Public | Automated Build

Last pushed: 16 days ago
Short Description
Installs Solarflare's OpenOnload userspace networking stack into various OS flavors.
Full Description


docker-onload provides a Dockerfile which installs Solarflare's OpenOnload into various OS flavors. Find it on the Docker Hub:

See changes in the CHANGELOG.

Supported Docker Hub tags and respective Dockerfile links

  • centos-nozf (centos/Dockerfile)
  • precise-nozf (precise/Dockerfile)
  • stretch-nozf (stretch/Dockerfile)
  • trusty-nozf (trusty/Dockerfile)
  • xenial-nozf (xenial/Dockerfile)
  • bionic-nozf (bionic/Dockerfile)
  • 201805-centos-nozf
  • 201805-precise-nozf
  • 201805-trusty-nozf
  • 201805-stretch-nozf
  • 201805-xenial-nozf
  • 201805-bionic-nozf
  • 201710-u1.1-centos-nozf
  • 201710-u1.1-precise-nozf
  • 201710-u1.1-trusty-nozf
  • 201710-u1.1-stretch-nozf
  • 201710-u1.1-xenial-nozf
  • 201710-u1.1-bionic-nozf
  • 201710-u1-centos-nozf
  • 201710-u1-precise-nozf
  • 201710-u1-trusty-nozf
  • 201710-u1-stretch-nozf
  • 201710-u1-xenial-nozf
  • 201710-centos-nozf
  • 201710-precise-nozf
  • 201710-trusty-nozf
  • 201710-stretch-nozf
  • 201710-xenial-nozf
  • 201606-u1.3-centos-nozf
  • 201606-u1.3-precise-nozf
  • 201606-u1.3-trusty-nozf
  • 201606-u1.3-xenial-nozf
  • 201606-u1.2-centos-nozf
  • 201606-u1.2-precise-nozf
  • 201606-u1.2-trusty-nozf
  • 201606-u1.2-xenial-nozf
  • 201606-u1.1-centos-nozf
  • 201606-u1.1-precise-nozf
  • 201606-u1.1-trusty-nozf
  • 201606-u1.1-xenial-nozf
  • 201606-u1-centos-nozf
  • 201606-u1-precise-nozf
  • 201606-u1-trusty-nozf
  • 201606-u1-xenial-nozf
  • 201606-centos
  • 201606-precise
  • 201606-trusty
  • 201606-xenial
  • 201509-u1-centos
  • 201509-u1-precise
  • 201509-u1-trusty
  • 201509-u1-xenial

NOTE Since version 201606-u1, Docker Hub hosts images tagged as a -nozf variant. These are built from Dockerfile without ONLOAD_WITHZF set, thus without support for TCPDirect (aka ZF).

Launching Onload-enabled containers

For OpenOnload versions >= 201606, to expose the host and onload to this container, run like so:

docker run --net=host --device=/dev/onload --device=/dev/onload_epoll --device=/dev/onload_cplane -it ONLOAD_ENABLED_IMAGE_ID [COMMAND] [ARG...]

For OpenOnload versions < 201606, to expose the host and onload to this container, run like so:

docker run --net=host --device=/dev/onload --device=/dev/onload_epoll -it ONLOAD_ENABLED_IMAGE_ID [COMMAND] [ARG...]

The difference is that version 201606 introduced the device /dev/onload_cplane.

Here's a bash one-liner for extracting the OpenOnload version year:
onload --version | awk 'NR == 1 {print substr($2, 1, 4)}'


  • Host networking must be used: --net=host

  • The following devices must be exported: --device=/dev/onload --device=/dev/onload_epoll --device=/dev/onload_cplane

  • The host's onload --version must be the same as the container's.

  • Stack Sharing: If a container and the host must share an Onload stack, both should use EF_SHARE_WITH=-1 to avoid a current limitation in OpenOnload. Note this disables the stack sharing security feature.

  • Due to a current limitation with OpenOnload, you should run with EF_USE_HUGE_PAGES=0 if you share Onload stacks.


In OpenOnload 201606-u1, Solarflare introducted a new kernel-bypass networking API named TCPDirect.

To run TCPDirect applications in a container, an addition device must be exported:

TCPDirect is under a different license than OpenOnload; its binaries may not be distributed.
Thus, we have introduced a -nozf variant for images hosted on Docker Hub.

You are free to build and deploy TCPDirect-enabled images yourself with the regular Dockerfiles.
To do so, set the build argument ONLOAD_WITHZF to a non-empty string (the Dockerfile checks [ -z ${ONLOAD_WITHZF} ]).
For example:

git clone
cd docker-onload
docker build --build-arg ONLOAD_WITHZF=1 -f xenial/Dockerfile -t neomantra/onload:201606-u1-xenial .


Dockerfiles are provided for the following base systems, selecting the Dockerfile path with -f:

Each system folder has a Dockerfile.

The following are the available build-time options. They can be set using the --build-arg CLI argument, like so:

docker build --build-arg ONLOAD_VERSION="201509" --build-arg ONLOAD_MD5SUM="b093ea9f3a534c9c9fe9da6c2b6ccb7a" -f trusty/Dockerfile .

The Dockerfile downloads specific versions from using the following ARG settings:

Key Default Description
ONLOAD_VERSION "201805" The version of OpenOnload to download.
ONLOAD_MD5SUM "cbc523076c63b61fc853094a9af25e56" The MD5 checksum of the download.
ONLOAD_WITHZF Set to non-empty to include TCPDirect.

If you change the ONLOAD_VERSION, you must also change ONLOAD_MD5SUM to match. Note that Docker is only supported by OpenOnload since version 201502.


Copyright (c) 2018 Neomantra BV

Released under the MIT License, see LICENSE.txt

Docker Pull Command
Source Repository