mesos-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shafay Latif <>
Subject Re: Mesos, Multinode Workload Network segregation
Date Tue, 11 Aug 2015 07:23:50 GMT
We have figured out a way to provide  IPs to containers as well as network-level policy driven
ACLs using Nuage’s VSP and Docker monitor installed on each slave node leveraging OVS.

Shafay Latif
> On Aug 10, 2015, at 11:46 PM, Christos Kozyrakis <> wrote:
> Hi Trevor, 
> we are working with Project Calico in order to implement two important features (urgently
missing in Mesos imho):
> - IPs per container: this will eliminate port conflicts when apps with specific port
needs get deployed on the same slave
> - network-level isolation: so that you can control which apps can reach each other and
how, within or across slaves. 
> The details will be presented at MesosCon and code released soon after that to the open
> Let me know if you need more info ahead of time. 
> On Mon, Aug 10, 2015 at 11:24 PM, Trevor Powell < <>>
> Anyone have any thoughts on how Mesos may accomplish this use case?
> We have several workloads that span multiple slaves and we want to ensure those work
loads can see each other, the internet, and nothing else. Basically we have untrusted groups
of work loads. We trust the load to talk to itself across a several slaves. But we don’t
trust it to not affect or inspect other work loads on the same slave.  Basically we are looking
to place “blinders” on the work load. So it can only see what it needs to see from the
network level.
> I have heard of things like weave or Project calico (
<>) . They seem promising. But I ponder what Mesos
is looking to do long term.
> -- 
> <11360A2A-682B-4E88-B66D-FF942D0869A1[183].png> <>
> Trevor Alexander Powell
> Sr. Manager, Cloud Engineer & Architecture
> 7575 Gateway Blvd. Newark, CA 94560
> T: +1.510.713.3751 <tel:%2B1.510.713.3751> 
> M: +1.650.325.7467 <tel:%2B1.650.325.7467> 
> <>
> -- 
> Christos

View raw message