Cloud Foundry Container-to-Container Networking

By: Van Staub

Consider container-to-container networking when writing your next app

If you’re like many developers who are deploying applications to Cloud Foundry, you probably don’t think about networking too often. After all, as a PaaS, Cloud Foundry takes care of all the routing and connectivity for you. There is one feature, however, you might consider before writing your next app: container-to-container networking.

As the name suggests, container-to-container (C2C) networking allows two containers to communicate directly with each other, providing additional security and performance. Consider the following scenario depicted in the diagram:

IBM Cloud

An application is typically composed of several microservices. To allow the user (or web app) to reach them, public routes exist. The user can then simply access the application in his or her browser.

But what if the microservices need to talk to each other? Well, it turns out that the network path a microservice takes is similar to the path the user takes, even though microservices are “inside” Cloud Foundry. This is somewhat analogous to getting to the living room in your house by walking out the back door and then through the front.

C2C networking saves time

This presents a simple problem: communication takes longer. And considering that a modern application architecture may be composed of many microservices making remote API calls, the time adds up. It may also needlessly expose a microservice to the internet. To fix this, enable C2C networking:

ibmcloud cf add-network-policy $SOURCE_APP_NAME --destination-app $DEST_APP_NAME --port $PORT --protocol tcp

And remove any microservices that do not need a public route:

ibmcloud cf unmap-route $APP_NAME --hostname $HOSTNAME

Overlay IP address

Even though C2C networking is now enabled, you’ll need to tell the microservices how to contact each other. This is done using a container’s overlay IP address.

Overlay IP address

You’ll find the overlay IP address in the CF_INSTANCE_INTERNAL_IP environment variable of a running container. Follow the step by step guide Logistics Wizard – Enabling Container to Container Networking to set up C2C networking and retrieve the address using SSH. Now that you know where the overlay IP address is, you can manually adjust the configuration of your microservices, have a microservice automatically broadcast it to dependents, or use it within a service discovery framework.

Learn more

Want to know more about Cloud Foundry container-to-container networking? Check out the following links.

Be the first to hear about news, product updates, and innovation from IBM Cloud