'Re: mesos docker vs native container'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mesos-user
Subject:    Re: mesos docker vs native container
From:       Avinash Sridharan <avinash () mesosphere ! io>
Date:       2016-04-27 0:33:33
Message-ID: CAGvycPzC_V1h_iYdF-qDsTd+kewJ+Aqy0-be-i3gc8-89NyWpQ () mail ! gmail ! com
[Download RAW message or body]

Docker does use bridged networking by default, but it uses linux bridges to
perform the bridging, there is no docker-proxy process. The problem with
docker bridge network is that the address space of the container spawned on
the docker bridge are different than the host network, so you need to
perform DNAT to get to any docker container on that bridge. The performance
hit is because of the DNAT. If you want container to container
communication on a single docker bridge, or if you configure the address
space of the docker bridge to be that of the host network (which in most
cases is not possible) you can get close to line speed performance.

Docker host networking is effectively attaching containers to the linux
host network namespace. So the performance results will be the same as that
of running a process natively on the host.

On Tue, Apr 26, 2016 at 5:07 PM, Jeff Schroeder <jeffschroeder@computer.org>
wrote:

> I think you might be a bit confused now this all works. Docker by default
> uses bridged networking, which by default spins up a little crappy
> docker-proxy process for every port. You can disable docker-proxy and
> instead use hairpin routing mode if you have a modern kernel. However, I'm
> almost certain that any task you run via docker on mesos default to host
> networking. Docker, LXC, mesos containers all use the Linux kernel network
> namespace + perhaps some iptables/libnl magic for the networking bits.
> Docker in host networking mode will do networking at mostly native speed. I
> suggest you run iperf on mesos in the various configurations. It should be
> pretty straightforward to test the overhead, but I suspect docker + host
> networking will more than work. Give it a go and let us know!
>
>
> On Tuesday, April 26, 2016, vincent gromakowski <
> vincent.gromakowski@gmail.com> wrote:
>
>> Question is more related  to mesos.  I am thinking of using docker
>> instead of native (LXC?) containers but I suspect network performance
>> decrease which is important on big data workloads.
>> Can you explain why its not secured In host mode ?
>> Le 26 avr. 2016 7:51 PM, "Avinash Sridharan" <avinash@mesosphere.io> a
>> écrit :
>>
>>> Hi Vincent,
>>>  What do you mean by native container through Docker? Can you clarify
>>> your question a bit. Also if it's a DC/OS specific question you might want
>>> to post at users@dcos.io .
>>>
>>> Thanks,
>>> Avinash
>>>
>>> On Tue, Apr 26, 2016 at 10:41 AM, vincent gromakowski <
>>> vincent.gromakowski@gmail.com> wrote:
>>>
>>>> Nobody experienced docker vs native container performance ?
>>>> Le 25 avr. 2016 9:37 AM, "vincent gromakowski" <
>>>> vincent.gromakowski@gmail.com> a écrit :
>>>>
>>>>> I am very interesting in getting some feedback of people who has moved
>>>>> from native container through Docker specially from network performance
>>>>> perspective.
>>>>> DCOS has been open sourced and I like all automation it brings with
>>>>> frameworks but it seems everything is running in docker ?
>>>>> I am looking for the smack stack for which network perf is important.
>>>>> Tx
>>>>>
>>>>
>>>
>>>
>>> --
>>> Avinash Sridharan, Mesosphere
>>> +1 (323) 702 5245
>>>
>>
>
> --
> Text by Jeff, typos by iPhone
>



-- 
Avinash Sridharan, Mesosphere
+1 (323) 702 5245

[Attachment #3 (text/html)]

