Startup SocketPlane is looking to ease the challenges of networking in Docker by proposing a software-defined networking (SDN) solution. SocketPlane believes network overlays are a way to simplify container-to-container communication and add advanced functionality of micro-segmentation (i.e., the ability to filter traffic from node to node regardless of the node’s location in the network) to containers.
Before digging in to SocketPlane’s technology, you should understand the challenges associated with Docker networking.
Docker networking challenges
Docker was originally developed to improve the application development process. Docker allows developers to build an entire multi-tier application on a single Linux workstation without the complexity or overhead of multiple operating system images, as is the case with traditional virtualization. To accommodate the network requirements of this type of environment, Docker leverages simple network architecture.
By default, each Docker container communicates with the host machine via a virtual bridge named Docker0. The virtual bridge handles all communication between the local containers and the host. If a container needs to communicate to an external server such as an internal image repository, the traffic is handled by the local host. The local host will use network address translation (NAT) to forward the traffic to external hosts.
Using the default Docker networking works fine when there isn’t a need to receive traffic from an external host. If an external host needs to initiate communication with a container, a good deal of complexity and effort is required to forward traffic using network sockets. It becomes difficult to scale Docker networking in production environments due to the management overhead.
SocketPlane believes network virtualization resolves these challenges. Instead of connecting to a virtual bridge, each container would connect to an Open vSwitch (OVS) port. Container hosts with OVS running can form a virtual network overlay that would carry traffic destined for any container connected to the network.
Some of the developers behind SocketPlane are initial contributors to OpenDaylight, an open source network controller. As such, SocketPlane leverages the features of OpenDaylight to add services such as micro-segmentation and flow control to Docker containers.
SocketPlane’s technology is still in preview status, though it is available to download and test in a non-production environment. It has a long way to go before reaching production level.
Although SocketPlane is not contributing to production use cases today, it helps in understanding the challenges and the potential solutions to Docker networking.