Windows Server Containers with Overlay networking for Swarm

With today’s release of Windows Server Network Overlay network driver for Windows Server it is now possible to run Windows Server in a docker swarm mode to have the capability to have containers cross-host communication. This has been available for Windows 10 for some time and with the Creator update. So for those who aren’t aware of the inner workings of Windows and Docker Swarm I want to elaborate on this during the blogpost.

Docker Swam overlay mode allows for some benefits such as
* You can attach multiple services to the same network.
* By default, service discovery assigns a virtual IP address (VIP) and DNS entry to each service in the swarm,    making it available by its service name to containers on the same network.

Now with the introduction of network overlay in Windows 10 Creators update, Microsoft introduced the use of overlay network using the Hyper-V capabilities from the Hyper-V switch and Azure extension called Virtual filtering platform.
This  makes it possible to connect container endpoints running on separate hosts to the same, isolated network.

NOTE: The visio below, shows a simple explanation of the setup where you might have a four node cluster where you have two services on different overlay networks, but it is possible to have multiple container services use the same overlay network. When a container needs to communicate with another host the traffic will be encapsulated with the Host network service and forwarded to the VFP extension on the Hyper-V switch and across to the other host.

63image

There is one thing to note however is that with Windows Server and Windows 10 it only supports DNS Round Robin endpoint service publishing and not Routhing mesh which is the default option in Docker Swarm. Routhing mesh is like a layer 4 load balancing capability where it has a swarm load balacer which takes care of the internal load balancing and that the service will be available on all the nodes in the cluster because of the ingress load balancer solution in swarm. This also makes use of a infront overlay network to publish this VIP.

Now since Windows only support dns round robin how will that affect the load balancing? We can configure the service to use DNS round-robin directly without using a VIP, by setting the --endpoint-mode dnsrr when you create the service which is  the option available as of now, but ill get back to that in a bit.

After you have installed the update below we can go head and install Docker on the servers in this example I have two windows servers running as container hosts.

Install-Module -Name DockerMsftProvider -Repository PSGallery –Force

Install-Package -Name docker -ProviderName DockerMsftProvider

Restart-Computer -Force

Next we need to setup Docker Swarm which will require some firewall openings on the hosts for inter communication

  • TCP port 2377 for cluster management communications
  • TCP and UDP port 7946 for communication among nodes
  • TCP and UDP port 4789 for overlay network traffic

From one of the host (Which will be the swarm master) run the following command and insert the HOST ip address of the host

docker swarm init –advertise-addr=<HOSTIPADDRESS> –listen-addr <HOSTIPADDRESS>:2377

After you run this command you will get a command that you will use to join nodes to the swarm

image

By typing docker node ls on the docker swarm leader you will see the list of the nodes in the swarm cluster.

image

Now that we have a cluster we need to create the overlay network.

docker network create –driver=overlay <NETWORKNAME>

image

docker service create --name=win_s1  -replicas=x –endpoint-mode dnsrr –-network=overlaynetwork

image

More info here –> https://blogs.technet.microsoft.com/virtualization/2017/04/18/ws2016-overlay-network-driver/

Download here –> https://support.microsoft.com/en-us/help/4015217/windows-10-update-kb4015217

Leave a Reply

Scroll to Top