Re: Meet the new CF container networking stack!

Marco Nicosia

Ok, now I've read it.

Brava, Usha!

Anything that evolves us away from ASG's is a win in my book.

On Monday, November 7, 2016, Usha Ramachandran <uramachandran(a)>

Hello everyone,

A few months ago we shared a vision
for container networking. The container networking team has been hard at
work the past few months executing on that vision.With netman-release
we are excited to introduce the new, pluggable container networking stack
for Cloud Foundry.

netman-release is a Garden-runC add-on that enables direct, policy-driven
container to container communication in Cloud Foundry. While it is not yet
ready for production, we invite you to try it out in development and test
environments and give us feedback!

In case you are wondering how this is different from what we do today -
currently, security policies within Cloud Foundry are provided through Application
Security Groups
<> (ASGs)
which require an application restart to be applied and being simple,
CIDR-based rules are too broad to indicate application intent.

With netman-release you now have the ability to configure granular
application level policies that are applied dynamically without requiring
app restarts. In addition, it is based on the CNI specification
<>, making
it easy to plug in third-party networking stacks.

A blog post with more information will be available shortly. In the
meantime, check out the documentation on Github
<>, give it a try
and give us your feedback in the Cloud Foundry #container-networking
Slack channel or through Github issues or features.


Usha Ramachandran

CF Container Networking PM

Usha Ramachandran | Senior Product Manager | Pivotal Cloud Foundry - San

Marco Nicosia
Product Manager
Pivotal Software, Inc.
c: 650-796-2948

Join to automatically receive all group messages.