Higher performance for multicast and broadcast traffic when using Weave's Fast Datapath

• The flow rule to deliver broadcast and multicast packets in-kernel
  was not created correctly, hence every such packet caused a
  context-switch to the software router #2003/#2008

Other fixes:

• Remove DNS entries for containers that are being restarted by Docker
  but are not live yet #1977/#1989
• Don't let one failing allocation attempt prevent others from
  succeeding; they could be in different subnets which are more
  available #1996/#2001
• Don't complain on second router launch on kernels that lack support
  for Fast Datapath #1929/#1983
• Fix build broken by change in docker/libnetwork IPAM API #1984/#1985

Fixing a rather serious issue that slipped through our preparations for Docker 1.10:

• Restarting Docker or rebooting your machine while the Weave Net plugin is running causes Docker 1.10.0 to fail to start #1959/#1963

Also one other small fix:

• Avoid a hang when trying to use plugin and proxy at the same time #1956/#1961

Preparing for Docker 1.10, plus some bug-fixes.

• Avoid hang in Docker v1.10 on docker volume ls after weave stop, weave stop-plugin or weave reset #1934/#1936
• Fix "unexpected EOF" from Docker 1.10 on docker exec with Weave proxy --rewrite-inspect enabled #1911/#1917
• Avoid losing DNS entries and potentially double-allocating IP addresses allocated via plugin, on router restart; also extend weave ps to show IP addresses allocated via plugin #1745/#1921
• Stop creating lots of copies of weavewait program in Docker volumes #1757/#1935
• Prevent container starting prematurely when proxy in --no-multicast-route mode #1942/#1943
• Log error message from plugin rather than crashing when weave not running #1906/#1918
• Warn, don't error, if unable to remove plugin network in 'weave stop', to avoid breaking the usual upgrade or config change process #1900/#1919
• Don't crash if network conditions suggest only very small packets will get through #1905/#1926
• Cope with unexpected errors during route traversal when starting container via proxy #1909/#1910/#1932

Bug-fixes and minor improvements.

• Fixed a race condition in weavewait that would occasionally hang containers at startup #1882/#1884
• weave launch returns success when the plugin is running, to avoid failure on reboot #1869
• Work round weave router failure on CoreOS 4.3 caused by kernel bug #1854
• weave launch would exit with error code on docker <1.9 #1851
• Running eval $(weave env) multiple times would break eval $(weave env --restore) #1824/#1825
• Don't complain in weave stop about "Plugin is not running" when plugin is not enabled #1840/#1841
• weave --local launch would fail if utility program docker_tls_args could not be found #1844
• Improved error reporting when TLS arg detection fails #1843
• Improve error reporting when docker isn't running #1845
• Add --trusted-subnets usage to weave script #1842
• weave run can hang under rare combinations of options #1858

This is a bug-fix release to cover a few issues that came up since the
release of 1.4.0.

• Weave would fail to launch when $DOCKER_HOST was set to a TCP socket secured with TLS #1820/#1822
• Weave would fail to stop when run against Docker pre-1.9 #1815/#1817
• Issue a warning instead of failing on --with-dns option to proxy, which was removed #1810/#1812
• Make weave version show the plugin version #1797/#1813
• Make weave launch show when the a container is restarting #1778/#1814
• Make weave launch fail if the plugin is running, for consistency with router and proxy. #1818/#1819

More details in the change log.

Highlights

• The Docker Network plugin can now operate without a cluster store, so it is now run by default.
• You can now use the fast datapath over trusted links and Weave encryption over untrusted links, in the same network.

More details below and in the change log.

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

Weave 1.4.0 is fully compatible with Weave 1.3.x, 1.2.x and 1.1.x, so it is possible to upgrade clusters incrementally and run mixed versions. If upgrading from Weave 1.0.x, take into account the Weave 1.1.0 upgrading instructions.

If you used the plugin from version 1.3.x you may need to modify your startup scripts, since weave launch now creates a default network called weave. Note that the plugin container (weaveplugin) is now run with --restart=always, so that it is there after a restart or reboot. If you remove this container before removing all endpoints created using --net=weave, Docker can hang.

Changes

Router

• Option to bypass encryption on trusted links, to improve performance #82/#1758
• Added DNS upstream servers and FDP miss counter to status reporting #1571/#1662/#1592/#1663
• Fixed possible low throughput when using encryption #1788
• Retry vxlan vport creation, to avoid failure on start immediately after a stop #1772/#1795
• Interpose a bridge device, so tools like conntrack and Weave Scope can see Weave Net connections #1577/#1712/#1783/#1790
• Add option to stop weave adding an IP route for multicast addresses, to give user control over multicast routing #1741/#1755
• Block container access to Weave control and data ports, for improved security #1634/#1670
• Ensure weave connect attempts connection immediately #1714/#1716
• More efficient processing of network topology changes #1732/#1736
• Diagnostics for IP Address Management with weave status and weave status ipam #1639/#1702
• Better support for pre-1.2/post-1.2 mixed networks #1731
• Add a 'json' function for 'weave report -f', for more flexibility when scripting #1709/#1782
• Reduce memory usage in connection shutdown #1718
• Improve script robustness #1749/#1750
• Add fast datapath high level overview document #1722
• Remove --with-dns option; DNS is on by default #1754/#1781
• Remove unused vars in weave script #1748/#1751/#1753

