Chapter 6. The Container Network Interface

The Container Network Interface (CNI), as depicted in Figure 6-1, provides a plug-in-oriented networking solution for containers and container orchestrators. It consists of a specification and libraries for writing plug-ins to configure network interfaces in Linux containers.

100,000 ft view on CNI.
Figure 6-1. 100,000 ft view on CNI

The CNI specification is lightweight; it only deals with the network connectivity of containers, as well as the garbage collection of resources once containers are deleted.

We will focus on CNI in this book since it’s the de facto standard for container orchestrators, adopted by all major systems such as Kubernetes, Mesos, and Cloud Foundry. If you’re exclusively using Docker Swarm you’ll need to use Docker’s libnetwork and might want to read the helpful article by Lee Calcote titled “The Container Networking Landscape: CNI from CoreOS and CNM from Docker”, which contrasts CNI with the Docker model and provides you with some guidance.


CNI was pioneered by CoreOS in the context of the container runtime rkt, to define a common interface between the network plug-ins and container runtimes and orchestrators. Docker initially planned to support it but then came up with the Docker-proprietary libnetwork approach to container networking.

CNI and the libnetwork plug-in interface were developed in parallel from April ...

Get Container Networking now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.