<div dir="ltr">Docker does use bridged networking by default, but it uses linux \
bridges to perform the bridging, there is no docker-proxy process. The problem with \
docker bridge network is that the address space of the container spawned on the \
docker bridge are different than the host network, so you need to perform DNAT to get \
to any docker container on that bridge. The performance hit is because of the DNAT. \
If you want container to container communication on a single docker bridge, or if you \
configure the address space of the docker bridge to be that of the host network \
(which in most cases is not possible) you can get close to line speed performance.  \
<div><br></div><div>Docker host networking is effectively attaching containers to the \
linux host network namespace. So the performance results will be the same as that of \
running a process natively on the host.  </div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 26, 2016 at 5:07 PM, \
Jeff Schroeder <span dir="ltr">&lt;<a href="mailto:jeffschroeder@computer.org" \
target="_blank">jeffschroeder@computer.org</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">I think you might be a bit confused now this all works. \
Docker by default uses bridged networking, which by default spins up a little crappy \
docker-proxy process for every port. You can disable docker-proxy and instead use \
hairpin routing mode if you have a modern kernel. However, I&#39;m almost certain \
that any task you run via docker on mesos default to host networking. Docker, LXC, \
mesos containers all use the Linux kernel network namespace + perhaps some \
iptables/libnl  magic for the networking bits. Docker in host networking mode will do \
networking at mostly native speed. I suggest you run iperf on mesos in the various \
configurations. It should be pretty straightforward to test the overhead, but I \
suspect docker + host networking will more than work. Give it a go and let us \
know!<div class="HOEnZb"><div class="h5"><span></span><br><br>On Tuesday, April 26, \
2016, vincent gromakowski &lt;<a href="mailto:vincent.gromakowski@gmail.com" \
target="_blank">vincent.gromakowski@gmail.com</a>&gt; wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><p dir="ltr">Question is more related   to mesos.   I am \
thinking of using docker instead of native (LXC?) containers but I suspect network \
performance decrease which is important on big data workloads.<br> Can you explain \
why its not secured In host mode ?</p> <div class="gmail_quote">Le  26 avr. 2016 7:51 \
PM, &quot;Avinash Sridharan&quot; &lt;<a>avinash@mesosphere.io</a>&gt; a écrit  :<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Vincent,<div>  \
What do you mean by native container through Docker? Can you clarify your question a \
bit. Also if it&#39;s a DC/OS specific question you might want to post at  <a \
style="font-size:13px;margin:0px;padding:0px;border:0px;text-decoration:none;color:rgb(102,17,204);font-family:Arial,Helvetica,sans-serif">users@dcos.io</a> \
.</div><div><br></div><div>Thanks,</div><div>Avinash</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 26, 2016 at 10:41 AM, \
vincent gromakowski <span \
dir="ltr">&lt;<a>vincent.gromakowski@gmail.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><p dir="ltr">Nobody experienced docker vs native container \
performance ?</p><div><div> <div class="gmail_quote">Le  25 avr. 2016 9:37 AM, \
&quot;vincent gromakowski&quot; &lt;<a>vincent.gromakowski@gmail.com</a>&gt; a écrit \
:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I am very \
interesting in getting some feedback of people who has moved from native container \
through Docker specially from network performance perspective.</div><div>DCOS has \
been open sourced and I like all automation it brings with frameworks but it seems \
everything is running in docker ?</div><div>I am looking for the smack stack for \
which network perf is important.</div><div>Tx</div></div> </blockquote></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div \
dir="ltr"><div><div dir="ltr">Avinash Sridharan, Mesosphere<div><a \
href="tel:%2B1%20%28323%29%20702%205245" value="+13237025245" target="_blank">+1 \
(323) 702 5245</a></div></div></div></div></div> </div>
</blockquote></div>
</blockquote><br><br></div></div><span class="HOEnZb"><font color="#888888">-- \
<br>Text by Jeff, typos by iPhone<br> </font></span></blockquote></div><br><br \
clear="all"><div><br></div>-- <br><div class="gmail_signature"><div \
dir="ltr"><div><div dir="ltr">Avinash Sridharan, Mesosphere<div>+1 (323) 702 \
5245</div></div></div></div></div> </div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic