From 8c9937b0be7648a9b3bdd08b119f8d3df29234be Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Wed, 2 Mar 2016 15:39:06 -0800 Subject: [PATCH] Fix up some wording and links --- .../{ephemeral-key.md => implementation.md} | 0 site/features.md | 35 ++++++++----------- site/using-weave/deploying-applications.md | 2 +- .../security-untrusted-networks.md | 6 +++- 4 files changed, 20 insertions(+), 23 deletions(-) rename site/encryption/{ephemeral-key.md => implementation.md} (100%) diff --git a/site/encryption/ephemeral-key.md b/site/encryption/implementation.md similarity index 100% rename from site/encryption/ephemeral-key.md rename to site/encryption/implementation.md diff --git a/site/features.md b/site/features.md index 8cb086e52d..45d1fa7b8b 100644 --- a/site/features.md +++ b/site/features.md @@ -31,6 +31,8 @@ see [Using Weave Net](/site/using-weave/intro-example.md) ###Virtual Ethernet Switch +Weave Net creates a virtual network that connects Docker containers +deployed across multiple hosts. To application containers, the network established by Weave resembles a giant Ethernet switch, where all containers are connected and can easily access services from one another. @@ -50,14 +52,11 @@ and [Deploying Applications to Weave Net](/site/using-weave/deploying-applicatio Weave automatically chooses the fastest available method to transport data between peers. The best performing of these -(the 'fastdp') offers near-native throughput and latency. +(the 'fast datapath') offers near-native throughput and latency. -Fastdp does not support encryption. If you supply a -password at `weave launch` the router falls back to a slower -`sleeve` mode that does support encryption. - -For connections that traverse untrusted networks, -see [Securing Containers Across Untrusted Networks](/site/using-weave/security-untrusted-networks.md) for more details. +Fast datapath does not support encryption. For full details on configuring +Weave when you have connections that traverse untrusted networks, +see [Securing Connections Across Untrusted Networks](/site/using-weave/security-untrusted-networks.md) for more details. See [Using Fast Datapath](/site/fastdp/using-fastdp.md) and [How Fast Datapath Works](/site/fastdp/fastdp-how-it-works.md). @@ -83,7 +82,7 @@ See [Using the Weave Docker API](/site/weave-docker-api/using-proxy.md) ###Weave Network Docker Plugin -Weave can also be used as a Docker plugin. A Docker network +Weave can also be used as a [Docker plugin](https://docs.docker.com/engine/extend/plugins_network/). A Docker network named `weave` is created by `weave launch`, which is used as follows: $ docker run --net=weave -ti ubuntu @@ -101,7 +100,7 @@ when there are network connectivity problems. See [Using the Weave Docker Network Plugin](/site/plugin/weave-plugin-how-to.md) for more details. -###IP Address Allocation (IPAM) +###IP Address Management (IPAM) Containers are automatically allocated a unique IP address. To view the addresses allocated by Weave run, `weave ps`. @@ -178,8 +177,8 @@ running alongside Weave. Weave implements encryption and security using [Daniel J. Bernstein's NaCl library](http://nacl.cr.yp.to/index.html). -For information on how to secure your Docker containers, -see [Securing Containers Across Untrusted Networks](/site/using-weave/security-untrusted-networks.md) +For information on how to secure your Docker network connections, +see [Securing Connections Across Untrusted Networks](/site/using-weave/security-untrusted-networks.md) and for a more technical discussion on how Weave implements encryption see, [Using Encryption with Weave](/site/encryption/crypto-overview.md) and [How Weave Implements Encryption](/site/encryption/ephemeral-key.md) @@ -223,21 +222,15 @@ See [Enabling Multi-Cloud networking and Multi-hop Routing](/site/using-weave/mu ###Dynamic Topologies -A network of containers across more than two hosts can be -established even when there is only partial connectivity -between the hosts. - -Weave routes traffic between containers as long as -there is at least one *path* of connected hosts -between them. - -See [Enabling Multi-Cloud networking and Multi-hop Routing](/site/using-weave/finding-adding-hosts-dynamically.md) +Hosts can be added to or removed from a Weave network without stopping +or reconfiguring the remaining hosts. See [Adding and Removing Hosts +Dynamically](/site/using-weave/finding-adding-hosts-dynamically.md) ###Container Mobility Containers can be moved between hosts without requiring any -re-configuration or, in many cases, restarts of other containers. +reconfiguration or, in many cases, restarts of other containers. All that is required is for the migrated container to be started with the same IP address as it was given originally. diff --git a/site/using-weave/deploying-applications.md b/site/using-weave/deploying-applications.md index ee15eb4f02..8487422952 100644 --- a/site/using-weave/deploying-applications.md +++ b/site/using-weave/deploying-applications.md @@ -42,7 +42,7 @@ If you are deploying an application that consists of more than one container to ###Creating Peer Connections Between Hosts -To launch Weave on an additional host and create a peer connections by running the following: +To launch Weave on an additional host and create a peer connection, run the following: host2$ weave launch $HOST1 host2$ eval $(weave env) diff --git a/site/using-weave/security-untrusted-networks.md b/site/using-weave/security-untrusted-networks.md index 9eac3626d6..31cd65ebc2 100644 --- a/site/using-weave/security-untrusted-networks.md +++ b/site/using-weave/security-untrusted-networks.md @@ -1,5 +1,5 @@ --- -title: Securing Containers Across Untrusted Networks +title: Securing Connections Across Untrusted Networks layout: default --- @@ -28,6 +28,10 @@ To guard against dictionary attacks, the password needs to be reasonably strong The same password must be specified for all Weave peers, by default both control and data plane traffic will then use authenticated encryption. +Fast datapath does not support encryption. If you supply a +password at `weave launch` the router falls back to a slower +`sleeve` mode that does support encryption. + If some of your peers are co-located in a trusted network (for example within the boundary of your own datacenter) you can use the `--trusted-subnets` argument to `weave launch` to selectively disable data plane encryption as an optimization. Both peers must consider the other to be in a trusted subnet for this to take place - if they do not agree, Weave [falls back to a slower method]( /site/fastdp/using-fastdp.md) for transporting data between peers, since fast datapath does not support encryption.