Network Configuration
This guide covers advanced network configuration for Merobox, including custom Docker networks, port management, and network security.
Custom Docker Networks
Create and use custom Docker networks for better isolation and control:
# workflow.yml
networks:
- name: calimero-custom
driver: bridge
options:
com.docker.network.bridge.name: calimero-br0
com.docker.network.driver.mtu: 1500
nodes:
networks:
- calimero-custom
- default
Network Types
Choose the appropriate network driver for your use case:
# Bridge network (default)
networks:
- name: calimero-bridge
driver: bridge
options:
com.docker.network.bridge.enable_icc: 'true'
com.docker.network.bridge.enable_ip_masquerade: 'true'
# Host network (shares host networking)
networks:
- name: calimero-host
driver: host
# Overlay network (for multi-host)
networks:
- name: calimero-overlay
driver: overlay
options:
encrypted: 'true'
Network Configuration Options
# Advanced network configuration
networks:
- name: calimero-advanced
driver: bridge
ipam:
driver: default
config:
- subnet: 172.20.0.0/16
gateway: 172.20.0.1
ip_range: 172.20.1.0/24
options:
com.docker.network.bridge.name: calimero-br0
com.docker.network.driver.mtu: 1500
com.docker.network.bridge.enable_icc: 'true'
com.docker.network.bridge.enable_ip_masquerade: 'true'
Port Management
Advanced port configuration and management:
Basic Port Configuration
nodes:
ports:
p2p: 2428
rpc: 2528
admin: 2628
port_mapping:
mode: host # host, bridge, none
expose_ports:
- 2428
- 2528
Port Range Configuration
# Dynamic port allocation
nodes:
port_range:
start: 3000
end: 4000
step: 10
port_mapping:
mode: bridge
host_ports:
- 2428:2428
- 2528:2528
Port Security
# Restrict port access
nodes:
ports:
p2p: 2428
rpc: 2528
port_security:
allowed_ips:
- 192.168.1.0/24
- 10.0.0.0/8
blocked_ports:
- 22
- 23
Network Security
Configure network security and isolation:
Network Isolation
networks:
- name: calimero-secure
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
options:
com.docker.network.bridge.enable_icc: 'false'
com.docker.network.bridge.enable_ip_masquerade: 'true'
Firewall Configuration
# Custom firewall rules
firewall:
enabled: true
rules:
- action: allow
source: 192.168.1.0/24
destination: 2428
protocol: tcp
- action: deny
source: 0.0.0.0/0
destination: 22
protocol: tcp
Network Policies
# Network access policies
network_policies:
- name: calimero-policy
rules:
- from:
- namespace: calimero
ports:
- protocol: tcp
port: 2428
- from:
- namespace: monitoring
ports:
- protocol: tcp
port: 2528
Load Balancing and Proxying
Traefik Configuration
Custom Traefik proxy configuration:
traefik:
image: traefik:v2.10
config:
entryPoints:
web:
address: ':80'
websecure:
address: ':443'
providers:
docker:
endpoint: 'unix:///var/run/docker.sock'
exposedByDefault: false
api:
dashboard: true
insecure: false
Load Balancer Setup
# Load balancer configuration
load_balancer:
enabled: true
image: nginx:alpine
config:
upstream:
- server: calimero-node-1:2428
- server: calimero-node-2:2428
- server: calimero-node-3:2428
health_check:
path: /health
interval: 30s
timeout: 5s
Reverse Proxy
# Reverse proxy configuration
reverse_proxy:
enabled: true
image: nginx:alpine
config:
server:
listen: 80
location:
- path: /api
proxy_pass: http://calimero-node-1:2528
- path: /admin
proxy_pass: http://calimero-node-1:2628
Network Monitoring
Network Metrics
# Network monitoring
monitoring:
network:
enabled: true
metrics:
- bandwidth
- latency
- packet_loss
- connection_count
alerts:
- metric: bandwidth
threshold: 80%
action: scale_up
- metric: latency
threshold: 100ms
action: alert
Network Diagnostics
# Network diagnostic tools
diagnostics:
enabled: true
tools:
- ping
- traceroute
- netstat
- ss
interval: 60s
DNS Configuration
Custom DNS
# Custom DNS configuration
dns:
servers:
- 8.8.8.8
- 8.8.4.4
- 1.1.1.1
search:
- calimero.local
- internal.local
options:
- ndots: 2
- timeout: 2
Service Discovery
# Service discovery
service_discovery:
enabled: true
provider: consul
config:
address: consul:8500
service_name: calimero
tags:
- calimero
- blockchain
Network Troubleshooting
Common Network Issues
# Check network connectivity
docker network ls
docker network inspect calimero-web
# Test connectivity between nodes
docker exec calimero-node-1 ping calimero-node-2
# Check port binding
netstat -tulpn | grep -E "(2428|2528)"
# Test DNS resolution
docker exec calimero-node-1 nslookup calimero-node-2
Network Debugging
# Enable network debugging
export DOCKER_BUILDKIT=0
export DOCKER_CLI_EXPERIMENTAL=enabled
# Check network configuration
docker network inspect calimero-web | jq '.[0].IPAM'
# Test network performance
docker exec calimero-node-1 iperf3 -c calimero-node-2
# Monitor network traffic
docker exec calimero-node-1 tcpdump -i eth0
Performance Optimization
Network Performance
# Network performance tuning
network_performance:
tcp_nodelay: true
tcp_keepalive: true
tcp_keepalive_time: 600
tcp_keepalive_interval: 60
tcp_keepalive_probes: 3
Bandwidth Management
# Bandwidth limits
bandwidth:
enabled: true
limits:
- interface: eth0
rate: 100M
burst: 200M
- interface: eth1
rate: 50M
burst: 100M
Best Practices
Network Design
- Segmentation: Use separate networks for different purposes
- Isolation: Isolate sensitive services from public networks
- Redundancy: Implement redundant network paths
- Monitoring: Monitor network performance and health
Security Considerations
- Firewall rules: Implement appropriate firewall rules
- Access control: Control network access with policies
- Encryption: Use encrypted connections where possible
- Auditing: Log network access for audit purposes
Performance Optimization
- Bandwidth management: Set appropriate bandwidth limits
- Latency optimization: Minimize network latency
- Load balancing: Distribute load across multiple nodes
- Caching: Implement network-level caching
Next Steps
Now that you understand network configuration:
- Authentication Service Integration - Auth service configuration
- Resource Management - Resource limits and monitoring
- Security Configuration - Security settings and policies
- Advanced Configuration - Other advanced features
Was this page helpful?