The amount of software built from and on top of Docker keeps growing. The folks behind CoreOS, the Linux distribution that uses Docker containers as a fundamental building block, have released Rudder, a way to manage networking between and across Docker containers.
Docker containers deal with networking in a stilted way. Typically, they use a network bridge on the host machine to speak to containers and the outside world, but more advanced networking requires manual tweaking, like the remapping of ports.
More problematic, as Al Tobey of Datastax pointed out in an email, is that Docker containers are assigned network addresses hidden from the network outside of the Docker host machine. "That's not a problem for most applications," he said, "but for those that use the network address for identification, it becomes a problem because by default Docker uses the same range of addresses on every host. There are workarounds, such as using the host operating system's network, but it breaks the sandbox and makes some of Dockers features unavailable."
Rudder tries to solve these problems in a high-level approach. According to the blog post announcement for Rudder, it works under Kubernetes -- Google's Docker-cluster management software -- to ditch port mapping entirely. Each pod, or node in the cluster, is assigned its own IP address, and the containers are networked together via what CoreOS describes as an "overlay mesh network," which provisions a separate subnet to each server.
Tobey likes what he has seen of Rudder so far, noting it has been built on top of etcd, CoreOS's distributed key value store, and uses tunnelling over UDP. "This is the correct choice in my opinion," he wrote, "and should provide acceptable performance even in high-throughput architectures."
CoreOS has performed its own its own network speed tests and determined that while using Rudder adds a bit of network latency, throughput is almost unaffected.
Nishant Patel, CTO of Raw Engineering (creators of the enterprise MBaaS built.io), has looked at Rudder and other SDN options, "though they have not been deployed in our production products as of yet." Raw Engineering ended up using its own communications layer for Docker, but Patel believes Rudder will help make cloud applications more portable, as per Docker itself. "Giving customers a choice of cloud providers is increasingly important," he wrote, "and tools like these make these options much easier to implement."
Tobey echoed this point: "If it works as advertised, the really big innovation/advantage is that it can work on any existing network without changes to that network.... Having a sort of SDN overlay network will let these users create network topologies without changing the physical networks, which ideally leads to faster innovation." He was less confident that network engineers would favor this approach because of the management issues involved, but he hoped that network engineers would "work closer with engineering to support Docker as a first-class entity on the network."
This story, "CoreOS's Rudder steers software-defined networking for Docker," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.