You are configuring a three-node Docker Swarm that runs containerized microservices on separate hosts. The containers must be able to discover each other automatically and communicate across hosts on a dedicated, encrypted network that you can enable with a single --opt encrypted flag-without making any changes on the underlying switches or routers. Which network driver should you specify in the following command?
The overlay driver builds a VXLAN-based virtual Layer-2 network that spans every node participating in the Swarm. When you add the --opt encrypted option, Docker transparently secures all inter-node traffic with IPsec and also provides built-in DNS-based service discovery and VIP load-balancing for the containers. Because the tunnel is created in software, no physical-network configuration is required.
The bridge driver isolates containers on a single host only; it cannot route packets between hosts. The host driver places a container directly in the host's network namespace, providing no isolation and no cross-host overlay. The macvlan driver gives each container its own MAC address on the physical LAN, but it still relies on the external switch infrastructure and offers neither automatic multi-host routing nor optional encryption. Therefore, only the overlay driver meets all the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does the overlay network driver work in Docker Swarm?
Open an interactive chat with Bash
What is VXLAN, and why is it important for overlay networks?
Open an interactive chat with Bash
What is the role of IPsec in Docker's encrypted overlay networks?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access