Sandboxes with multiple endpoints have undefined gateway and DNS behavior

[tomdee]

As mentioned in issue #71 the behavior of multiple endpoints in a sandbox is undefined. This issue tracks discussion on how to make it more defined. One proposal from @mrjana is below.

Yes CNM allows multiple endpoints from the same container to connect to different networks(the CNM Network) and we are thinking of introducing certain driver generic config to the Endpoint. One of them could possibly indicate whether this is a primary or a secondary endpoint in the container. This hasn't been completely discussed yet so please take it FWIW.

[stephanbuys]

Specifying the behaviour might actually be very beneficial, there is a great use-case for Docker in the "NFV/Network Function Virtualisation" use-case. Being able to define inter-container routing would be a great feature.

Imagine a Docker server/cluster being able to run a virtual firewall, virtual switch, etc in a serial chain..

Ingress -> Firewall -> Rate-Limit -> Content-Filter -> Egress (and vice-versa)

[squaremo]

Relatedly, there's a SetResolvConf method on the joinInfo given to join, but any value given it appears to be squirrelled away in the endpointInfo struct, and never consulted.

[squaremo]

@mavenugo @mrjana This seems related to PR #212, though that does not deal with /etc/resolv.conf (but it could?).

[mrjana]

@squaremo We are thinking of removing the capability of setting hostspath and resolvconfpath from driver in it's current form and replace it with a more generic OS independent form. The current one would work only with a unix like OS and driver api should not assume any particular OS.

[squaremo]

@mrjana OK. In order for weave (as a plugin or otherwise) to operate, it needs to be able to tell containers to use its own DNS. I don't mind the mechanism, so long as I can do so.

[shykes]

@squaremo can you explain why you need to change dns settings to allow multi-host connectivity?

[squaremo]

can you explain why you need to change dns settings to allow multi-host connectivity?

Because we supply our own nameserver, so that containers on the weave network can contact each other by name.

It is of course possible to use another nameserver, or an entirely different mechanism, though there's more work to do yourself that way (because the weave script / plugin won't be telling the nameserver of the DNS entry at the same time it's assigning the IP address).

[GordonTheTurtle]

@tomdee It has been detected that this issue has not received any activity in over 6 months. Can you please let us know if it is still relevant:

• For a bug: do you still experience the issue with the latest version?
• For a feature request: was your request appropriately answered in a later version?

Thank you! This issue will be automatically closed in 1 week unless it is commented on. For more information please refer to https://github.com/docker/libnetwork/issues/1926