Introduction to Networks (SDNs)
Most networking on Cycle is handled automatically via environments. However, there are some cases and organizational strategies where it may make sense to link several environments together via a new private network. This is where networks, also known as "software defined networks" or "SDNs", can be used.
How Networks Work
A network on Cycle is a special construct that is used to link up to 8 environments together via a new private network.
When joined into a network, all containers within an environment will have a new network interface attached that link them to other containers in other environments on the network. Each network has an identifier that is used as part of the network namespacing when addressing containers over the network.
Clustering
Networks are subject to clusters. Given a cluster is a hard barrier for network traffic on Cycle, environments from different clusters cannot be joined together.
Addressing Containers Over a Network
To address a container over a network, the following address template is used:
<container hostname>.<network identifier>[.cycle][:port]
For example, say we have two environments in a network - Environment A and Environment B.
The network has an identifier of prime-network
Given a container in Environment A with the hostname api, we can ping it from a container in Environment B
with the following:
ping api.prime-network
or, for further clarity using the .cycle TLD:
ping api.prime-network.cycle
Addressing Containers in Deployments
If the target container is within a deployment in an environment, the deployment tag is used in the hostname.
<container hostname>.<deployment tag>.<network identifier>[.cycle][:port]
Given the example from earlier, but moving the api container into a deployment version tagged with prod, the hostname would be
api.prod.prime-network.cycle
Use-Cases
There are plenty of reasons to use networks on Cycle - especially for security requirements.
The most common use-case we see invovles sharing services between applications, such as a database. Generally, the database should remain inaccessible to outside traffic (network disabled), but accessible to containers from different applications organized in different environments. Given this pattern, the database can be shared without exposing any security risk or requiring service duplication.
Troubleshooting
When encountering issues utilizing networks, the first step is to use the two-way console to log into a container that is a part of the network.
Missing Commands?
If none of the commands below are available, you may need to temporarily
install them using the package manager of the base image (apk for alpine,
apt for debian based, etc). Otherwise, try using a container that has
these tools installed already.
First, verify the network interface is correctly attached by running
ip a
or
ifconfig
There will be an interface named eth-<network identifier>, where <network-identifier> matches the identifier for the network.
If the network exists, try pinging a container in another environment as shown here.
If the above doesn't work, please reach out for additional support.
Configure Networks on Cycle
To create an SDN on Cycle, follow one of our interface-specific guides: