Docker does use bridged networking by default, but it uses linux bridges to perform the bridging, there is no docker-proxy process. The problem with docker bridge network is that the address space of the container spawned on the docker bridge are different than the host network, so you need to perform DNAT to get to any docker container on that bridge. The performance hit is because of the DNAT. If you want container to container communication on a single docker bridge, or if you configure the address space of the docker bridge to be that of the host network (which in most cases is not possible) you can get close to line speed performance.
Docker host networking is effectively attaching containers to the linux host network namespace. So the performance results will be the same as that of running a process natively on the host. On Tue, Apr 26, 2016 at 5:07 PM, Jeff Schroeder <jeffschroe...@computer.org> wrote: > I think you might be a bit confused now this all works. Docker by default > uses bridged networking, which by default spins up a little crappy > docker-proxy process for every port. You can disable docker-proxy and > instead use hairpin routing mode if you have a modern kernel. However, I'm > almost certain that any task you run via docker on mesos default to host > networking. Docker, LXC, mesos containers all use the Linux kernel network > namespace + perhaps some iptables/libnl magic for the networking bits. > Docker in host networking mode will do networking at mostly native speed. I > suggest you run iperf on mesos in the various configurations. It should be > pretty straightforward to test the overhead, but I suspect docker + host > networking will more than work. Give it a go and let us know! > > > On Tuesday, April 26, 2016, vincent gromakowski < > vincent.gromakow...@gmail.com> wrote: > >> Question is more related to mesos. I am thinking of using docker >> instead of native (LXC?) containers but I suspect network performance >> decrease which is important on big data workloads. >> Can you explain why its not secured In host mode ? >> Le 26 avr. 2016 7:51 PM, "Avinash Sridharan" <avin...@mesosphere.io> a >> écrit : >> >>> Hi Vincent, >>> What do you mean by native container through Docker? Can you clarify >>> your question a bit. Also if it's a DC/OS specific question you might want >>> to post at us...@dcos.io . >>> >>> Thanks, >>> Avinash >>> >>> On Tue, Apr 26, 2016 at 10:41 AM, vincent gromakowski < >>> vincent.gromakow...@gmail.com> wrote: >>> >>>> Nobody experienced docker vs native container performance ? >>>> Le 25 avr. 2016 9:37 AM, "vincent gromakowski" < >>>> vincent.gromakow...@gmail.com> a écrit : >>>> >>>>> I am very interesting in getting some feedback of people who has moved >>>>> from native container through Docker specially from network performance >>>>> perspective. >>>>> DCOS has been open sourced and I like all automation it brings with >>>>> frameworks but it seems everything is running in docker ? >>>>> I am looking for the smack stack for which network perf is important. >>>>> Tx >>>>> >>>> >>> >>> >>> -- >>> Avinash Sridharan, Mesosphere >>> +1 (323) 702 5245 >>> >> > > -- > Text by Jeff, typos by iPhone > -- Avinash Sridharan, Mesosphere +1 (323) 702 5245
