Richard Bucker

weave.net or flannel?

Posted at — Mar 24, 2016

Weave offers a number of projects all related and meant to integrate nicely. The basic service is intra and extra spanning private networks between Docker containers in node(s). This article indicates that rkt is also supported. Weave’s killer feature is their scope app which is a container visualization and portal. (as portals go the tool bypasses all authentication and that might not be a good thing) One missing feature here is that weave’s DNS is not available to the node; only the containers.Flannel implements a similar network model, however, there is no DNS and there is no visualization unless the later is part of their paid offering. I’ve had a lot of good luck with flannel and the one thing I like is that it looks and feels a lot like CoreOS' other tools and so administration feels consistent.While Flannel is experimenting on multiple networks it is experimental and not working in the most useful edge cases.problem 1:Container network and DNS design is no different than previous virtual guest OS' and domain 0 hosts. Weave’s DNS seems limited to the containers and not the node.problem 2:Weave does not mention multi networking at allproblem 3:scope bypasses securityproblem 4:rebooting/restarting weave can severely cripple weave.net requiring a full service restartSolution:One solution I like is using skyDNS when containers register. The challenge here is naming container properly so they cooperate. Installing an haproxy instance on every node probably does not require a general purpose hostname unless I’m deploying some sort of round robin strategy and in that case the DNS records would be different. Still a better solution.