What is the difference between ingress network and custom overlay network?

In my opinion, they are of the same usage except ingress network is created by default when doing swarm initialization?

Could you elaborate what gave you the impressions?

Hint: Please describe how you publish a port on a customer overlay network without using ingress.


         - "8361:8080"

If your example is for a swarm service, in fact it does use the ingress network for the published port.

I am still curious to understand what makes you think how ingress and custom networks work and how they would be the same.

they are both overlay network, what are the differences?

my stack is as below, I don’t use ingress network, but a user-defined overlay network pica_net, and the port-publishing works

    version: "3"

        image: nacos:latest
          - pica_net
          #  ipv4_address:,,
          mode: replicated
          replicas: 3
          #endpoint_mode: vip
          #- /root/nacos/logs:/app/logs
          - /root/nacos/application.properties:/app/conf/application.properties 
          - 8848:8848
        external: true

I think they are both overlay network, aren’t they?

By default a published port uses the ingress network for the routing mesh:

The ingress network IS an overlay network, but a special overlay network ment to be used when ports are publised to thru the routing mesh. The Documentation above states what it does, how it works and if you need also how to bypass it.

1 Like

thank you very much for the link. After reading it, I have two different understandings,

1 only joining ingress network, we can use routing mesh, if nodes join a user-defined overlay network, routing mesh is not available

2 routing mesh is available on both ingress network and user-defined overlay network. user-defined overlay network . user-defined overlay network uses ingress network as a underlying-proxy to divert traffic to support routing mesh

which one is correct?

The ingress network is not ment to be used directly.

Like I already wrote: the default a published port will implicitly use the ingress network. This behavior is what what gave you the impression of #2. Routing mesh is only available for published ingress ports. You can specify a published port to bind the port on the host it is running on directly, though this will require the long syntax for port publishing.

By default services in an overlay networks use a virtual ip, which forwards traffic to the replica instances. I am quite confident, that the routing mesh does nothing more than binding a published port on all nodes and forward the traffic to the vip, which again forward traffic to the replicas.

I explicitly use a custom overlay network in a docker-compose.yml and I notice the containers it starts are residing on both custom overlay network as well as on ingress network.

uh, this is interesting, coz if the started containers will definitely resides on the ingress network, do we still need custom overlay network? what is the usage of custom overlay network? why do we just use ingress network only?

also, let’s say we have two custom overlay networks A and B, and we have node 1, 2 in overlay A, while node 3,4 on overlay B. It seems to me that they can communicate with each other coz they are both in the same ingress network?