k8s network

1 Container network 

Each docker container has its own network spacer; under same hostmachine,  docker container use veth pair to create bridge between docker and host machine.  For containers running in same host, they can talk via layer 2 network ; docerk bridge will behave like layer 2 netowrk sw, and send to target based on ARP table. 

From hostmachine to Container, it need go through docker0 bridge 

From container to another host; docker0 bridget to other network. 

 

2 Container comms in different Host 

UDP  -- Tunnel interface;  Each node has its own container subnet, this subnet config is available in all nodes, so the message can be send/rece within node.  e.g target contaiern 100.96.2.3 , its target node is 10.168.0.4; Flanneld can encap this orginal packet by UDP where UDP source IP is contianer node ip, destingation ip is target container IP; and the message send to port 8285 which will be hanndled by flanneld.

Host gw -- flannel mantain the route table in hostmachine, e.g anyip in 10.244.1.0/24 should go throuth eth0; next hop is 10.168.0.3 (which is the host node of target container). 

Vxlan --    message is send/rece like layer2 frame between different container; the containers in each node is a subnet defined by flannel.

                 <target node IP><vxlan header><target container mac><target container IP>     

                <target container mac> is by APR table when target container started it will send APR

　　　　　　<target node IP>  is managed by Forwarding Database,   e.g target container mac's node IP is 10.168.0.3