Layer 2 Network For Applications¶
Some Edge Apps need to communicate with automation devices via automation protocols, such as Profinet, DCP and LLDP. That means, these Edge Apps require a Layer 2 (L2) network access. This Layer 2 network access must be used only for communication with automation devices, it is not designed to provide communication between app containers. For communication between app containers, IP-based networks must be used.
Why Docker Containers Want Layer 2 Access¶
1. Direct Container-to-Container Communication¶
Containers within the same host or network segment may require direct communication without traversing external routers or firewalls. Layer 2 access enables them to communicate using their MAC addresses, resulting in lower latency and higher performance.
2. High-Performance Networking¶
In applications where low-latency, high-performance networking is crucial, Layer 2 access can be advantageous. Real-time applications, microservices, and distributed systems often benefit from fast and efficient data exchange between containers.
3. Isolation¶
Layer 2 access provides a level of network segmentation and isolation. Containers within the same Layer 2 network can communicate directly, but they are isolated from containers in different networks. This isolation enhances security and prevents unauthorized access.
Risks and Benefits¶
Benefits of Layer 2 Access¶
- Efficiency: Low-latency, high-performance networking.
- Isolation: Enhanced security and network segmentation.
- Simulation: Ability to simulate complex network topologies.
- Legacy Integration: Support for legacy applications with Layer 2 dependencies.
- Performance: Avoiding network overhead for efficient data transfer.
Risks of Layer 2 Access¶
- Security: Reduced network segmentation may pose security risks.
- Complexity: Simulating network topologies can introduce complexity.
- Limited Reach: Only one Layer 2 access can be allocated to one application.
- Limited Scope: Only one application can use Layer 2 access with full functinallity on one device at once.
It's essential to carefully consider the specific requirements of your containerized application before enabling Layer 2 access. In many cases, higher-level networking protocols are more appropriate, especially when containers span multiple hosts or require internet access. Docker and container orchestration platforms offer a range of networking options, allowing you to choose the most suitable configuration based on your application's needs.
Always weigh the benefits against the risks and consider security and performance implications when configuring Docker containers with Layer 2 access.