Zettio Releases Weave for Docker Networking
Weave is an overlay networking system for Docker containers. Whilst Docker can already link containers on a single host, Weave provides connectivity for containers that are spread across multiple hosts. It has been released under the Apache 2 open source license by Zettio, a new company targeting 'apps for the zettabyte era' founded by RabbitMQ creators Alexis Richardson and Matthias Radestock.
Richardson says ‘Weave makes the network fit the application, not the other way round’. He goes on to state:
We believe that application developers should be able to take advantage of new deployment technologies, like containers, without having to change how they work. Networking is a big part of that. Weave embeds a software defined network at the container level, so that applications and networks automatically share a common topology, and this is a great way to achieve consistency and scale.
The system consists of two components:
- Weaver - a virtual network switch and router implemented in Go that runs within a Docker container on each networked host.
- Weave - a script that wraps the Docker command line in order to start Weaver, connect containers to the Weave virtual network, and assign IP addresses to them.
The overlay network requires TCP and UDP connectivity on port 6783. Once that is established it is able to span across clouds and data centres. Weave is also able to route between containers on hosts that aren’t directly reachable provided that there is a path through an intermediate Weave node. The system is also able to provide on and off ramps (using iptables rules) between local network services and the overlay network.
Weave is described as ‘a giant Ethernet switch to which all the containers are connected’, but it also includes some aspects of routing. At present the system only supports IPv4, with IPv6 support on the wish list of future features. The team are also looking at how to implement DHCP and DNS like features so that users don’t have to manually manage IP address allocation for each of their containers.
The Weave network can be encrypted by supplying an optional password. It’s also possible to isolate different groups of interconnected containers running on a Weave overlay network by making use of subnets (as the use of VLAN tags for isolation isn't supported). Within each container Weave presents an ‘ethwe’ interface. By default that interface is in addition to the regular eth0 interface created by Docker and attached to the docker0 bridge on the host (though that can be turned off by passing the ‘--net=none’ option).
Weave continues the trend of layering in virtual networks, where one type of overlay (for example a hypervisor based network such as VMware’s NSX) can then become the ‘underlay’ for another virtual network (such as ‘top of cloud’ user managed networks running in virtual machines that combine network functions virtualisation [NFV] with software defined networking [SDN]). It also simplifies the process of connecting containers together versus using open source tools such as Open vSwitch (OVS) or the Linux kernel implementation VXLAN, and replaces some of the plumbing offered by systems such as Docker Inc’s Jérôme Petazzoni’s Pipework.