cg-container-networking.markdown

Tech talk lite: cloud.gov container networking

       _                 _
      | |               | |
   ___| | ___  _   _  __| |  __ _  _____   __
  / __| |/ _ \| | | |/ _` | / _` |/ _ \ \ / /
 | (__| | (_) | |_| | (_| || (_| | (_) \ V /
  \___|_|\___/ \__,_|\__,_(_)__, |\___/ \_/
                             __/ |
                            |___/

                  _        _
                 | |      (_)
   ___ ___  _ __ | |_ __ _ _ _ __   ___ _ __
  / __/ _ \| '_ \| __/ _` | | '_ \ / _ \ '__|
 | (_| (_) | | | | || (_| | | | | |  __/ |
  \___\___/|_| |_|\__\__,_|_|_| |_|\___|_|
            | |                    | |  (_)
  _ __   ___| |___      _____  _ __| | ___ _ __   __ _
 | '_ \ / _ \ __\ \ /\ / / _ \| '__| |/ / | '_ \ / _` |
 | | | |  __/ |_ \ V  V / (_) | |  |   <| | | | | (_| |
 |_| |_|\___|\__| \_/\_/ \___/|_|  |_|\_\_|_| |_|\__, |
                                                  __/ |
                                                 |___/

What is container networking?

██╗    ██╗██╗  ██╗ █████╗ ████████╗    ██╗███████╗    ██╗████████╗██████╗
██║    ██║██║  ██║██╔══██╗╚══██╔══╝    ██║██╔════╝    ██║╚══██╔══╝╚════██╗
██║ █╗ ██║███████║███████║   ██║       ██║███████╗    ██║   ██║     ▄███╔╝
██║███╗██║██╔══██║██╔══██║   ██║       ██║╚════██║    ██║   ██║     ▀▀══╝
╚███╔███╔╝██║  ██║██║  ██║   ██║       ██║███████║    ██║   ██║     ██╗
 ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚═╝╚══════╝    ╚═╝   ╚═╝     ╚═╝

Container networking with Cloud Foundry on cloud.gov is policy-based container networking feature of Cloud Foundry that cloud.gov shipped around the end of July 2018.

Sample application with service discovery

              __                  ____
             /\ \__             /|  _ \
  ___     __ \ \ ,_\   ____     |/\   |
 /'___\ /'__`\\ \ \/  /',__\     \// __`\/\
/\ \__//\ \L\.\\ \ \_/\__, `\    /|  \L>  <_
\ \____\ \__/.\_\ \__\/\____/    | \_____/\/
 \/____/\/__/\/_/\/__/\/___/      \/____/\/


  __
 /\ \
 \_\ \    ___     __     ____
 /'_` \  / __`\ /'_ `\  /',__\
/\ \L\ \/\ \L\ /\ \L\ \/\__, `\
\ \___,_\ \____\ \____ \/\____/
 \/__,_ /\/___/ \/___L\ \/___/
                  /\____/
                  \_/__/

I am going to be going over the Cloud Foundry networking examples provided by the Cloud Foundry community on GitHub

Preparing to push your apps

mkdir -p ~/Developer/cloud.gov/examples/
git clone https://github.com/cloudfoundry/cf-networking-examples
cd cf-networking-examples
export DIR=$(pwd)
cf login -a https://api.fr.cloud.gov --sso
cf target -o sandbox-gsa -s roger.ruiz

Your Cloud Foundry target may vary from mine. I'm using my cloud.gov Sandbox organization and space. We're going to create an examples directory on our local machine and then clone the CF networking examples repository into it. Then after changing into the cf-networking-examples directory, we'll set the $DIR environmental variable to the current working directory.

Deploying the frontend application

cd $DIR/frontend
cf push frontend -n fe-cnd-rsr

Note you'll probably add your own host name as a -n parameter. I'm using an acronym that stands for frontend-catsanddogs-rogersteveruiz, since I'll be typing it.

Use case 1: frontend connects to a single backend

cd $DIR/backend-b
cf push backend-b --no-start -d apps.internal -n beb-cnd-rsr
cf set-env backend-b CATS_PORTS "7007,7008"
cf set-env backend-b UDP_PORTS "9003,9004"
cf start backend-b

Note you'll probably add your own host name as a -n parameter. I'm using an acronym that stands for backend-b-catsanddogs-rogersteveruiz, since I'll be typing it.

Communicating between the apps using TCP

Now let's communicate with the backend-b application from the frontend application.

Type the following in your TCP HTTP Test text box:

beb-cnd-rsr.apps.internal:7007

Note your hostname will probably be different than mine. Change your URL to whatever you see when you run cf app backend-b under routes:.

Allowing access for TCP connections

Without a network policy in place, the request failed. So let's add one. Any SpaceDeveloper on that particular space can add and remove network policies.

cf add-network-policy frontend --destination-app backend-b --port 7007 --protocol tcp

Communicating between the apps using UDP

Now let's communicate with the backend-b application from the frontend application.

Type the following in your UDP HTTP Test text box:

beb-cnd-rsr.apps.internal:9003

Note your hostname will probably be different than mine. Change your URL to whatever you see when you run cf app backend-b under routes:.

Allowing access for UDP connections

Without a network policy in place, the request failed. So let's add one. Any SpaceDeveloper on that particular space can add and remove network policies.

cf add-network-policy frontend --destination-app backend-b --port 9003 --protocol udp

Use case 2: frontend connects to multiple backends

cd $DIR/backend-a
cf push backend-a --no-start -d apps.internal -n bea-cnd-rsr
cf set-env backend-a CATS_PORTS "7007,7008"
cf set-env backend-a UDP_PORTS "9003,9004"
cf start backend-a

Set the network policies for backend-a

cf add-network-policy frontend --destination-app backend-a --port 7007 --protocol tcp
cf add-network-policy frontend --destination-app backend-a --port 9003 --protocol udp

Set the routes up for backend-a and backend-b to use the same internal route

cf create-route roger.ruiz apps.internal --hostname be-cnd-rsr
cf map-route backend-a apps.internal --hostname be-cnd-rsr
cf map-route backend-b apps.internal --hostname be-cnd-rsr

Heavily borrowed and slightly modified from the original documentation found here: https://github.com/cloudfoundry/cf-networking-examples/blob/master/docs/c2c-with-service-discovery.md