SLIDE 1
Weave Net
Five years with no central control.
1
Lead on Weave Net since 2015. Project member of Kubernetes, CNI, Cortex, Scope, … Not a networking expert.
Bryan Boreham
2
Weave Net Five years with no central control. FOSDEM 2020 Bryan - - PowerPoint PPT Presentation
Weave Net Five years with no central control. FOSDEM 2020 Bryan - - PowerPoint PPT Presentation
Weave Net Five years with no central control. FOSDEM 2020 Bryan Boreham @bboreham https://weave.works @weaveworks 1 Bryan Boreham Lead on Weave Net since 2015. Project member of Kubernetes, CNI, Cortex, Scope,
SLIDE 2
SLIDE 3
- Open Source container network
- Easy to install; runs anywhere*
- No “Enterprise Version”
Weave Net
3
SLIDE 4
What is a “container network”?
4
SLIDE 5
“There’s 👐 no 👐 such 👐 thing 👐 as 👐 container 👐 networking”
https://medium.com/@rothgar/no-sdn-kubernetes-5a0cb32070dd 5
SLIDE 6
https://twitter.com/rothgar/status/998333265739042816 6
SLIDE 7
Containers give you isolation.
- Each container runs in its own network namespace.
How do these network namespaces talk to each other?
- That’s a container network.
What is a “container network”
7
SLIDE 8
Let’s look at how it works
8
SLIDE 9
Container network model
9
SLIDE 10
Ex-RabbitMQ, Erlang expert. Wrote the first version of Weave Net. 3,400 lines of Go
Matthew Sackman
10
SLIDE 11
Containers with bridges
11
SLIDE 12
Weave Net 1.0
veth pcap veth pcap UDP 12
SLIDE 13
Weave Net daemon learns where MACs come from
- when it sees the first packet from that MAC.
Thus, it knows where to send each packet**. If it doesn’t know where a MAC comes from?
- send it everywhere!
Distributed Ethernet Switch*
13
SLIDE 14
“Weave is kinda slow”
14
SLIDE 15
Weave Net 1.2 “Fast Data Path”
veth veth VXLAN OVS Datapath OVS Datapath UDP 15
SLIDE 16
Ex-Pivotal Implementer of the “fast data path” Now at Cloudflare
David Wragg
https://github.com/weaveworks/go-odp/ 16
SLIDE 17
How to set up all the devices?
veth 17
SLIDE 18
Jérôme Petazzoni
18
SLIDE 19
The weave script
19
SLIDE 20
Encryption
ESP OVS Datapath UDP mark xfrm https://github.com/weaveworks/weave/blob/master/docs/fastdp-crypto.md 20
SLIDE 21
Implementer of Weave Net XFRM encryption. Kernel fixes for conntrack race conditions, etc. Now at Isovalent (Cillium)
Martynas Pumputis
https://www.weave.works/blog/racy-conntrack-and-dns-lookup-timeouts 21
SLIDE 22
Weave Net handles multicast
- via the “send the packet everywhere” logic.
Multicast
22
SLIDE 23
Peers and Topology
23
SLIDE 24
Peers and topology
Gossip 24
SLIDE 25
IP Address Management
Gossip 25
SLIDE 26
Community
26
SLIDE 27
Weave Net installs per week
27
SLIDE 28
Lots of requests, very few PRs
28
SLIDE 29
Mostly paid contributors
29
SLIDE 30
Kubernetes
30
SLIDE 31
Mandates NAT-free network between “pods”. 3rd-party pod networks. Rkt, from CoreOS, has a simple ‘exec’ model to add a network.
Kubernetes
31
SLIDE 32
CNI - the Container Network Interface
Interface Network Plugin
{ "cniVersion": "0.3.0", "name": "mynet", "type": "my-plugin", "ipam": { "type": "host-local", "subnet":"10.4.0.0/24", } }
Runtime (kubelet) JSON Config Network Manager 32
SLIDE 33
Installing via DaemonSet
DaemonSet runs
- n every node
Pod mounts host directory and copies plugin at startup 33
SLIDE 34
End of main content
34
SLIDE 35
Kubernetes Network Policy Launch modes Scalability Service Management / Service Discovery Bug bounty programme
Things I didn’t cover
35
SLIDE 36
Questions?
Bryan Boreham @bboreham https://weave.works @weaveworks
36