[
https://issues.apache.org/jira/browse/MESOS-4823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15200060#comment-15200060
]
Dan Osborne commented on MESOS-4823:
------------------------------------
In CNI world every container is uniquely addressable, so within a CNI network
there is no requirement for port mapping. However, it is true that if the CNI
network is an overlay network then a separate mechanism for getting in/out of
the overlay to the rest of the world may be required. I think it is reasonable
for frameworks to be network aware (i.e. specify which network they want to
create a container in), but less sure it makes sense for them to be specifying
how traffic gets in and out of the overlay network. That feels like it is the
realm of the specific network implementation. Port mapping is one way to
approach getting in/out of an overlay. But the exact mechanism required is
highly dependent on the particular overlay implementation, so the proposed
approach of mesos manipulating iptables on behalf of the network would only
work for some networks.
In general overlay network based SDNs have their own mechanisms for getting
things in/out of the overlay to the rest of the world.
> Implement port forwarding in `network/cni` isolator
> ---------------------------------------------------
>
> Key: MESOS-4823
> URL: https://issues.apache.org/jira/browse/MESOS-4823
> Project: Mesos
> Issue Type: Task
> Components: containerization
> Environment: linux
> Reporter: Avinash Sridharan
> Assignee: Avinash Sridharan
> Priority: Critical
> Labels: mesosphere
>
> Most docker and appc images wish to expose ports that micro-services are
> listening on, to the outside world. When containers are running on bridged
> (or ptp) networking this can be achieved by installing port forwarding rules
> on the agent (using iptables). This can be done in the `network/cni`
> isolator.
> The reason we would like this functionality to be implemented in the
> `network/cni` isolator, and not a CNI plugin, is that the specifications
> currently do not support specifying port forwarding rules. Further, to
> install these rules the isolator needs two pieces of information, the exposed
> ports and the IP address associated with the container. Bother are available
> to the isolator.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
