docker-networking

Service Discovery

Internal Load Balancing can be either VIP or DNSRR

Which are configurable at

deploy:

endpoint_mode: vip # or dnsrr where vip is default.

VIP - Powered by IPVS powered by Linux VM

One IP address per service

Conumsers use IPVS to load-balance in the virutal IP

services get a virtual ip address from the docker DNS server and IPVS in linux takes care of load balancing between servers and send to one container.

DNSRR - DNS round robin

- One IP address per container. Powered by DNS server in docker

In DNSRR the service does not have its own virtual IP address, instead DNS servers does the load balancing by getting one of the ip by using a round robin approach. ( to test use dig of service which will return all the service ip of the containers, but vip will return only the service ip)

Note: The DNS server is always at 127.0.0.11

In the absence of the --dns=IP_ADDRESS..., --dns-search=DOMAIN..., or --dns-opt=OPTION... options, Docker uses the /etc/resolv.conf of the host machine (where the docker daemon runs). While doing so the daemon filters out all localhost IP address nameserver entries from the host’s original file.

Filtering is necessary because all localhost addresses on the host are unreachable from the container’s network. After this filtering, if there are no more nameserver entries left in the container’s /etc/resolv.conf file, the daemon adds public Google DNS nameservers (8.8.8.8 and 8.8.4.4) to the container’s DNS configuration.

VIP ISSUES in SUSE

Docker uses the Linux kernel feature IPVS to perform VIP-based load balancing. This kernel module is required to expose services via the Ingress or HRM networks, as well as to allow containers to communicate within an overlay network with VIP based load balancing.

In SUSE Linux Enterprise Server, the IPVS kernel module is not installed by default, so these features will not function if Docker is installed on a SUSE Linux Enterprise Server without action to enable IPVS. In order to install and use IPVS within SLES, it is necessary to purchase the additional High Availability Extension (HAE). With the HAE, it is possible to install the cluster-network-kmp-default and ipvsadm packages required.