Re: Proposal: container networking for applications

Jason Sherron

Hi everyone,

Are there any remaining comments or concerns on the container networking
proposal that need to be addressed before we launch the effort in earnest?
We made minor edits to clarify some of the implementation phases but
overall the spirit of the document is unchanged. Last call is Jan 3. Thanks.


On Thu, Dec 3, 2015 at 10:02 AM, Jason Sherron <jsherron(a)>

Hi, CF-dev community members!

Our cross-company team is happy to present a proposal to support direct
container-to-container networking and communication. We aim to provide
value to developers and admins by enabling new capabilities while providing
network access controls, and by providing first-class network-operations

The problems
- The current network implementation in Cloud Foundry restricts
developers and admins from secure, performant network communications
directly between containers. To support new service architectures,
customers often need fast, direct container-to-container communication
while maintaining granular control of network security in CF.
- Physical network configuration is inflexible with one addressing and
routing topology, while customers are demanding support for a variety of
network configurations and virtualization stacks, often driven by security
and IT standards.

The proposal
We propose an improved container networking infrastructure, rooted in two
principles: declarative network policy, and modular network topology. Our
goal is to allow developers and admins to define container-to-container
network graphs that make sense for their business in a high-level,
build-time manner, and then mapping that logical topology onto supported
network stacks, enabled by the modular network capabilities in libnetwork
from the Docker project.

Help wanted
We specifically request feedback on potential service discovery
mechanisms to support this container-to-container capability. As containers
and microservices gain the ability to communicate directly, how should they
locate their peers or each other?

We invite your comments on all aspects of the proposal, here and in the

Jason Sherron on behalf of the working group

Join { to automatically receive all group messages.