Proxy

• More flexibility over filesystem paths for $DOCKER_HOST and Weave proxy socket #1579/#1586/#1689/#1694/#1740
• Proxy now always tries to detect TLS settings, unless disabled with --no-detect-tls #1539/#1679
• Ensure socket directory exists before asking Docker to use it, since Docker deprecated the feature of auto-creating it #1653/#1719

Plugin

• Ability to run as a Docker network plugin without a cluster store, for simpler set-up and more flexible operation #1727/#1728/#1738
• Docker IPAM plugin using Weave's peer-to-peer IP address management #1676
• Service discovery via WeaveDNS now works with the plugin #1725/#1730
• Support multicast #1752/#1776

Build and Test

• Removed unneeded test helper #1769
• Fixed accidental peer duplication in unit tests #1766
• Build test/tls program using build container #1760
• Connect to gce boxes as vagrant so we can access docker unix socket #1708
• Fix gossip tests #1796/#1765/#1767
• Merge plugin code into weave repository #1674/#1724
• Move some netlink code to upstream library #1440/#1673

Highlights

• The minimum Docker version has been increased to 1.6 due to the upcoming deprecation of Dockerhub access for old clients. From December 7th onwards previous versions of the weave script will fail to pull down images from the hub; if you are unable to upgrade to 1.3.1 immediately you can work around this by running weave --local setup in conjunction with a compatible Docker client installation
• Docker networking plugin now works with older kernels and allows you to configure the MTU

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

Weave 1.3.1 is fully compatible with Weave 1.3.0, 1.2.x and 1.1.x, so it is possible to upgrade clusters incrementally and run mixed versions. If upgrading from Weave 1.0.x, take into account the Weave 1.1.0 upgrading instructions.

Changes

• Update minimum Docker version to 1.6 #1683/#1684/#1706
• Docker networking plugin now applies WEAVE_MTU to container interfaces, allowing you to configure larger frames for improved performance on networks which support it #1703 / weaveworks-experiments/docker-plugin#50 / weaveworks-experiments/docker-plugin#51
• Docker networking plugin now works with 3.13 kernel #1682 / weaveworks-experiments/docker-plugin#48 / weaveworks-experiments/docker-plugin#49
• Fix a memory corruption bug that could cause crashes under load #1697/#1698/#1450/#1452
• Improve gossip efficiency #1704
• Minor documentation fix #1699

Highlights

This release includes a Docker Plugin, so you have the option to use Weave Net that way.

More details below and in the change log.

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

Weave 1.3.0 is fully compatible with Weave 1.2.x and 1.1.x, so it is possible to upgrade clusters incrementally and run mixed versions. If upgrading from Weave 1.0.x, take into account the Weave 1.1.0 upgrading instructions.

Other changes

_Router_

• fix a crash when operating in mixed 1.1/1.2 configurations. #1661/#1669
• smoother propagation of updates when peers restart. #1554/#1641

_Docker API proxy_

• fix an incompatibility with older Linux kernels. #1647/#1671

_IP Address Allocator_

• print out address ranges more simply. #1635/#1636

Bug-fix and minor improvements.

• Fix crash on mixed-case DNS names #1603/#1610/#1615/#1614
• Fix a condition where rolling restarts could hang on IP address allocation #1593/#1624
• Gracefully deal with kernels that do not support OVS VXLAN ports, e.g. Oracle EL7; previously this would cause weave launch to fail with a address family not supported by protocol netlink error in the logs #1599/#1619
• Fix unknown flow key type 22 error using fast datapath on 4.3 kernel #1594
• Prevent containers from accessing the weave router REST API when fast datapath is enabled #1632/#1637
• Fix an edge case in weave expose that could prevent registration of the given hostname in weaveDNS #1626/#1629
• Fix hang when a starting a container via the proxy and providing a network mode of host or container:... at start rather than create (which is the usual way) #1600/#1608
• Prevent unnecessary reattachment attempts by the weaveproxy #1584/#1598
• Fix weaveDNS not working with Ubuntu/UFW #1578/#1606
• Disallow registration of foreign domains in weaveDNS #1516/#1597
• Fix weaveproxy --rewrite-inspect race on container start #1549/#1616
• Accommodate changes in API of upstream DNS library #1622
• Integration test reliability improvements #1588/#1630

Highlights

This release introduces the Fast Data Path, which allows Weave networks to operate at near wire-level speeds. This new feature is enabled by default.

