LLMpediaThe first transparent, open encyclopedia generated by LLMs

Weave Net

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Kubernetes Hop 4
Expansion Funnel Raw 65 → Dedup 7 → NER 6 → Enqueued 6
1. Extracted65
2. After dedup7 (None)
3. After NER6 (None)
Rejected: 1 (not NE: 1)
4. Enqueued6 (None)
Weave Net
NameWeave Net
DeveloperWeaveworks
Initial release2014
Programming languageGo
RepositoryGitHub
LicenseApache License 2.0
PlatformLinux

Weave Net Weave Net is a container networking solution originally developed to provide simple, flat, encrypted networking for containerized workloads. It integrates with orchestration systems and virtualized environments to create an overlay network that connects containers across hosts, enabling service discovery, IP address management, and network policy capabilities. Weave Net is associated with several projects and organizations in the cloud native ecosystem and has been used in production by teams operating on platforms such as Kubernetes and Docker.

Overview

Weave Net was created by Weaveworks to address cross-host connectivity challenges encountered with Docker (software), Kubernetes, CoreOS, Amazon Web Services, Google Cloud Platform, and Microsoft Azure deployments. It provides a layer-2-like overlay that assigns IPv4 and IPv6 addresses and routes traffic between containers on disparate hosts, integrating with etcd, Consul (software), and Flannel-based environments for service discovery and state sharing. The project was developed in the context of early container orchestration experimentation alongside efforts from Mesos, OpenStack, and Rancher communities. Weave Net's networking paradigm was influenced by research from University of California, Berkeley groups and the cloud native design patterns promoted at conferences such as KubeCon and DockerCon.

Architecture

Weave Net's architecture centers on a distributed agent that runs on each host and establishes encrypted tunnels between peers using a gossip-based membership system. The agent interacts with container runtimes like containerd and CRI-O as well as platform components from Kubernetes and Docker Engine to attach containers to virtual interfaces. Overlay tunnels employ VXLAN-like encapsulation and opportunistic tunneling strategies similar to technologies used by Open vSwitch and Calico (software), while maintaining a control plane that leverages concepts from HashiCorp Consul and Raft (computer science)-influenced coordination. The control plane manages IPAM, route distribution, and network policy enforcement, and integrates with observability tools such as Prometheus and Grafana for metrics and visualization.

Installation and Configuration

Installation typically involves running the Weave Net daemon as a privileged container or system service on each host and applying a small set of configuration options via command-line flags or manifest files for Kubernetes DaemonSet deployments. Administrators often combine Weave Net with orchestration primitives from Helm, kubectl, and Ansible for repeatable provisioning, while integrating with cloud provider APIs from AWS Identity and Access Management or Google Cloud IAM for credential management. Configuration covers address allocation, encryption keys, MTU settings, and policy rules; many operators store configuration in key-value stores like etcd or manage secrets with HashiCorp Vault. Upgrades and rolling restarts are commonly coordinated using practices documented by CNCF and implemented through CI/CD tooling such as Jenkins or GitLab CI/CD.

Networking Features and Protocols

Weave Net supports IPv4 and IPv6 addressing, multicast, and DNS-based service discovery through integration with resolvers like CoreDNS and dnsmasq. It uses tunneling and encapsulation protocols related to VXLAN and leverages transport-layer encryption comparable to WireGuard or IPsec in concept. The control plane uses gossip protocols akin to those described by the SWIM protocol and membership models employed in systems like Serf. Weave Net can implement network policies that resemble constructs from NetworkPolicy (Kubernetes), filtering traffic based on labels and identities propagated via orchestration APIs from Kubernetes API server and Docker Swarm.

Performance and Scalability

Performance characteristics depend on workload patterns, host networking stacks, and underlying hardware, including NIC offload features supported by vendors such as Intel Corporation, Broadcom, and Mellanox Technologies. Scalability has been demonstrated in clusters similar in scope to deployments managed by Spotify, Airbnb, and Booking.com, where overlay efficiency and route aggregation affect throughput and latency compared with alternatives like Flannel, Calico (software), and Cilium. Operators often tune MTU, use host-level routing, or adopt native CNI plugins to reduce encapsulation overhead; monitoring with Prometheus and tracing with Jaeger (software) are common practices for diagnosing congestion and jitter.

Security Considerations

Weave Net offers encryption of overlay traffic and integrates with secret management and identity systems such as HashiCorp Vault, Kubernetes Secrets, and cloud IAM services. Security considerations include key rotation, protection of privileged agent processes, and the hardening practices recommended for Linux hosts and systemd-managed services. Auditing and compliance workflows typically integrate with logging and SIEM solutions like ELK Stack and Splunk, while admission controls and policy enforcement are coordinated via OPA (Open Policy Agent) and Kubernetes admission controllers. Threat models reference industry frameworks from NIST and best practices advocated by OWASP and CNCF security working groups.

History and Development

Weave Net originated at Weaveworks in 2014 during early container networking innovation, contemporaneous with projects such as Flannel and Calico (software). It has evolved through community contributions hosted on GitHub and influenced by operational learnings from organizations like Canonical (company), Red Hat, and VMware. Over time, Weave Net adapted to the rise of Kubernetes as the dominant orchestrator and participated in ecosystem discussions at events like KubeCon and CloudNativeCon. Development has followed the patterns of open-source governance exemplified by projects under the Cloud Native Computing Foundation umbrella, and the software has been used as a reference implementation in tutorials, workshops, and case studies across the cloud native community.

Category:Container networking