Container Networking Reference

A collection of tools and references around container networking accompanying my O'Reilly book Container Networking.

• Networking 101
• Linux kernel
• Docker
• Kubernetes
  • Official documentation
  • 3rd-party articles
• Tooling
  • SDN
  • DNS
  • Proxies and load balancers
  • Ingress and gateways
  • Service Meshes
  • Other

---

Networking 101

• Network Protocols Programmer's Compendium
• Demystifying container networking by Michele Bertasi
• An Empirical Study of Load Balancing Algorithms

Linux kernel

• The History of Containers
• A history of low-level Linux container runtimes
• Networking in Containers and Container Clusters
• Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
• Network namespaces
• Network classifier cgroup
• Exploring LXC Networking
• IPv6 and Containers: Why We Can't Have Nice Things (And How We Can)

Docker

• Docker Networking
• Concerning Containers’ Connections: on Docker Networking
• Unifying Docker Container and VM Networking
• Letting Go: Docker Networking and Knowing When Enough Is Enough
• The Tale of Two Container Networking Standards: CNM v. CNI

Kubernetes

Official documentation

• Networking design
• Services
• Administration—Cluster Networking
• Provide Load-Balanced Access to an Application in a Cluster
• Create an External Load Balancer
• DNS for Services and Pods
• Kubernetes DNS-Based Service Discovery
• Kubernetes DNS example Network policies
• Issue 44063: Implement IPVS-based in-cluster service load balancing

3rd-party articles

• Deep Dive Envoy and Istio Workshop by Christian Posta
• Getting started with Conduit - lightweight service mesh for Kubernetes by Abhishek Tiwari
• Ingress survey 2018 by SIG Network
• Kubernetes Services By Example
• Tutorials and Recipes for using Kubernetes Network Policies feature by Ahmet Alp Balkan
• Data and analysis of the Kubernetes Ingress survey 2018 by the Kubernetes SIG Network
• Kubernetes Networking 101 by Bryan Boreham of WeaveWorks
• Illustrated Guide To Kubernetes Networking by Tim Hockin of Google
• The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking by Gerard Hickey (KubeCon 2017, Austin)
• Blog post series by Mark Betz:
  • Understanding kubernetes networking: pods
  • Understanding kubernetes networking: services
  • Understanding kubernetes networking: ingress
• Understanding CNI (Container Networking Interface) by Jon Langemak
• Operating a Kubernetes network by Julia Evans
• The Service Mesh: Past, Present, and Future by William Morgan (KubeCon 2017, Austin)
• Meet Bandaid, the Dropbox service proxy by Dmitry Kopytkov
• Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what? by Sandeep Dinesh
• OpenShift custom router with TCP/SNI support

Tooling

SDN

• canal: policy-based networking for cloud native applications (see also Project Calico)
• Cilium: secure network connectivity and loadbalancing based on BPF
• Contiv: unifies containers, VMs, and bare metal with a single networking fabric
• Contrail: commercial SDN by Juniper (see also Tungsten Fabric)
• flannel: virtual network that gives a sub-net to each host for use with a container runtime
• Open vSwitch: multilayer virtual switch supporting standards such as NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag
• OpenVPN: open source VPN
• Project Calico: provides secure network connectivity by managing a flat layer 3 network, using IP-in-IP tunneling or overlays such as flannel
• Tungsten Fabric: network virtualization for providing connectivity and security for virtual, containerized or bare-metal workloads
• Weave Net: cloud native networking toolkit that creates virtual networks, enables automatic discovery and offers DNS, IPAM, and a distributed virtual firewall

DNS

• CoreDNS: a DNS server written in Go
• kubernetes-incubator/external-dns: configure external DNS servers (AWS Route53, Google CloudDNS and others) for Ingresses and services
• Kubernetes DNS: part of Kubernetes proper, schedules a DNS pod and service, and configures the kubelets to tell individual containers to use the DNS Service’s IP to resolve DNS names
• SkyDNS: a distributed service for announcement and discovery of services built on top of etcd
• WeaveDNS: a DNS server answering name queries on a Weave network

Proxies and load balancers

• coreos/corelb: a loadbalancer built on coreinit and NGINX
• Envoy: cloud-native proxy supporting HTTP/2 and gRPC
• HAProxy: load balancing and proxying for TCP and HTTP-based apps
• kube-proxy: Kubernetes built-in East-West traffic service proxy (managing IPtables entries)
• MetalLB: a load-balancer implementation for bare metal Kubernetes clusters using ARP, NDP, or BGP.
• NGINX Reverse Proxy: configuring NGINX as a reverse proxy
• Træfik: a HTTP reverse proxy and load balancer

Ingress and gateways

• Ambassador: a Kubernetes-native API gateway built on Envoy
• Contour: a Kubernetes Ingress controller for Envoy
• [coreos/alb-ingress-controller](- https://github.com/coreos/alb-ingress-controller ): a Kubernetes Ingress Controller for AWS ALB
• kube-router: IPVS-based service proxy, Network Policy controller
• Kubernetes Ingress controllers:
  • kubernetes/ingress-gce
  • kubernetes/ingress-nginx
  • nginxinc/kubernetes-ingress
  • zlabjp/nghttpx-ingress-lb

Service Meshes

• Conduit: an ultralight service mesh for Kubernetes
• Istio: an open platform to connect, manage, and secure microservices
• Linkerd: a transparent proxy to be deployed as a service mesh

Other

• controlplaneio/netassert: network security testing
• coreos/go-iptables: Go bindings for IPtables
• coreos/matchbox: network boot and provision Container Linux clusters
• jetstack/cert-manager: automatically manage TLS certificates in Kubernetes
• Skydive: real-time network topology and protocols analyzer