Isolating applications on weave network

For understanding Weave networks refer previous blog on Weave networks.

A single Weave network can host multiple, isolated applications where each application’s containers are able to communicate with each other, but not with the containers of other applications.

Docker Weawe (1)

To begin isolating an application (or parts of an application),we need to configure Weave Net’s IP allocator to manage multiple subnets.

Configuration

host1$ weave launch --ipalloc-range 10.2.0.0/16 --ipalloc-default-subnet 10.2.1.0/24
host1$ eval $(weave env)
host2$ weave launch --ipalloc-range 10.2.0.0/16 --ipalloc-default-subnet 10.2.1.0/24 $HOST1
host2$ eval $(weave env)

Next, launch two Ubuntu containers in default subnet i.e 10.2.1.0/24

host1$ docker run --name a1 -ti ubuntu:trusty
hos21$ docker run --name a2 -ti ubuntu:trusty

And now to test the isolation, launch two more containers onto a different subnet e.g. 10.2.2.0/24

host1$ docker run -e WEAVE_CIDR=net:10.2.2.0/24 --name b1 -ti ubuntu:trusty
hos21$ docker run -e WEAVE_CIDR=net:10.2.2.0/24 --name b1 -ti ubuntu:trusty

Testing

Attach to a1 and ping a2. You will be able to ping a2 successfully, but b1 or b2 will not be reachable from a1.

Similarly test for b1.

Tags: , , , , , ,

No comments yet.

Leave a Reply