Raikou-Net is a Docker container designed to orchestrate networking between containers on the same host system using Open vSwitch (OVS).
It runs as a Docker-in-Docker derived image with privileged mode and leverages the host network to create OVS bridges instead of default docker bridges.
-
Integration with Existing Network Infrastructure: OVS seamlessly integrates with existing network infrastructure and can be easily connected to physical networks, routers, and switches. This makes it ideal for hybrid environments where Docker containers need to communicate with external systems or legacy infrastructure.
-
Advanced Networking Features: OVS provides a wide range of advanced networking features such as VLAN tagging, VXLAN overlay networks, GRE tunnels, and more. This enables greater flexibility in designing and managing network topologies.
-
Performance and Scalability: OVS is known for its high-performance capabilities and scalability. It efficiently handles a large number of virtual interfaces and network flows, making it suitable for complex and demanding network environments.
-
Network Isolation and Security: OVS allows for finer-grained network isolation and security controls. It supports the creation of multiple isolated bridges and offers features like access control lists (ACLs) and flow-based filtering, providing more granular control over network traffic.
-
Interoperability and Vendor Neutrality: OVS is an open-source project with wide industry adoption. It is not tied to a specific vendor or platform, offering greater interoperability and vendor neutrality. This flexibility allows for the choice of networking solutions without vendor lock-in.
To learn more about Docker networking with OVS and how to utilize it effectively, refer to the documentation on Docker Networking with Open vSwitch.
- Creation of veth pairs and attachment of OVS bridges to containers
- Setting VLAN trunk/access port on container designated OVS interfaces
- Support for IPv6 address assignment
- Managing external IDs for VLAN translation
Before deploying the OVS Orchestrator, ensure that you have the following prerequisites:
- Docker installed on the host machine.
- OVS installed on the host machine
- Basic understanding of Docker and container networking concepts.
- A properly configured
config.jsonfile for OVS configuration.
To install openvswitch in Debian/Ubuntu:
sudo apt install openvswitch-switch openvswitch-commonTo install openvswitch in Alpine:
sudo apk add -u openvswitchTo install docker engine and compose plugin, please follow the below link:
Install Docker in Ubuntu/Debian
To deploy the OVS Orchestrator, follow these steps:
-
Clone the Raikou-Net repository.
-
Prepare the
config.jsonfile with the necessary OVS configuration. Ensure it is placed in the same directory as the Raikou-Net files. For syntax details, please refer to the following page: Raikou-Net OVS Configuration Syntax -
Create a
docker-compose.ymlfile with the desired container dependencies and configuration.version: "3.9" services: raikou: build: context: . dockerfile: Dockerfile container_name: raikou-net volumes: - /lib/modules:/lib/modules - /var/run/docker.sock:/var/run/docker.sock - ./config.json:/root/config.json privileged: true pid: "host" network_mode: "host" hostname: "orchestrator" depends_on: - container1 - container2 - container3
- Adjust the
buildsection if you have customized the Dockerfile name or location. - Update the
volumessection to map the necessary directories and files, including theconfig.jsonfile. - Modify the
depends_onsection to include the containers that raikou should handle with OVS.
- Adjust the
-
Build the Docker image using the following command:
docker-compose build
This command builds the OVS Orchestrator image based on the provided Dockerfile.
-
Run the following command to start the OVS Orchestrator container:
docker-compose up -d
This command starts the container in detached mode, allowing it to run in the background.
-
Verify that the OVS Orchestrator container is running by checking the container logs or running
docker ps.
Consider we would like to have board, lan and router containers connected to each other in the following topology:
This can be achieved with the following steps:
We would require 2 bridges cpe_wan and cpe_lan in this case
{
"bridge": {
"cpe-lan": {},
"cpe-wan": {}
}
}LAN and board both should get connected to cpe_lan bridge
with interface name eth1
{
"bridge": {
"cpe-lan": {},
"cpe-wan": {}
},
"container": {
"lan": [
{
"bridge": "cpe-lan",
"iface": "eth1"
}
],
"board": [
{
"bridge": "cpe-lan",
"iface": "eth1"
},
]
}
}Board and BNG get connected to cpe_wan but with a different
interface name.
We can also notice that the board needs to allow 3 VLANs on its interface
We can decide a container port to be Access VLAN port using vlan
or in trunk mode using trunk.
{
"bridge": {
"cpe-lan": {},
"cpe-wan": {}
},
"container": {
"lan": [
{
"bridge": "cpe-lan",
"iface": "eth1"
}
],
"board": [
{
"bridge": "cpe-lan",
"iface": "eth1"
},
{
"bridge": "cpe-wan",
"iface": "eth0",
"trunk": "131,121,117"
}
],
"router": [
{
"bridge": "cpe-wan",
"iface": "eth0",
"vlan": "121"
},
...
]
}
}If we want to statically assing IP addresses to a container port.
{
"bridge": {
"cpe-wan": {
"parents": [
{
"iface": "eno3"
}
]
}
},
"container": {
"wan": [
{
"bridge": "cpe-wan",
"iface": "eth1",
"ipaddress": "172.25.1.101/24",
"gateway": "172.25.1.1",
"ip6address": "2001:dead:beef:2::101/64",
"gateway6": "2001:dead:beef:2::1"
}
]
}
}Note:
parentswill allow an OVS bridge to get connected to an actual physical interface on the host machine
docker compose restartContributions to the Raikou-Net project are welcome! If you find any issues or have suggestions for improvement, please open an issue or submit a pull request.
This project is licensed under the MIT License.