3. Where to apply network policies?
Between containers within a service tier
Between service tiers
All containers in a service tier
External
Service Tier =
Policy Domain
Policy
Global
Tenant
Scope:
4. What exactly can a network policy be?
• Security:
Scoped white/black list rules on specific protocol/ports
In/Out policy to/from outside the cluster
Permit/Deny Inter-Container traffic within service tier
• Network Services for Apps:
Virtual or Physical Service appliances (LB, FW, etc.)
• Analytics/Diagnostics:
Netflow for certain application traffic
Copy traffic to/from a specific application
• Physical Infrastructure Usage:
Bandwidth, Latency, etc.
• IP Allocation Management (IPAM) Policy
Auto-allocation, DHCP-based, integration with IPAM tools
• Etc.
Let us assume there is a cluster of host running thousands of application instances as docker containers
It is very likely that the application instances are not random i.e. they work cohesively and can be grouped
And there exists a consumption relationship between service tiers
Network policies can be applied to capture the relationship between the services or between the application within a service
Network policies can be applied to capture the relationship between the services or between the application within a service