What is CoreOS Flannel? How does it fit with Containers?

Flannel is a networking technology used to connect Linux Containers. It is distributed and maintained by CoreOS, the producer of the stripped-down CoreOS Linux operating system for containers, as well as the rkt container system that competes with Docker.

Although tailored for use with the CoreOS operating system, Flannel is also compatible with Docker. Flannel emerged as an alternative method for container networking, originating from an open-source concept originally called Rudder, which in 2014 was renamed to Flannel. It was written in the Go programming language.

CoreOS Flannel vs. Container Networking Alternatives

There are many different ways to network Linux containers, all with different architectural approaches. Docker’s native networking scheme creates a virtual layer 3 Ethernet bridge, which automatically forwards packets between containers through a subnet routing scheme. Google Kubernetes assigns unique IP addresses to collective pods for which containers are members. When it first emerged, this was a more sophisticated form of software-defined networking employed by Kubernetes to direct traffic between containers, and thus to enable microservices.

Flannel is a basic overlay network that works by assigning a range of subnet addresses (usually IPv4 with a /24 subnet mask). Each address corresponds to a container, so that all containers in a system may reside on different hosts. By using packet encapsulation, Flannel enables the entire span of hosts to be addressed, by assigning a separate subnet to each host. Flannel uses the open source etcd key/value store to record the mappings between the addresses assigned to containers by their native hosts, and their addresses in the overlay network.

As a result, complex, multi-host systems such as Hortonworks Hadoop can be distributed across multiple Docker container hosts, using Flannel as the underlying fabric [see Figure 1].

Flannel proponents say that the system resolves a deficiency in Docker’s original (native) container address mapping system, in which each container’s address was effectively an exclusive port assigned to the same host. Thus container systems could not span hosts, limiting the system’s effectiveness on cloud platforms. Docker Inc. has since resolved this deficiency, with the acquisition in March 2015 of SDN provider SocketPlane, and the immediate integration of its container networking technology into Docker networking.

How CoreOS Flannel Works with Kubernetes

Kubernetes was first tested at Google, and then within the open-source community, prior to the existence of Flannel. Its container mapping scheme was designed for Google Compute Engine (the public part of the same platform where Kubernetes was first engineered), but not other public cloud platforms. Flannel was advanced as a solution to that problem, enabling container systems to span multiple hosts on Amazon EC2 Container Service. Since that time, however, Kubernetes has evolved substantially, enabling orchestration for container systems spanning a tremendous number of hosts across multiple public and private cloud platforms.

Aside from Kubernetes, Flannel continues to be advanced as a simple, yet effective, way to achieve container networking with scalability beyond a single host. Yet others see benefits in using both together, with Flannel serving as the fabric layer that provides subnets to Kubernetes for use with pods. Both Kubernetes and Flannel use /24 subnet masks in their addressing schemes, and CoreOS distributes Kubernetes with its rkt container system.