Docker Demo Brief

Docker Swarm & PLUMgrid

PLUMgrid ONS + Docker Swarm

Secure and Scalable Networking for Container Clusters

Introduction

Micro-segmentation for Multitenancy

Security Policies

Containers are transforming application development and delivery with lightweight and
massively scalable resources. Containers are the next step forward in creating a virtual
infrastructure that provides resources to build, deploy and instantiate applications. Proven to
accelerate application delivery, containers simplify the packaging of applications along with
their dependencies.
As container deployments rise, users are seeking advanced virtual networking services that
are beyond connectivity. PLUMgrid now offers a SDN plugin for Docker containers at
https://github.com/plumgrid/libnetwork-plugin to enable rich networking functions,
secure multi-tenancy, multi-host networking, high availability, and distributed scale-out
performance for Docker clouds.

Distributed Scale-out Performance

High Scalability and Performance
Integrated Networking and
Volumes
Flexible Container Scheduling

PLUMgrid ONS and Docker Containers

PLUMgrid Open Networking Suite (ONS) provides a scalable and extensible virtual network
infrastructure, with the right building blocks of networking for Docker containers from the
ground up. When an application is spread across multiple hosts and containers, PLUMgrid
ONS provides Docker based environment an ability to coordinate applications across IP
infrastructure without the need for complex communication buses. PLUMgrid supports
Docker with the following:
PLUMgrid Virtual Domains
PLUMgrid Virtual Domains provide a clean veth to each container, which results in the
following:

Container Networking with

PLUMgrid ONS
For more information on how
PLUMgrid ONS supports networking for
containers, visit:

All protocols can be pushed to containers and not tied to a single physical server.
If NAT is still needed, the use of real IP addresses is not one per compute node, but a set
of IP addresses are allocated to a tenant

http://www.plumgrid.com/containernetworking/

The security policies with PLUMgrid solution can scale and do not run into limitations of
iptables

www.plumgrid.com

GAS316_v1.0_0616

1/2

2016 PLUMgrid, Inc. All rights reserved.

Docker Demo Brief

Docker UI is an unofficial project, used for visual of

Docker cluster.

Docker Swarm

DISTRIBUTED
ARCHITECTURE
NON-STOP
FORWARDING

PLUMgrid VNF
LIBRARY

1,000s

SERVICE
INSERTION

VXLAN BASED OVERLAY NETWORK

100s

PLUMgrid Service Insertion Architecture

As PLUMgrid solution has the capability to do Service
Insertion of third-party network functions, they can be
inserted into the data plane path directly when they are
containerized. In such scenario, third party functions can
be routers, load-balancers, firewalls and more. Currently,
PLUMgrid Service Insertion Architecture (SIA) allows the
deployment of a container on an edge. Therefore, a container
is deployed through a VM residing on an edge. When using a
container based mode, all traffic is hair pinned through the
inserted container.

Swarm manager is responsible for talking to Docker

daemons to provision networking, containers etc.
Swarm agent is responsible for Docker swarm cluster
node forming and reporting information regarding the
node.
Docker Daemon is the local instance running on each
node, provide the local API for managing containers and
networks.
Consul is the key-value store for Docker and used by
Docker services for node/service discovery.
PLUMgrid Director/Edge/Gateway are PLUMgrid ONS
components

Docker
CLI

How does the Docker Swarm & PLUMgrid Joint

Solution Work?
In this Docker Swarm & PLUMgrid Joint Solution demo, we
use the Vagrant + VirtualBox framework to automate the
whole installation process. PLUMgrid enables networking
for containers via the PLUMgrid libnetwork plugin. With the
PLUMgrid & Docker Swarm joint solution demo setup we have
three nodes:

Swarm Manager

Master-node runs PLUMgrid Director, PLUMgrid Gateway,

Swarm Manager and Consul (kv-store)
c-node0 runs PLUMgrid Edge/IOvisor and Swarm Agent
c-node1 also runs PLUMgrid Edge/IOvisor and Swarm
Agent
Heres a brief description about the component roles that
runs in the solution (as shown in the diagram on the right):
Docker CLI talks to Docker Swarm manager using external
IP:PORT and provide standard Docker CLI for the entire
cluster.

Docker
UI

Consul

Master-node

Swarm Agent

Docker Daemon

c-node0

Swarm Agent

Docker Daemon

c-node1

Conclusion
As container adoption rises, data centers need secure and
scalable virtual network infrastructure to connect application
and workloads. PLUMgrid provides a comprehensive software
suite that addresses hybrid OpenStack environments with
bare metal, virtual machine and container based workloads.
PLUMgrid ONS with advanced network functions and service
insertion architecture enables hybrid data centers seamlessly.

PLUMgrid is a leader of secure and scalable software-defined networking (SDN) solutions for OpenStack clouds.
To learn more about PLUMgrid visit: http://www.plumgrid.com/contact-us/

www.plumgrid.com

GAS316_v1.0_0616

2/2

2016 PLUMgrid, Inc. All rights reserved.