{"id":13647179,"url":"https://github.com/mhausenblas/cn-ref","last_synced_at":"2025-04-12T18:08:23.797Z","repository":{"id":140043576,"uuid":"127515934","full_name":"mhausenblas/cn-ref","owner":"mhausenblas","description":"A collection of tools and references around container networking","archived":false,"fork":false,"pushed_at":"2018-04-02T10:46:28.000Z","size":547,"stargazers_count":78,"open_issues_count":0,"forks_count":12,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-12T18:04:56.494Z","etag":null,"topics":["containers","docker","kubernetes","linux","network","networking","reference"],"latest_commit_sha":null,"homepage":"http://mhausenblas.info/cn-ref/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhausenblas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-03-31T08:55:37.000Z","updated_at":"2025-03-01T11:38:03.000Z","dependencies_parsed_at":"2024-01-14T10:01:23.508Z","dependency_job_id":"3e16f75b-9596-4f5f-a734-799fe9e2ff5c","html_url":"https://github.com/mhausenblas/cn-ref","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhausenblas%2Fcn-ref","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhausenblas%2Fcn-ref/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhausenblas%2Fcn-ref/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhausenblas%2Fcn-ref/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhausenblas","download_url":"https://codeload.github.com/mhausenblas/cn-ref/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248610345,"owners_count":21132921,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","docker","kubernetes","linux","network","networking","reference"],"created_at":"2024-08-02T01:03:22.923Z","updated_at":"2025-04-12T18:08:23.772Z","avatar_url":"https://github.com/mhausenblas.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# Container Networking Reference\n\nA collection of tools and references around container networking accompanying my O'Reilly book _Container Networking_.\n\n- [Networking 101](#networking-101)\n- [Linux kernel](#linux-kernel)\n- [Docker](#docker)\n- [Kubernetes](#kubernetes)\n  - [Official documentation](#official-documentation)\n  - [3rd-party articles](#3rd-party-articles)\n- [Tooling](#tooling)\n  - [SDN](#sdn)\n  - [DNS](#dns)\n  - [Proxies and load balancers](#proxies-and-load-balancers)\n  - [Ingress and gateways](#ingress-and-gateways)\n  - [Service Meshes](#service-meshes)\n  - [Other](#other)\n\n---\n\n![Container Networking book cover](img/cn-book.png)\n\n## Networking 101\n\n- [Network Protocols](https://www.destroyallsoftware.com/compendium/network-protocols?share_key=97d3ba4c24d21147) Programmer's Compendium\n- [Demystifying container networking](http://blog.mbrt.it/2017-10-01-demystifying-container-networking/) by Michele Bertasi\n- [An Empirical Study of Load Balancing Algorithms](http://liblb.com/learn.html)\n\n## Linux kernel\n\n- [The History of Containers](http://red.ht/1mCDpJU)\n- [A history of low-level Linux container runtimes](https://opensource.com/article/18/1/history-low-level-container-runtimes)\n- [Networking in Containers and Container Clusters](http://wiki.iptables.org/pablo/netdev0.1/papers/Networking-in-Containers-and-Container-Clusters.pdf)\n- [Anatomy of a Container: Namespaces, cgroups \u0026 Some Filesystem Magic](http://bit.ly/1SAn4RU) - LinuxCon\n- [Network namespaces](https://lwn.net/Articles/219794/)\n- [Network classifier cgroup](https://www.kernel.org/doc/Documentation/cgroup-v1/net_cls.txt)\n- [Exploring LXC Networking](http://bit.ly/1kMA2hE)\n- [IPv6 and Containers: Why We Can't Have Nice Things (And How We Can)](https://www.youtube.com/watch?v=eF50OxZ5u4o)\n\n## Docker\n\n- [Docker Networking](http://bit.ly/1JXWf2R)\n- [Concerning Containers’ Connections: on Docker Networking](http://bit.ly/1JXWfjl)\n- [Unifying Docker Container and VM Networking](http://bit.ly/1JuCDs5)\n- [Letting Go: Docker Networking and Knowing When Enough Is Enough](http://bit.ly/1TEXFVr)\n- [The Tale of Two Container Networking Standards: CNM v. CNI](http://www.nuagenetworks.net/blog/container-networking-standards/)\n\n## Kubernetes \n\n### Official documentation\n\n- [Networking