Home

Awesome

DEPRECATED.

This repository has been merged into silk-release. Please import this code from there. See related PRs and issues:

Silk

Note: This repository should be imported as code.cloudfoundry.org/silk.

Silk is an open-source, CNI-compatible container networking fabric. It was inspired by the flannel VXLAN backend and designed to meet the strict operational requirements of Cloud Foundry.

To see how Silk is used inside of Cloud Foundry, look at the CF Networking Release.

Architecture

Control plane

Silk has three components:

Data plane

The Silk dataplane is a virtual L3 overlay network. Each container host is assigned a unique IP address range, and each container gets a unique IP from that range.

The virtual network is constructed from three primitives:

Although the shared VXLAN network carries L2 frames, containers are not connected to it directly. They only access the VXLAN segment via their host's virtual L3 router. Therefore, from a container's point of view, the container-to-container network carries L3 packets, not L2.

To provide multi-tenant network policy on top of this connectivity fabric, Cloud Foundry utilizes the VXLAN GBP extension to tag egress packets with a policy identifier. Other network policy enforcement schemes are also possible.