Enhanced Layer 7 Routing for Swarm in Docker Enterprise Edition Beta
Path-Based RoutingLayer 7 load balancing allows traffic going to host domains like acme.com to be distributed across specific containers in your environment. With path-based routing, traffic headed to sub-domains within acme.com (eg. acme.com/app1 or acme.com/app2) can be separately routed to different sets of containers. This can be especially useful for optimizing application performance by driving different requests to different groups of containers.
SSL TerminationHTTPS traffic ensures secure, encrypted communications from the client to your application, but there are many reasons to decrypt the message once it has reached the load balancer. Layer 7 routing often requires decrypting the incoming message in order to make the intelligent routing decision within the trusted network; in addition, managing multiple certificates at the container level does not necessarily scale well. SSL termination at a proxy service allows for secure external communications to end when it is already within your secure network, allowing you to manage certificates in one location and making it much more scalable.
Proxy ExtensionsThe new Interlock architecture in Docker EE includes a pluggable extension service that can connect to different load-balancing proxies. As part of Docker’s “batteries included” strategy, the service comes with a supported NGINX proxy today and other proxy solutions will be pluggable into the architecture in the future. The pluggable framework allows you to use industry standard solutions while still having the simplicity of configuring them using standard Docker rolling updates.
The new version of Docker EE also introduces the concept of Service Clusters which provides a separate instance of the reverse proxy to each application, making application traffic isolated to each service cluster. This allows you to segregate application clusters at Layer 7. Some of the benefits to this feature include isolating service disruptions, reconfiguration downtimes, mis-configurations, and update errors to a single application as opposed to the entire cluster.