design](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/network/networking.md)\n- [Services](https://kubernetes.io/docs/concepts/services-networking/service/)\n- [Administration—Cluster Networking](https://kubernetes.io/docs/concepts/cluster-administration/networking/)\n- [Provide Load-Balanced Access to an Application in a Cluster](https://kubernetes.io/docs/tasks/access-application-cluster/load-balance-access-application-cluster/)\n- [Create an External Load Balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/)\n- [DNS for Services and Pods](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/)\n- [Kubernetes DNS-Based Service Discovery](https://github.com/kubernetes/dns/blob/master/docs/specification.md)\n- [Kubernetes DNS example](https://github.com/kubernetes/examples/blob/master/staging/cluster-dns/README.md)\n[Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)\n- [Issue 44063](https://github.com/kubernetes/kubernetes/issues/44063): Implement IPVS-based in-cluster service load balancing\n\n### 3rd-party articles\n\n- [Deep Dive Envoy and Istio Workshop](http://blog.christianposta.com/microservices/deep-dive-envoy-and-istio-workshop/) by Christian Posta \n- [Getting started with Conduit - lightweight service mesh for Kubernetes](https://abhishek-tiwari.com/getting-started-with-conduit-lightweight-service-mesh-for-kubernetes/) by Abhishek Tiwari\n- [Ingress survey 2018](https://github.com/bowei/k8s-ingress-survey-2018) by SIG Network\n- [Kubernetes Services By Example](https://blog.openshift.com/kubernetes-services-by-example/)\n- [Tutorials and Recipes for using Kubernetes Network Policies feature](https://github.com/ahmetb/kubernetes-network-policy-recipes) by Ahmet Alp Balkan\n- [Data and analysis of the Kubernetes Ingress survey 2018](https://github.com/bowei/k8s-ingress-survey-2018) by the Kubernetes SIG Network\n- [Kubernetes Networking 101](https://www.slideshare.net/weaveworks/kubernetes-networking-78049891) by Bryan Boreham of WeaveWorks\n- [Illustrated Guide To Kubernetes Networking](https://speakerdeck.com/thockin/illustrated-guide-to-kubernetes-networking) by Tim Hockin of Google\n- [The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking](https://www.youtube.com/watch?v=H5Zl_kDOwBU) by Gerard Hickey (KubeCon 2017, Austin) \n- Blog post series by Mark Betz:\n  - [Understanding kubernetes networking: pods](https://medium.com/google-cloud/understanding-kubernetes-networking-pods-7117dd28727)\n  - [Understanding kubernetes networking: services](https://medium.com/google-cloud/understanding-kubernetes-networking-services-f0cb48e4cc82)\n  - [Understanding kubernetes networking: ingress](https://medium.com/google-cloud/understanding-kubernetes-networking-ingress-1bc341c84078)\n- [Understanding CNI (Container Networking Interface)](http://www.dasblinkenlichten.com/understanding-cni-container-networking-interface/) by Jon Langemak\n- [Operating a Kubernetes network](https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/) by Julia Evans\n- [The Service Mesh: Past, Present, and Future](https://www.youtube.com/watch?v=2trOvMUuLkk) by William Morgan (KubeCon 2017, Austin)\n- [Meet Bandaid, the Dropbox service proxy](https://blogs.dropbox.com/tech/2018/03/meet-bandaid-the-dropbox-service-proxy/) by Dmitry Kopytkov\n- [Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what?](https://medium.com/google-cloud/kubernetes-nodeport-vs-loadbalancer-vs-ingress-when-should-i-use-what-922f010849e0) by Sandeep Dinesh\n- [OpenShift custom router with TCP/SNI support](https://blog.zhaw.ch/icclab/openshift-custom-router-with-tcpsni-support/)\n\n## Tooling\n\n### SDN\n\n- [canal](https://github.com/projectcalico/canal): policy-based networking for cloud native applications (see also Project Calico)\n- [Cilium](https://github.com/cilium/cilium): secure network connectivity and loadbalancing based on BPF\n- [Contiv](http://contiv.github.io/): unifies containers, VMs, and bare metal with a single networking fabric\n- [Contrail](https://www.juniper.net/us/en/products-services/sdn/contrail/contrail-networking/): commercial SDN by Juniper (see also Tungsten Fabric)\n- [flannel](https://coreos.com/flannel/docs/latest/): virtual network that gives a sub-net to each host for use