As well as providing networking for OpenStack VMs, Calico can provide networking for containers in a Docker environment. Each container gets its own IP and fine grain security policy. In addition, Calico can be deployed without encapsulation or overlays to provide high performance at massive scales. For more information on Project Calico see http://www.projectcalico.org/learn/.
Development is very active at the moment so please Star this project and check back often.
We welcome questions/comments/feedback (and pull requests).
- Announcement Mailing List
- Technical Mailing List
- Slack Calico Users Channel
- IRC - #calico
- For Calico-on-Docker specific issues, please raise issues on Github.
Calico provides a highly scalable networking solution for connecting data center workloads (containers, VMs, or bare metal). It is based on the same scalable IP networking principles as the internet, providing connectivity using standard IP routing and isolation between workloads (or other fine grained policy) using iptables programmed at the source and destination workloads.
Read more about it on the Project Calico website.
Project Calico uses etcd to distribute information about workloads, endpoints (a specific networking interface associated with a workload), and policy to each Docker host.
The calico-node service is a worker that configures the network endpoints
for containers, handles IP routing, and installs policy rules. It runs in its
own Docker container, and comprises
- Felix, the Calico worker process
- BIRD, the route distribution process
We provide a command line tool, calicoctl, which makes it easy to configure
and start the Calico services listed above, and allows you to interact with
the etcd datastore to define and apply network and security policy to the
containers you create. Using calicoctl, you can provision Calico nodes,
endpoints, and define and manage a rich set of security policy.
To get started using, we recommend running through one or more of the available demonstrations described below.
If you would like to get involved writing code for calico-docker, or if you need to build binaries specific to your OS, checkout out the Building and testing guide.
Worked examples are available for demonstrating Calico networking with the following different networking options:
- Demonstration with Docker default networking
- Demonstration with libnetwork
- Demonstration with Powerstrip
See the Networking options below for more details on each of these different networking options.
With each of these tutorials we provide details for running the demonstration using manual setup on your own servers, or with a quick set-up in a virtualized environment using Vagrant, or a number of cloud services.
We also provide the following additional demonstrations:
This uses Dockers standard networking infrastructure, requiring you to explicitly add a created container into a Calico network.
This is compatible with all Docker versions from 1.6 onwards.
Docker's native libnetwork network driver is available in the Docker 1.9 release currently underoing development.
Setup of the libnetwork environment is a little more involved since it requires the current master (1.9.dev) builds of Docker, and the use of etcd as a datastore for Docker clustering.
Powerstrip is a pluggable HTTP proxy for the Docker API. Development
of the Powerstrip version of Calico is lagging behind the master branch, so an
older version of calicoctl and the calico-node docker image are required.
For more information on what you can do with Calico, please visit the frequently asked questions page.