Host mode networking

Estimated reading time: 2 minutes

By default the layer 7 routing components communicate with one another using overlay networks. You can customize the components to use host mode networking instead.

You can choose to:

  • Configure the ucp-interlock and ucp-interlock-extension services to communicate using host mode networking.
  • Configure the ucp-interlock-proxy and your swarm service to communicate using host mode networking.
  • Use host mode networking for all of the components.

In this example we’ll start with a production-grade deployment of the layer 7 routing solution and update it so that it uses host mode networking instead of overlay networking.

When using host mode networking you won’t be able to use DNS service discovery, since that functionality requires overlay networking. For two services to communicate, each service needs to know the IP address of the node where the other service is running.

Production-grade deployment

If you haven’t already, configure the layer 7 routing solution for production.

Once you’ve done that, the ucp-interlock-proxy service replicas should be running on their own dedicated nodes.

Update the ucp-interlock config

Update the ucp-interlock service configuration so that it uses host mode networking.

Update the PublishMode key to:

PublishMode = "host"

When updating the ucp-interlock service to use the new Docker configuration, make sure to update it so that it starts publishing its port on the host:

docker service update \
  --config-rm $CURRENT_CONFIG_NAME \
  --config-add source=$NEW_CONFIG_NAME,target=/config.toml \
  --publish-add mode=host,target=8080 \

The ucp-interlock and ucp-interlock-extension services are now communicating using host mode networking.

Deploy your swarm services

Now you can deploy your swarm services. In this example we’ll deploy a demo service that also uses host mode networking. Set up your CLI client with a UCP client bundle, and deploy the service:

docker service create \
  --name demo \
  --detach=false \
  --label \
  --label \
  --publish mode=host,target=8080 \
  --env METADATA="demo" \

Docker allocates a high random port on the host where the service can be reached. To test that everything is working you can run:

curl --header "Host:" \


If everything is working correctly, you should get a JSON result like:

{"instance":"63b855978452", "version":"0.1", "request_id":"d641430be9496937f2669ce6963b67d6"}
routing, proxy