Weave project knits together networks for Docker containers

Weave promises networking to fit Docker applications, rather than forcing admins to configure networks to accommodate Docker

One side effect of the explosive popularity of the Docker app-container project is how quickly people have learned its limitations -- especially networking. The way Docker containers talk to each other and to the outside world has long been a messy business.

The Weave project, created by Zett.io, is meant to address Docker's networking issue by providing Docker containers -- even those deployed across multiple hosts -- with a single virtual network.

Weave's network, as explained on its GitHub page, allows containers to all behave as if they were connected to the same physical network switch. That virtual switch provides connectivity to the outside world as well as to select resources -- file systems, databases, and so on.

Containers don't need to have their port mappings or other network settings changed, and the Weave network is also designed to operate across firewalls or on "partially connected networks." (According to InfoQ, the only external connectivity required for Weave is TCP and UDP traffic across port 6783.) Also, individual applications can be provided with their own subnets, so the containers for a given app can talk to each other but not to other apps' containers.

When asked how Weave will spur adoption of Docker, Alexis Richardson, CEO of Zett.io, co-founder of Weave and co-creator of the RabbitMQ messaging queue system, summed it up in three points: It solves the problem of Docker networking; it provides a strong feature set with security, resilience, and multicloud support; and it requires little effort to get up and running.

"Weave makes the network fit the application, not the other way round," Richardson wrote in an email. "Weave is engineered to be completely natural and easy to Docker users. And it does not require developers to relearn networking or use new tooling."

Some of the ways Weave works are reminiscent of another Docker networking project, Rudder, created by CoreOS (a Docker-powered Linux distribution). Rudder provides what's described as an "overlay network" for Docker containers, although the way it's built is intended most directly to complement CoreOS and some of its allied projects -- for example, Kubernetes.

When asked about the differences between Weave and Rudder, Richardson replied that Weave "always keeps application and network topology aligned, even when you move containers around, e.g., across clouds and data centers. This greatly reduces management and configuration overheads, and enables app owners to focus on app design without deployment getting in the way." He also claimed that Weave has built-in security features -- mainly, encryption of traffic between containers across untrusted networks -- whereas Rudder alone does not.

Docker's relative youth means it's likely we'll see any number of different solutions for the way Docker networking operates. One of Docker's own engineers, Jérôme Petazzoni, has a solution called Pipework that works with Linux containers generally and Docker in particular.

Whether any of those projects will be used in a future revision of Docker is likely to hinge most directly on which one of them achieves the broadest uptake. That process might be further complicated by the likes of CoreOS, where the networking solution in question is part and parcel of a specific approach to Docker -- one that not everyone will want to use.

This article, "Weave project knits together networks for Docker containers," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Copyright © 2014 IDG Communications, Inc.

InfoWorld Technology of the Year Awards 2023. Now open for entries!