with a container runtime\n- [Open vSwitch](http://openvswitch.org/): multilayer virtual switch supporting standards such as NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag\n- [OpenVPN](https://openvpn.net/): open source VPN\n- [Project Calico](http://www.projectcalico.org/): provides secure network connectivity by managing a flat layer 3 network, using IP-in-IP tunneling or overlays such as flannel\n- [Tungsten Fabric](https://tungstenfabric.io/): network virtualization for providing connectivity and security for virtual, containerized or bare-metal workloads\n- [Weave Net](https://www.weave.works/oss/net/): cloud native networking toolkit that creates virtual networks, enables automatic discovery and offers DNS, IPAM, and a distributed virtual firewall\n\n### DNS\n\n- [CoreDNS](https://coredns.io/): a DNS server written in Go\n- [kubernetes-incubator/external-dns](https://github.com/kubernetes-incubator/external-dns): configure external DNS servers (AWS Route53, Google CloudDNS and others) for Ingresses and services\n- [Kubernetes DNS](https://github.com/kubernetes/dns): part of Kubernetes proper, schedules a DNS pod and service, and configures the `kubelet`s to tell individual containers to use the DNS Service’s IP to resolve DNS names\n- [SkyDNS](https://github.com/skynetservices/skydns): a distributed service for announcement and discovery of services built on top of etcd\n- [WeaveDNS](https://www.weave.works/docs/net/latest/tasks/weavedns/weavedns/): a DNS server answering name queries on a Weave network\n\n### Proxies and load balancers\n\n- [coreos/corelb](https://github.com/coreos/corelb): a loadbalancer built on coreinit and NGINX\n- [Envoy](https://www.envoyproxy.io/): cloud-native proxy supporting HTTP/2 and gRPC\n- [HAProxy](http://www.haproxy.org/): load balancing and proxying for TCP and HTTP-based apps\n- [kube-proxy](https://kubernetes.io/docs/reference/generated/kube-proxy/): Kubernetes built-in East-West traffic service proxy (managing IPtables entries)\n- [MetalLB](https://metallb.universe.tf/): a load-balancer implementation for bare metal Kubernetes clusters using ARP, NDP, or BGP.\n- [NGINX Reverse Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/): configuring NGINX as a reverse proxy\n- [Træfik](https://traefik.io/): a HTTP reverse proxy and load balancer\n\n### Ingress and gateways\n\n- [Ambassador](https://www.getambassador.io/): a Kubernetes-native API gateway built on Envoy\n- [Contour](https://github.com/heptio/contour): a Kubernetes Ingress controller for Envoy\n- [coreos/alb-ingress-controller](- https://github.com/coreos/alb-ingress-controller\n): a Kubernetes Ingress Controller for AWS ALB \n- [kube-router](https://www.kube-router.io/): IPVS-based service proxy, Network Policy  controller\n- Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) controllers:\n  - [kubernetes/ingress-gce](https://github.com/kubernetes/ingress-gce/)\n  - [kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx)\n  - [nginxinc/kubernetes-ingress](https://github.com/nginxinc/kubernetes-ingress)\n  - [zlabjp/nghttpx-ingress-lb](https://github.com/zlabjp/nghttpx-ingress-lb)\n\n### Service Meshes\n\n- [Conduit](https://conduit.io/): an ultralight service mesh for Kubernetes\n- [Istio](https://istio.io/): an open platform to connect, manage, and secure microservices\n- [Linkerd](https://linkerd.io/): a transparent proxy to be deployed as a service mesh\n\n\n### Other\n\n- [controlplaneio/netassert](https://github.com/controlplaneio/netassert): network security testing \n- [coreos/go-iptables](https://github.com/coreos/go-iptables): Go bindings for IPtables\n- [coreos/matchbox](https://github.com/coreos/matchbox): network boot and provision Container Linux clusters\n- [jetstack/cert-manager](https://github.com/jetstack/cert-manager/): automatically manage TLS certificates in Kubernetes\n- [Skydive](http://skydive-project.github.io/skydive/): real-time network topology and protocols analyzer\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhausenblas%2Fcn-ref","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhausenblas%2Fcn-ref","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhausenblas%2Fcn-ref/lists"}