libnetwork

An overlay network

Docker's overlay network driver supports multi-host networking natively out-of-the-box. This support is accomplished with the help of libnetwork, a built-in VXLAN-based overlay network driver, and Docker's libkv library.

The overlay network requires a valid key-value store service. Currently, Docker's libkv supports Consul, Etcd, and ZooKeeper (Distributed store). Before creating a network you must install and configure your chosen key-value store service. The Docker hosts that you intend to network and the service must be able to communicate.

Each host in the network must run a Docker Engine instance. The easiest way to provision the hosts are with Docker Machine.

You should open the following ports between each of your hosts.

Your key-value store service may require additional ports. Check your vendor's documentation and open any required ports.

Once you have several machines provisioned, you can use Docker Swarm to quickly form them into a swarm which includes a discovery service as well.

To create an overlay network, you configure options on the daemon on each Docker Engine for use with overlay network. There are three options to set:

--cluster-store=PROVIDER://URL

--cluster-advertise=HOST_IP|HOST_IFACE:PORT

--cluster-store-opt=KEY-VALUE OPTIONS

Create an overlay network on one of the machines in the Swarm.

$ docker network create --driver overlay my-multi-host-network

This results in a single network spanning multiple hosts. An overlay network provides complete isolation for the containers.

Then, on each host, launch containers making sure to specify the network name.

$ docker run -itd --net=my-multi-host-network busybox

Once connected, each container has access to all the containers in the network regardless of which Docker host the container was launched on.