Re: Proposal: container networking for applications

Mike Youngstrom <youngm@...>

BTW, if you have an application that relies upon the "CF_INSTANCE_ADDR",
"CF_INSTANCE_IP", or "CF_INSTANCE_PORTS" environment variables for direct
communication between apps not in the same space or not in CF at all the
implementation of this proposal will break you.

That was a bit of a surprise to me when I read the proposal so I thought
I'd call it out for those who might not have noticed.

Otherwise it a really nice feature I'm excited for.


On Tue, Dec 29, 2015 at 10:17 AM, Jason Sherron <jsherron(a)> wrote:

Hi everyone,

Are there any remaining comments or concerns on the container networking
proposal that need to be addressed before we launch the effort in earnest?
We made minor edits to clarify some of the implementation phases but
overall the spirit of the document is unchanged. Last call is Jan 3. Thanks.


On Thu, Dec 3, 2015 at 10:02 AM, Jason Sherron <jsherron(a)>

Hi, CF-dev community members!

Our cross-company team is happy to present a proposal to support direct
container-to-container networking and communication. We aim to provide
value to developers and admins by enabling new capabilities while providing
network access controls, and by providing first-class network-operations

The problems
- The current network implementation in Cloud Foundry restricts
developers and admins from secure, performant network communications
directly between containers. To support new service architectures,
customers often need fast, direct container-to-container communication
while maintaining granular control of network security in CF.
- Physical network configuration is inflexible with one addressing and
routing topology, while customers are demanding support for a variety of
network configurations and virtualization stacks, often driven by security
and IT standards.

The proposal
We propose an improved container networking infrastructure, rooted in
two principles: declarative network policy, and modular network topology.
Our goal is to allow developers and admins to define container-to-container
network graphs that make sense for their business in a high-level,
build-time manner, and then mapping that logical topology onto supported
network stacks, enabled by the modular network capabilities in libnetwork
from the Docker project.

Help wanted
We specifically request feedback on potential service discovery
mechanisms to support this container-to-container capability. As containers
and microservices gain the ability to communicate directly, how should they
locate their peers or each other?

We invite your comments on all aspects of the proposal, here and in the

Jason Sherron on behalf of the working group

Join to automatically receive all group messages.