo on setting up a bridged adapter. 

NOTE: We will be setting up a single host with a single bridge on the subnet of 10.1.0.1/24. If using virtualbox make sure to create a host-only adapter (File > Preferences > Network > Host-Only Networks) if you plan to be able to access the containers from outside the host. Here are my virtualbox network configuration for Host-Only adapter as an example:






1. If you have not already done so please make sure that you have the network service enabled and started.

    # service network start
    # chkconfig network on

   OR for systemd 

    # systemctl start network.service
    # systemctl enable network.service


2. We will bridge eth0 to br0 so let's configure eth0 interface. Don't use HWADDR from below. Keep your original one for the device. 

    # vim /etc/sysconfig/network-scripts/ifcfg-eth0
    
    DEVICE=eth0
    TYPE=Ethernet
    HWADDR=YOUR_MAC_ADDRESS
    BOOTPROTO=none
    ONBOOT=yes
    NM_CONTROLLED=no
    BRIDGE=br0

3. Create the bridge device br0. Setup as static IP.

    # vim /etc/sysconfig/network-scripts/ifcfg-br0

    DEVICE=br0
    TYPE=Bridge
    IPADDR=10.1.0.103
    NETMASK=255.255.255.0
    ONBOOT=yes
    BOOTPROTO=static
    NM_CONTROLLED=no
    DELAY=0


4. Add the following if statement at the end of the ifup-post file right above exit 0.

    # vim /etc/sysconfig/network-scripts/ifup-post

    if [ $DEVNAME = "br0" ]; then
        /usr/sbin/brctl setfd br0 0
    fi


The if statement above executes a command to set the br0 device to a forwarding delay of 0 each time the interface is brought up. "Forwarding delay time is the time spent in each of the Listening and Learning states before the Forwarding state is entered. This delay is so that when a new bridge comes onto a busy network it looks at some traffic before participating (Linux Foundation)". Also note that anytime that you make a change to any network configurations that you must restart the network to take affect. 

This concludes Host networking setup. Please check out next post in the series cgroups. 

Blog Series on Linux Containers:
Previous Post: Overview
Next Post: Control Groups

No comments:

Post a Comment