Other highlights:

• auto-configuration of TLS for the Weave Docker API proxy, making it
  easier to run Weave on Macs and in conjunction with tools like
  Docker Swarm
• support for Docker restart policies on application containers and weave
  infrastructure containers
• better compatibility with recent and future Docker versions

More details below and in the change log.

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

Weave 1.2.0 is fully compatible with Weave 1.1.x, so it is possible to upgrade clusters incrementally and run mixed versions. If upgrading from Weave 1.0.x, take into account the Weave 1.1.0 upgrading instructions.

(Once upgraded, if you then decide to re-install weave 1.1 take care to run weave reset before downgrading. Failing that, reboot the machine)

Changes

Router

• introduce Fast Data Path,
  which significantly improves network
  performance. #36/#205/#991/#1438, #1396/#1451, #1448/#1522, #1505/#1513/#1525, #1510/#1526, #1533/#1538, #1544, #1548/#1550, #1558, #1552/#1562, #1567, #1570
• apply back-off on late connection failures. Previously, errors
  detected shortly after connection establishment would cause
  immediate retries, causing high connection churn and log
  noise. #953/#1447/#1496
• handle a race conditions that could cause multiple concurrent
  connection attempts to the same IP/port of a prospective
  peer. #1478/#1479/#1483
• remove spurious Docker dependency, allowing the router executable to
  be run w/o accessing Docker. #1443/#1500

Docker API proxy

• auto-configure
  TLS. This
  simplifies setting up weave on Mac OSX and other platforms where
  Docker is only accessible via TLS. #1285/#1414/#1441/#1442, #1407
• when containers started via the proxy are restarted by Docker, the
  proxy automatically re-attaches them to the weave
  network. #401/#1210/#1456, #1547/#1551, #1542/#1560
• when the weave router is restarted by Docker, the proxy
  automatically re-attaches it to the weave network. #401/#1358/#1518
• cope with HostConfig on start, which is a backward compatibility
  feature of the Docker API used by some
  applications. Previously, containers started that way would end up
  with a broken configuration, such as lack of DNS
  settings. #1368/#1449, #1481/#1488, #1531/#1532/#1534
• work with non-default logging driver. Previously this would cause
  the proxy launch to report a failure even when it
  succeeded. #1453/#1472/#1474,#1519/#1520, #1527/#1528
• improve Docker version compatibility. New (present and future)
  Docker features and associated changes to the Docker Remote API are
  now handled correctly in the vast majority of cases. #1371/#1395
• log requests/responses when running with
  --log-level=debug. #1515/#1536
• remove /var/run/weave.sock symlink, which was there for backward
  compatibility with weave 1.0. Newer versions use
  /var/run/weave/weave.sock. #1492/#1495

IP Address Allocator

• gracefully handle situations where IP address allocation has been
  seeded by different peers, e.g. because incorrect
  --init-peer-count values were specified. Previously this could
  cause the router to crash or log obscure errors. Now it causes the
  connection between the incompatibly-initialised peers to be dropped,
  with an intelligible error in the logs and weave status connections output. #1178/#1463/#1499
• do not allocate IP addresses in weave detach/hide. This was
  causing these commands to hang when IP address allocation was
  deferred (e.g. due to the lack of initial consensus or free
  addresses). #860/#1503
• prevent stall of docker run/start and weave run/attach when a
  container dies just before IP address allocation, and IP address
  allocation is deferred (e.g. due to the lack of initial consensus or
  free addresses). #1459/#1512

Naming and Discovery (weaveDNS)

• prevent Docker from updating a container's
  /etc/hosts,
  which, from Docker 1.8 onward, was breaking resolution of
  unqualified names via weaveDNS. #1374/#1477, #1574
• add an entry to /etc/hosts for the container's fully-qualified
  hostname and weave IP addresses, which is expected by some
  applications. #1497/#1557
• enable weave dns-add/remove
  to add/remove DNS records not associated with containers. #1385/#1517
• make name resolution case insensitive, per
  RFC1035. #1461/#1462

CLI

• correctly report the version of snapshot releases. #1341/#1415
• rename VERSION env var to WEAVE_VERSION, to prevent accidental
  conflicts. #1389
• start temporary containers without networking, where possible, which speeds up some weave commands. #1572

Build & Test

• make weave build & work with Go 1.5. #1386/#1393/#1412/#1436
• switch from 'gliderlabs/alpine' to 'alpine' images, since the latter
  is now the official name for this image. #1388
• restrict coverage reporting to sub-packages of 'weave', thus
  producing more accurate coverage statistics. #1524
• add test for using sub-domains with weaveDNS. #1446
• fix a race condition in an integration test that lead to sporadic
  failures. #1502/#1537
• work around a bug in Docker 1.9rc1 that breaks an integration test. #1565/#1569
• use test scripts from build-tools
  repo, for sharing with
  other projects. #1470
• run unit tests in a separate container (instead of the build
  container) in CircleCI. #1204/#1469
• build GCE test image on demand, streamlining the workflow for
  updating the images. #1468/#1494