Hi team, I want to discuss benefits of using host networking [1] for docker containers, on master node. This feature was added in docker 0.11 and basicly means - reuse host networking stack, without creating separate namespace for each container. In my opinion it will result in much more stable install/upgrade of master node. 1. There will be no need for dhcrelay/dhcrelay_monitor on host 2. No dnat port forwarding 3. Performance improvement for pxe boot ??? Is there any real benefits of using separate namespaces in security terms? To implement this we will need: 1. Update docker to recent version 0.12/1.x, we will do it anyway, yes? 2. Run docker containers with --net=host Ofcourse it will require running containers in privileged mode, but afaik we are already doing this for other reasons. So, what do you think? [1] https://github.com/docker/docker/issues/2012 [2] https://docs.docker.com/articles/networking/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140809/bcdc53c8/attachment.html>