How-tos

Cloud Foundry Container-to-Container Networking

Share this post:

Consider container-to-container networking when writing your next app

If you’re like many developers who are deploying applications to Cloud Foundry, you probably don’t think about networking too often. After all, as a PaaS, Cloud Foundry takes care of all the routing and connectivity for you. There is one feature, however, you might consider before writing your next app: container-to-container networking.

As the name suggests, container-to-container (C2C) networking allows two containers to communicate directly with each other, providing additional security and performance. Consider the following scenario depicted in the diagram:

An application is typically composed of several microservices. To allow the user (or web app) to reach them, public routes exist. The user can then simply access the application in his or her browser.

But what if the microservices need to talk to each other? Well, it turns out that the network path a microservice takes is similar to the path the user takes, even though microservices are “inside” Cloud Foundry. This is somewhat analogous to getting to the living room in your house by walking out the back door and then through the front.

C2C networking saves time

This presents a simple problem: communication takes longer. And considering that a modern application architecture may be composed of many microservices making remote API calls, the time adds up. It may also needlessly expose a microservice to the internet. To fix this, enable C2C networking:

ibmcloud cf add-network-policy $SOURCE_APP_NAME --destination-app $DEST_APP_NAME --port $PORT --protocol tcp

And remove any microservices that do not need a public route:

ibmcloud cf unmap-route $APP_NAME mybluemix.net --hostname $HOSTNAME

Overlay IP address

Even though C2C networking is now enabled, you’ll need to tell the microservices how to contact each other. This is done using a container’s overlay IP address.

You’ll find the overlay IP address in the CF_INSTANCE_INTERNAL_IP environment variable of a running container. Follow the step by step guide Logistics Wizard – Enabling Container to Container Networking to set up C2C networking and retrieve the address using SSH. Now that you know where the overlay IP address is, you can manually adjust the configuration of your microservices, have a microservice automatically broadcast it to dependents, or use it within a service discovery framework.

Learn more

Want to know more about Cloud Foundry container-to-container networking? Check out the following links.

IBM Offering Manager

More How-tos stories
April 24, 2019

How To Use IBM Cloud Object Storage with Veeam

As you may have heard, Veeam 9.5u4 now includes an integration with IBM Cloud Object Storage. This integration can result in up to 10x savings on long-term data retention and an overall reduction in IT and primary storage costs.

Continue reading

April 23, 2019

Introducing Private Service Endpoints in IBM Cloud Databases

We recently released an update to all IBM Cloud Databases which allows you to enable public and/or private service endpoints for your database deployments. In this post, we’ll walk you through the setup.

Continue reading

April 11, 2019

How to Automate TLS Certificate Rotation to Avoid Outages

In this post, we'll share how you can make sure you have end-to-end protection for data in transit without running into any TLS certificate expiry issues.

Continue reading