Understanding pod-to-pod networking
Civo Academy - Pod-to-Pod Networking in Kubernetes
Description
Learn about pod-to-pod networking in Kubernetes, including the use of a Linux bridge and the ARP protocol to allow communication between pods.
Transcription
Introduction
In this video, we'll talk about pod-to-pod networking in Kubernetes. In our previous video, we understood that to talk between containers, we need to have a shared network namespace, but let's look at what happens to talk between pods.
How does pod-to-pod networking take place?
Let's start by expanding our example and applying a second pod to our virtual machine, and it looks a little bit like this. Both the pods have their own unique pod network namespaces, and both have to share the root network namespace. However, this is where the root network namespace plays a much larger role. The first thing that's going to happen that you'll notice that is a change is that we're going to have a new type of device added. And this is called a veth pair. A veth pair is a virtual ethernet device that can be used like a patch cable to connect two different network spaces together. So I can have veth0 on the root network namespace, and I can have veth1 representing my second pod on the root network namespace, and this can go on for as many pods as you have running on your host.
At this point, if I wish to send data between the two pods from one container to another, I still need to have a few more components. One of these is the L3 virtual Linux switch called a Linux bridge. The Linux bridge exists on the host as part of the root network namespace. It serves the purpose of inspecting the data frames from the incoming packets from the container and forwarding them to the correct address. Let's talk about that because there's a lot to decompress there. When this container wishes to look up the IP address of the adjacent pod to which it's connecting, the first thing that happens is it hits the ethernet connection, which goes through the veth pair. The veth pair then hits the bridge.
At this point, the bridge will decapsulate the packet. Then, it will look at the data frame to inspect the target IP address and check to see if an IP address corresponds to a MAC address in its lookup table. As discussed in previous videos, the MAC address will be bound to a network interface. If it finds a receiver on this network namespace that matches the target, it will send on the forwarded data and add the MAC address if it doesn't exist. The way that it adds the MAC address is that it will perform a broadcast to every device on this network. Again, this is using the ARP protocol.
The ARP protocol will ask every device, and whoever responds will be assigned the MAC address bound to the IP address on the incoming data frame. This explains how you can communicate between pods in Kubernetes using their IP addresses. In the following video, we'll look at what happens when you want to communicate with a pod outside the same virtual machine. Thank you.