Since the project started in 2014, Weave Net has grown in capability and maturity, added features and improved performance.
Weave Net is evolving into a powerful Cloud Native Networking Toolkit. Much more than a virtual network for Docker containers; it has subsystems and sub-projects that provide DNS, IPAM, a distributed virtual firewall and more.
The core system is still the virtual, or software defined, network (SDN) for Docker Containers. It provides each container with one (or more) network interfaces and IP address(es) and establishes routes between them and the outside world.
Easy, Fast and Scalable
Weave Net is aimed primarily at smoothing the experience of a developer creating an application. Typically such an application will run on a networked cluster of containers, possibly using an orchestrator. Any developer can set this up and manage it without needing “enterprise operator” levels of knowledge. Setting up lots of independent and isolated networks needs to be trivial, and not always require discussions with operations teams.
Weave Net is incredibly easy to use. The architectural choices we made mean that Net doesn’t depend on an external configuration service for coordination and storage that must be highly available and ready to use before any Weave Net peer is started, or quorate to maintain service.
Configuring Weave Net peers at startup, (or afterwards for nodes that join an existing cluster), is as simple as passing the IP of some of the other peers in the cluster. Each peer gossips with the others, sharing knowledge of the connected cluster members and then opens direct connections to each new peer it discovers.
This radically simplifies the deployment and management of the infrastructure, which in turn makes life easier for you, the user.
Value added services
Weave Net combines many network level functions into one package.
Each peer gossips DNS record information and runs a local DNS server – so if the underlying network itself is experiencing problems, services running in containers on the same host (or hosts that are still connected) can discover and communicate with each other. Another advantage when every host runs a DNS server, is that lookups are always local – giving great performance. Weave DNS can also be used to create a simple and intuitive Service Discovery mechanism – ideal on container services like Amazon ECS.
Net intelligently switches between routing modes and paths to ensure that traffic gets delivered successfully, with the lowest latency, using a model similar to the one used by Internet traffic routers.
Net’s complete control over the routing of packets sent to and from containers on its network means we can even support UDP Multicast on underlying networks that do not support it.
Resilience & scaling
Net has three routing mechanisms. The original implementation, we call ‘sleeve’, uses a simple UDP encapsulation protocol implemented in the router; Fast Datapath uses an Open vSwitch function called VXLAN that is part of the Linux kernel – it’s considerably faster than sleeve and offers close to native networking performance. If the VXLAN can’t traverse the route, Net falls back to using sleeve. The last mechanism is Amazon specific, it connects containers directly to the AWS virtual network and offers native networking speeds with the tradeoff that it’s limited to the number of routes supported in VPC.
Weave’s mesh architecture and gossip protocol are key to its resilience and ability to tolerate, then heal after, network partitions. Each peer retains a full copy of the membership and will find and reconnect to peers as they begin to rejoin the cluster. If a Weave peer is configured as part of an Auto Scaling Group on Amazon, the network smoothly scales up and down as your cluster does.
Whether you’re connecting containers on-premise, in a cloud, across multiple clouds or any combination of these, Weave Net just works.
For open source developers: Weave Mesh is available as a separate library for eventually consistent CRDT based distributed systems.
Weave Net provides a Docker proxy, supports libnetwork, (Docker’s Network plugin) and CNI, (used by Kubernetes, Mesos and Cloud Foundry). You can gain the benefits of Weave Net on all cloud platforms – from Amazon ECS, Google GKE, to Microsoft Azure and more.
- Weave Net and Kubernetes
- Weave Net and Docker
- Weave Net and Mesosphere DC/OS
- Weave Net and Amazon ECS
- Weave Net and Cloud Providers
Not every business is a greenfield startup – there’s existing applications that need to talk to the new containerized applications and vice versa. Whether you’re gradually migrating to Cloud Native or integrating with a fixed legacy service Weave Net makes it easy to connect those applications by providing simple integration with the SDN.
In Weave Net 1.9 the VXLAN based ‘fast datapath’ routing backend gained the ability to encrypt traffic between nodes, with performance that is only fractionally less than that available on the host, between uncontainerized applications. it’s also incredibly easy to configure – just set a password at startup.
Combine this with our distributed virtual firewall and network policy controller, (that can span multiple zones / geos), to create a secure, encrypted network with container-to-container access control rules.
Security works best when it’s effective and easy to use.
Weave Net is so easy to use that it’s easy to forget that it’s there – we like to call this: ‘invisible infrastructure’. To make the invisible, visible – configure Weave Cloud agents and gain network and application monitoring and visualisation.
Start a free trial of Weave Cloud.