diff --git a/content/engine/swarm/ingress.md b/content/engine/swarm/ingress.md index 132da6fef7..9d09e82604 100644 --- a/content/engine/swarm/ingress.md +++ b/content/engine/swarm/ingress.md @@ -165,6 +165,12 @@ $ docker service create --name dns-cache \ ## Bypass the routing mesh +By default, swarm services which publish ports do so using the routing mesh. +When you connect to a published port on any swarm node (whether it is running a +given service or not), you are redirected to a worker which is running that +service, transparently. Effectively, Docker acts as a load balancer for your +swarm services. + You can bypass the routing mesh, so that when you access the bound port on a given node, you are always accessing the instance of the service running on that node. This is referred to as `host` mode. There are a few things to keep @@ -248,10 +254,15 @@ To use an external load balancer without the routing mesh, set `--endpoint-mode` to `dnsrr` instead of the default value of `vip`. In this case, there is not a single virtual IP. Instead, Docker sets up DNS entries for the service such that a DNS query for the service name returns a list of IP addresses, and the client -connects directly to one of these. You are responsible for providing the list of -IP addresses and ports to your load balancer. See -[Configure service discovery](networking.md#configure-service-discovery). +connects directly to one of these. + +You can't use `--endpoint-mode dnsrr` together with `--publish mode=ingress`. +You must run your own load balancer in front of the service. A DNS query for +the service name on the Docker host returns a list of IP addresses for the +nodes running the service. Configure your load balancer to consume this list +and balance the traffic across the nodes. +See [Configure service discovery](networking.md#configure-service-discovery). ## Learn more -* [Deploy services to a swarm](services.md) \ No newline at end of file +* [Deploy services to a swarm](services.md) diff --git a/content/engine/swarm/networking.md b/content/engine/swarm/networking.md index c9c00d3ec2..aef238a2e2 100644 --- a/content/engine/swarm/networking.md +++ b/content/engine/swarm/networking.md @@ -474,24 +474,6 @@ preferred because it is somewhat self-documenting. -## Bypass the routing mesh for a swarm service - -By default, swarm services which publish ports do so using the routing mesh. -When you connect to a published port on any swarm node (whether it is running a -given service or not), you are redirected to a worker which is running that -service, transparently. Effectively, Docker acts as a load balancer for your -swarm services. Services using the routing mesh are running in virtual IP (VIP) -mode. Even a service running on each node (by means of the `--mode global` -flag) uses the routing mesh. When using the routing mesh, there is no guarantee -about which Docker node services client requests. - -To bypass the routing mesh, you can start a service using DNS Round Robin -(DNSRR) mode, by setting the `--endpoint-mode` flag to `dnsrr`. You must run -your own load balancer in front of the service. A DNS query for the service name -on the Docker host returns a list of IP addresses for the nodes running the -service. Configure your load balancer to consume this list and balance the -traffic across the nodes. - ## Learn more * [Deploy services to a swarm](services.md)