With its 1.12.0 release, Docker introduced new options for load balancing of services via DNS and IP Virtual Server (IPVS) when the services are started in a Swarm cluster.
Docker comes with an embedded DNS server which can be used to map aliases to container IP addresses using the --net-alias option when starting a container. This has been available since 1.10. Since the 1.11 release, Docker also supports round robin DNS based load balancing.
In DNS based load balancing, a service name (alias) is mapped to multiple IP addresses. In this context they are the IP addresses of the containers where the service is running. The DNS server responds with multiple IP addresses when a DNS resolution query is made, and it also shuffles the order of the returned IP addresses so that requests from different clients hit different IPs. The mapping of an alias to multiple container IP addresses had to be done manually to achieve this round robin load balancing.
In the 1.12.0 release, Docker added in-built support for service load balancing using a Linux feature called IPVS. Using Docker’s Swarm clustering engine, a service can be declared on the command line along with the number of replicas (containers) that is desired. There is no need to specify aliases manually for a service. Under the hood, the DNS name of the service is mapped to a Virtual IP (VIP), which is where the feature ties in with IPVS. On a DNS lookup, the VIP is returned.
IPVS is a Linux kernel feature that allows Layer-4 (Transport Layer) TCP/UDP traffic to be forwarded to backend servers. It is based on the NetFilter module, which forms the foundation of the packet filtering and network address translation implementations in the Linux kernel.
When a service request reaches the VIP, it is forwarded to one of the backend containers that hosts the service. This is done in a manner such that the traffic is evenly distributed among the containers. This mode of load balancing the service is similar to the way in which Consul, a service discovery software, does it. Consul also provides a DNS server which can return multiple IP addresses each time a lookup is done.