The Fan overlay network for container addresses, from Canonical
Tags: containers , docker , fan , LXC , LXD , networking
Today, Canonical introduces the Fan overlay network system in Ubuntu in test images for Amazon Web Services and Google Compute Engine, delivering the fastest and most scalable address expansion mechanism in the container world. The Fan enables cloud users to grow the number of Docker and LXD containers they can address in a single cloud environment.
“Containers provide dramatically improved performance and density over traditional hypervisors like ESX and KVM,” said Mark Shuttleworth.
Containers come in two complementary forms — full machine containers from LXD and application-centric containers such as Docker or Rocket. Both feature incredible density – Canonical has demonstrated thousands of full Ubuntu machines hosted on a single server using LXD.
The Fan overlay network for containers expands address space 250x on each container host.
Ideally, each individual containers is directly addressable by every other container within a virtual private cloud. A real challenge for large scale container users is that the density of container deployments causes them to run out of addresses very quickly. The Fan is a new approach to solving this, giving any cloud user 250x the number of addresses they would normally have access to in a cloud environment.
The Fan is not a software-defined network, and relies on neither distributed databases nor consensus protocols. Rather, routes are calculated deterministically and traffic carries no additional overhead beyond routine IP tunneling. Canonical engineers have already demonstrated The Fan operating at 5Gpbs between two Docker containers on separate hosts.
Documentation is available in the Fan Networking wiki page. A detailed walk through is found in this blog post and screen cast. An end user manual is available on any Fan-enabled system by typing, ‘man fanctl‘.
What’s the risk of unsolved vulnerabilities in Docker images?
Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.