Skip to content

Instantly share code, notes, and snippets.

@StevenACoffman

StevenACoffman/Comparison of multi-host Docker networking.md

Last active June 27, 2022 09:14
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save StevenACoffman/5df5a7d7606ec77b0de71a40ebf5af06 to your computer and use it in GitHub Desktop.
Save StevenACoffman/5df5a7d7606ec77b0de71a40ebf5af06 to your computer and use it in GitHub Desktop.
Download ZIP
Comparison of multi-host Docker networking
Raw
Comparison of multi-host Docker networking.md

Docker Networking Star History

Calico Flannel Weave Docker Overlay Network
Network Model Pure Layer-3 Solution VxLAN or UDP Channel VxLAN or UDP Channel VxLAN
Application Isolation Profile Schema CIDR Schema CIDR Schema CIDR Schema
Protocol Support TCP, UDP, ICMP & ICMPv6 ALL ALL ALL
Name Service No No Yes No
Distributed Storage Requirements Yes Yes No Yes
Encryption Channel No TLS NaCl Library No
Partially Connected Network Support No No Yes No
Seperate vNIC for Container No No Yes yes
IP Overlap Support No Maybe Maybe Maybe
Container Subnet Restriction No No Yes, configurable after start Yes, not configurable after start
  • Network Model - What kind of network model are used to support multi-host network.
  • Application Isolation - Support what level and kind of application isolation of containers.
  • Name Service - DNS lookup with simple hostname or DNS rules.
  • Distributed Storage Requirements - Whether an external distributed storage is required, e.g. etcd or consul.
  • Encryption Channel - Whether data and infomation tranvers can put in an encryption channel.
  • Partially Connected Network Support - Whether the system can run on a partially connected host network.
  • Seperate vNIC for Container - Whether a seperate NIC is generated for container.
  • IP Overlap Support - Whether the same IP can be allocated to different containers.
  • Container Subnet Restriction - Whether container's subnet should not be the same as host's.
  • Protocol Support - What kind of Layer-3 or Layer-4 protocols are supported.

From this analysis

More articles:

From the latter article by Lee Calcote:

Canal Strengths:

  • Overlay
  • Security Policy

Flannel Strengths:

  • Overlay
  • Simple
  • Well-tested / mature

Weavenet:

  • Multicast
  • Built-in name service
  • Buil-in K/V Store

Project Calico Strengths:

  • L3 Networking
  • Security Policy
  • Broadest ecosystem support

Giant Spreadsheet

Raw
Velocity_2017__The_Over-Under_on_Container_Networking__Slides2.png
Raw
Velocity_2017__The_Over-Under_on_Container_Networking__Slides3.png
Raw
Velocity_2017__The_Over-Under_on_Container_Networking__Slides1.png
Velocity_2017__The_Over-Under_on_Container_Networking__Slides1.png
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment