References for learning about container networking?

derekmahar · May 13, 2020, 10:48pm

What references do you recommend for learning about container networking? For example:

What are the different container network interfaces and how does one configure these interfaces?
How does one expose containers to a Local or Wide Area Network?
How does one configure routing for local container networks?
How much would it help to study general TCP/IP networking?

toby63 · May 14, 2020, 1:09pm

Take a look at simos blog: https://blog.simos.info/how-to-get-lxd-containers-get-ip-from-the-lan-with-routed-network/
https://blog.simos.info/how-to-use-the-lxd-proxy-device-to-map-ports-between-the-host-and-the-containers/

And the network docs:
https://linuxcontainers.org/lxd/docs/master/networks

bodleytunes · May 14, 2020, 9:08pm

Its general linux networking and its wide and varied, huge subject and getting bigger all the time. It comes down to route, bridge or doing something with proxy arp or nat, tunneling or maybe a few other tricks like macvlan/ipvlan which I don’t ever use and don’t know much about.

Install Free Range routing on the host and you can advertise your container networks via BGP to an upstream host, which could be the “WAN” (for north/south traffic)

Use overlay networks to span container networks over multiple hosts, using something like fan bridges, zerotier, nebula or bgp evpn with vxlan (for east west traffic).

Then you can throw in load balancers like HAproxy at scale.

Easiest is just use the default bridge and nat masquerade on outbound(egress), port forward the specific services inbound(ingress).

derekmahar · May 15, 2020, 6:38pm

What are Free Range routing and BGP?

What are overlay networks? This concept and these tools are new to me.

Using VirtualBox, I did manage to forward port 2222 from a VirtualBox guest (the LXD host) to SSH port 22 on a container using a NAT network interface. I presume that VirtualBox managed the outgoing virtual NAT masquerade. I used the VirtualBox guest as an SSH jump host to forward the SSH connection to the container.

How difficult is it to configure a network route to a container? Assuming a Windows host and VirtualBox guest serving as the LXD host, in which host would I configure this route?

bodleytunes · May 16, 2020, 3:24pm

If you are just testing this out in a windows host then easiest is to just portforward on windows host inbound to the linux vm.

I’d leave the more complex networking for when you are going to run LXD on multiple servers.

Rent a couple of cheap cloud servers or a couple of bare metals in hetzner, string together a vpn mesh and then setup lxd on something like that and that would be a better introduction to linux networking.

derekmahar · May 16, 2020, 4:17pm

Do you mean Hetzner?

bodleytunes · May 16, 2020, 4:18pm

Yeah hetzner, they do decent servers, similar to soyoustart/ovh.