[MichaelAza]

So what is, exactly, the current state of the art in container networking? To the best of my understanding all current solutions (including this one) create one big LAN where all containers can see each other, but I'm certainly no expert.

How would one go about creating a network of containers more in line with traditional physical networks, with virtual switches, routers etc. ?

[wmf]

Maybe hooking Neutron into Docker can get you there: https://developer.ibm.com/open/clampify/

[adjohn]

Kuryr aims to achieve this: https://github.com/openstack/kuryr

[insaneirish]

The only good thing about OpenStack is that if you find yourself thinking it's the solution, you know with complete confidence that your problem lies elsewhere.

[bboreham]

Why would you want to do that?

(Btw, most current solutions allow some containers to talk to some containers but not others. E.g. using IP subnets)

[shaqbookpro]

I find the way that SmartOS does it is pretty nice. Each container gets its own private, virtual NIC, which sits on top of one of the physical NIC or an overlay network, and has its own networking stack. You can even enable layer 2 or layer 3 spoofing protection if you're in a multi-tenant situation, or just want to be more secure.

[benjaminl]

The best way to think of the ZeroTier network is that it is a virtual switch. Each host on the network is connected to a port on the switch.

Since ZeroTier supports hosts connecting to multiple networks, you can setup a pretty sophisticated multi-tiered network architecture, no router needed.

[zobzu]

one issue is that veth is slow - slower than VM networking. in fact since VMs are now booting instantly there's argument to use docker images and boot them as VMs.