Recently we fiddled with several of the network settings in native Docker and put together a survey presentation. It feels fascinating to realize that overlay networking is being revisited once again in the context of containers/Docker.
For those not familar with Docker, it is sufficient to understand that Docker is an easy way to rollout applications within Linux containers and manage their configurations in a portable fashion. While the LXC technology does not provide the resource level isolation that virtual machines (VM) had with the hypervisor, it provides isolation that may be sufficient for the majority of the applications, especially in enterprise infrastructure.
Today, Docker picks Linux bridge as the default network for each spawned container and allocates a static IP address from a default range. The container traffic is then NAT’ed through the host network. This is what one would have if you spawn VMs with KVM or VirtualBox on your laptop. As container usage gets more complicated to span multiple hosts, multiple application tiers and multiple datacenters, we need good underlying plumbing and well understood abstractions
It is certainly possible to use same networking principles as was used with VMs, or adopt a clean slate thinking for container communication. In the VM world, each individual entity was addressable by a MAC/IP address combination. In the container world, however, it is possible that the containers are not individually addressable, and share the host network or use other means for communicating (e.g., Unix domain sockets).
While the technology and mode of plumbing is up for debate, some of the abstractions will still work in the container space. The foremost of that is network virtualization, the act of decoupling the application’s virtual network from the underlying physical network. This abstraction brings in modularity in deployment, portability of groups of containers, access control across application boundaries, and plumbing for virtual network services. We need that in the container world too.