Calico and Docker containers


Calico’s Docker support has moved along a lot since this post.  

To get started using Calico on Docker see: Getting Started on Docker

Or you can find the latest code and docs here:

Original post below in full:


While for much of the team November has been dominated with thoughts of OpenStack (what with the submission of our nova and neutron blueprints and, of course, the Paris summit), this hasn’t been our sole focus.  When we put together the Calico architecture we always expected that our networking model would work equally well for containers as for VMs, but the past few weeks have seen us put this to the test.

What did we do?

Based on the Calico components described in, we used Docker to set up several containers on a host:

  • One running Felix
  • One running the Calico ACL Manager
  • One running our BGP client (BIRD)

We then created a script which acts as the “plug-in” in our architecture; this also runs in a container and is responsible for informing Felix and the ACL manager about any “guest” containers in the system. Putting all of these together on a couple of hosts, we were able to demonstrate the following:

  • Felix can run unchanged in a Docker environment – we didn’t have to make any code changes from the Felix that works in an OpenStack system
  • The Calico networking model, does work for containers.
    • Felix, is able to program routes into the FIB on the host, which are distributed to other hosts via BIRD.
    • Felix is also able to program ACL rules into the host, which work as expected.

Where can I get it?

All of this, along with instructions on how to reproduce this on your own system is available on github –

Is this a demo?

No – this is not a fully-fledged demo by any means.  It is a proof of concept, which means

  • it is driven by a config file, which needs to be updated with appropriate IP addresses and hostnames in your network
  • it works enough to prove the concepts are valid, but doesn’t do much beyond that
  • we’ve not done extensive testing of it – it is provided to the community “as is”.

That said, we’re excited about it as it validates one of our key architectural principles, which is that Calico provides a networking model which is platform agnostic.

What next?

While we’ve got some ideas on where to go next with Docker and containers, we’re not planning on doing any more in the short term with this prototype.  As always, though, we’re very interested in any comments from the community and if someone wants to pick this up and integrate it with a Docker orchestrator, then you’ll have no complaints from us!

Join our mailing list

Get updates on blog posts, workshops, certification programs, new releases, and more!