Shulou(Shulou.com)06/01 Report--

Editor to share with you an example analysis of the principles of the network in kubernetes, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

One: architecture diagram

Two: description

1. Network namespace

Network stacks in different namespaces are completely isolated and cannot communicate with each other, just like two "parallel universes". By isolating this kind of network resources, multiple different network environments can be virtualized on one host machine.

two。 Network namespace communication, Veth device pair

Veth device pair is introduced to communicate between different network namespaces, which can be used to connect the two network namespaces directly. Because two network namespaces are connected, Veth devices appear in pairs, much like a pair of Ethernet network cards, with a directly connected network cable in the middle.

3. Network bridge

The Linux kernel implements bridging between Ethernet ports (Veth) through a virtual bridge device.

Network implementation of 4.Docker

When Docker Daemon starts for the first time, it creates a virtual bridge, the default name is docker0, and assigns a subnet to the bridge in the private network space.

For each container created by Docker, a virtual Veth device pair is created, one end is associated to the bridge, the other end uses Linux's network namespace technology, maps to the eth0 device in the container, and then assigns an IP address to the eth0 interface from the address segment of the docker0 bridge

Communication between 5.kubernetes containers

Containers in Pod share a network namespace, share a Linux protocol stack, and can access each other's ports with localhost addresses

Communication between Pod of the same Node in 6.kubernetes

The default route of Pod in the same Node is the address of docker0, and because they are associated on the same docker0 bridge and have the same address network segment, they should be able to communicate directly with each other.

Communication between Pod of different Node in 7.kubernetes

There are two conditions for communication between Pod in different Node: the IP of Pod cannot conflict; the IP of Pod is associated with the IP of Node, and the Pod can access each other through this association.

How 8.Flannel works

Flannel is essentially an "overlay network (overlay network)", that is, TCP data is packaged in another network packet for routing and forwarding and communication. At present, data forwarding methods such as UDP, VxLAN, AWS VPC and GCE routing are supported.

1. After the data is sent from the source container, it is forwarded to the flannel0 virtual network card through the docker0 virtual network card of the host, which is a P2P virtual network card, and the flanneld service listens on the other end of the network card.

2.Flannel maintains a routing table between nodes through Etcd services.

3. The flanneld service of the source host encapsulates the original data content UDP and delivers it to the flanneld service of the destination node according to its own routing table. After the data arrives, it is unpackaged, and then directly enters the flannel0 virtual network card of the destination node, and then is forwarded to the docker0 virtual network card of the destination host. Finally, like the local container communication, there is a docker0 route to the destination container.

9.Calico architecture

The above is all the contents of the article "sample Analysis of Network principles in kubernetes". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.