Industry standard sFlow is well placed to give network visibility into the Docker infrastructure used to support microservices. The sFlow standard is widely supported by data center switch vendors (Cisco, Arista, Juniper, Dell, HPE, Brocade, Cumulus, etc.) providing a cost effective and scaleable method of monitoring the physical network infrastructure. In addition, Linux bridge, macvlan, ipvlan, adapters described how sFlow is also an efficient means of leveraging instrumentation built into the Linux kernel to extend visibility into Docker host networking.
The following commands build the Host sFlow binary package from sources on an Ubuntu 14.04 system:
sudo apt-get update sudo apt-get install build-essential sudo apt-get install libpcap-dev sudo apt-get install wget wget https://github.com/sflow/host-sflow/archive/v1.29.1.tar.gz tar -xvzf v1.29.1.tar.gz cd host-sflow-1.29.1 make DOCKER=yes PCAP=yes debThis resulting hsflowd_1.29.1-1_amd64.deb package can be copied and installed on all the hosts in the Docker cluster using configuration management tools such as Puppet, Chef, Ansible, etc.
This article will explore the alternative of deploying sFlow agents as Docker containers.
Create a directory for the project and edit the Dockerfile:
mkdir hsflowd
cp hsflowd_1.29.1-1_amd64.deb hsflowd
cd hsflowd
printf "sflow {\n dnssd=on\n pcap { dev = docker0 }\n}" > hsflowd.conf
vi Dockerfile
Add the following contents to Dockerfile:
FROM ubuntu:trusty RUN apt-get update && apt-get install -y libpcap0.8 docker.io ADD hsflowd_1.29.1-1_amd64.deb /tmp RUN dpkg -i /tmp/hsflowd_1.29.1-1_amd64.deb ADD hsflowd.conf /etc/hsflowd.conf CMD /etc/init.d/hsflowd start && tail -f /dev/nullBuild the project:
docker build -t hsflowd .Run the service:
docker run --pid=host --uts=host --net=host \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /sys/fs/cgroup/:/sys/fs/cgroup/:ro -d hsflowdIn this example, DNS Service Discovery (DNS-SD), is being used as the configuration method for the sFlow agents. Adding the following entry to DNS zone file allows the agents to automatically discover the designated sFlow analyzers, analytics1 and analytics2, and configuration parameters:
_sflow._udp 30 SRV 0 0 6343 analytics1 _sflow._udp 30 SRV 0 0 6343 analytics2 _sflow._udp 30 TXT ( "txtvers=1" "sampling=400" "polling=20" )As soon as the container starts, the sFlow agent will make a DNS request to find the sFlow analyzers, which can themselves be packaged as Docker containers. Network and system analytics as a Docker microservice describes how sFlow analytics can be packaged as a RESTful service and integrated with a wide variety of on-site and cloud, orchestration, DevOps and Software Defined Networking (SDN) tools.
Any change to the entries in the zone file will be automatically picked up by the sFlow agents.
The agent has been configured for Docker bridged networking, monitoring traffic through bridge docker0. For macvlan or ipvlan networking, change the pcap setting from docker0 to eth0.
One of the major advantages of packaging the sFlow agents and analytics components as Docker containers is that large scale deployments can be automated using Docker Compose with Swarm, deploying sFlow agents on every node in the Swarm cluster to deliver real-time cluster-wide visibility into the resource consumption and communication patterns of all microservices running on the cluster.
No comments:
Post a Comment