I have written a series of networking monitoring tools. To deploy these tools on our nodes (10,000+) we want to use Docker as it simply makes sense.

A syslog server for example would reside on a monitoring node. Network equipment in the general location of node will be configured to use the 3 nearest syslog collector node.

The syslog service running on collector nodes will then connect via HTTP (preferably HTTPS) through an encrypted overlay network to the application service on infrastructure nodes.

Currently, I have exposed UDP port 514 from the syslog service. And the syslog services function correctly… within the containers.

As requests come into the network on a site, I wish for those requests to be processed by nodes on that site.

This is where the problem starts.

Lets assume I have collector nodes node-00001 through node-19999. When a syslog packet comes into node-00001, it can end up any any of the 20000 nodes above because it enters through the ingress network and is routed.

Is there a solution that would allow me to:
1) Always send local traffic to the local container for a given port
2) Send local traffic to a node with a label matching a regular expression if no local container is available.

Thank you in advance!