I'm trying to understand how the built-in Docker load balancing / VIP works with overlay networks. To better explain how I understand this, I've put together a diagram. My hope is that someone can confirm or reject my understanding.
Let's say I've got two services running in a Docker Swarm : webserver and api. Both of these two services have been scaled to two instances. These instances runs on NODE A and NODE B.
- Someone out there in the world makes a request which somehow hits NODE A.
iptableson NODE A willDNATthe request to the ingress-sbox on NODE A.- The
ingress-sbox(let's just regard it as a black box) decides that the request should go to webserver on NODE B. - The
ingress-sboxsends the request out on the "api" overlay network bridge, and the request gets routed via thevxlantunnel to the "api" overlay network bridge on NODE B. - The webserver container on NODE B receives the request via the "api" overlay network bridge.
Is this a fair understanding of how incoming requests will traverse an overlay network?
...and a followup question; what happens when a request goes from webserver to api via a load balancer (ingress-sbox). Will requests always be load balanced through the ingress-sbox on the same host as the request originates from? If this is the case, I assume this means that a request to a service VIP always gets routed to the ingress-sbox which runs on the very same node as where a request is made from?
