Docker Expands Container Networking Capabilities
The libnetwork technology now provides container users with a core set of capabilities to enable networking.
When Docker 1.0 debuted in June 2014, it was missing a key feature: fully integrated networking that works. In June 2016, networking in Docker containers is a very different story, with a host of new capabilities now present in the Docker 1.12 milestone, which was officially released last week.
At the core of Docker's networking capabilities is the libnetwork stack, which first debuted in the Docker 1.7 release in June 2015 and became fully integrated in the Docker 1.9 update. Libnetwork is based on technology built and since expanded by SocketPlane, a company that Docker acquired in March 2015.
At Dockercon 16 last week, Madhu Venugopal, Senior Director of Networking at Docker Inc., and formerly the founder and CEO of Socketplane, detailed the current status of Docker networking in a press and analyst only session, as well as in a general session at the conference.
"Networking is an inherent requirement of distributed applications," Venugopal said. "Distributed apps require portability, security, scalability and performance."
Venugopal added that every networking stack is different, incorporating various operating systems and cloud providers, and getting networking to work across all the different stacks is often difficult. While Software Defined Networking (SDN) approaches have been seen by some as a way deal with networking complexity, Venugopal worries that a SDN doesn't scale. In his view, fully distributed apps need a completely decentralized approach to networking that doesn't rely on an external controller for management.
From an architecture perspective, Docker's networking approach is built around what Venugopal referred to as the Container Networking Model (CNM). CNM involves three core elements: the endpoint, the network and the sandbox. The endpoint is the network interface for communication over a specific network. The network is defined as a unique group of endpoints that communicate with each other. Finally, the sandbox is an isolated environment where the network configuration for a container lives.
The libnetwork approach inside of Docker makes use of many existing Linux kernel networking libraries that are typically present on host machines. The way Docker works is that it sits on top of a host operating system, which is usually Linux and unlike a traditional hypervisor, does not require a full operating system of its own.
"Every container can talk to the network using the simple primitives that the Linux kernel provides," Venugopal explained.
Venugopal noted that libnetwork itself isn't just a driver interface for other networking technologies to plug into. In terms of Linux kernel networking technology, Venugopal explained that by default, libnetwork makes use of Linux-Bridge and IPtables. Libnetwork provides built-in IP address management, native multi-host networking, and native service discovery, and it defines the Container Networking Model itself as well.
Additionally, as of the Docker 1.12 release, Docker now integrates native load balancing, also pulled in from the Linux kernel, by way of the IPVS (IP virtual server) technology that has been part of Linux since the Linux 2.4 kernel.
Docker 1.12 now also benefits from a routing mesh powered by the Gossip protocol. Also new in Docker 1.12 is macvlan capability, which enables a Docker engine to more easily join an existing physical or virtual network.
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.