@@ -10,6 +10,7 @@ import (

 	"github.com/docker/docker/daemon/config"

 	"github.com/docker/docker/pkg/idtools"

+	"github.com/docker/docker/pkg/stringid"

 	"github.com/docker/libnetwork"

 	"github.com/moby/buildkit/executor"

 	"github.com/moby/buildkit/executor/oci"

@@ -100,11 +101,12 @@ func (iface *lnInterface) Set(s *specs.Spec) {

 		logrus.WithError(iface.err).Error("failed to set networking spec")

 		return

 	}

+	shortNetCtlrID := stringid.TruncateID(iface.provider.NetworkController.ID())

 	// attach netns to bridge within the container namespace, using reexec in a prestart hook

 	s.Hooks = &specs.Hooks{

 		Prestart: []specs.Hook{{

 			Path: filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"),

-			Args: []string{"libnetwork-setkey", "-exec-root=" + iface.provider.Config().Daemon.ExecRoot, iface.sbx.ContainerID(), iface.provider.NetworkController.ID()},

+			Args: []string{"libnetwork-setkey", "-exec-root=" + iface.provider.Config().Daemon.ExecRoot, iface.sbx.ContainerID(), shortNetCtlrID},

 		}},

 	}

 }

@@ -20,6 +20,7 @@ import (

 	"github.com/docker/docker/oci/caps"

 	"github.com/docker/docker/pkg/idtools"

 	"github.com/docker/docker/pkg/mount"

+	"github.com/docker/docker/pkg/stringid"

 	"github.com/docker/docker/rootless/specconv"

 	volumemounts "github.com/docker/docker/volume/mounts"

 	"github.com/opencontainers/runc/libcontainer/apparmor"

@@ -66,13 +67,14 @@ func WithLibnetwork(daemon *Daemon, c *container.Container) coci.SpecOpts {

 		for _, ns := range s.Linux.Namespaces {

 			if ns.Type == "network" && ns.Path == "" && !c.Config.NetworkDisabled {

 				target := filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe")

+				shortNetCtlrID := stringid.TruncateID(daemon.netController.ID())

 				s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{

 					Path: target,

 					Args: []string{

 						"libnetwork-setkey",

 						"-exec-root=" + daemon.configStore.GetExecRoot(),

 						c.ID,

-						daemon.netController.ID(),

+						shortNetCtlrID,

 					},

 				})

 			}

@@ -3,7 +3,7 @@

 # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When

 # updating the binary version, consider updating github.com/docker/libnetwork

 # in vendor.conf accordingly

-: ${LIBNETWORK_COMMIT:=96bcc0dae898308ed659c5095526788a602f4726}

+: ${LIBNETWORK_COMMIT:=0025177e3dabbe0de151be0957dcaff149d43536}

 install_proxy() {

 	case "$1" in

@@ -38,7 +38,7 @@ github.com/gofrs/flock                              392e7fae8f1b0bdbd67dad7237d2

 # libnetwork

 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly

-github.com/docker/libnetwork                        96bcc0dae898308ed659c5095526788a602f4726

+github.com/docker/libnetwork                        0025177e3dabbe0de151be0957dcaff149d43536

 github.com/docker/go-events                         9461782956ad83b30282bf90e31fa6a70c255ba9

 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80

 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec

@@ -70,7 +70,7 @@ func setupBridgeIPv6(config *networkConfiguration, i *bridgeInterface) error {

 		Dst:       config.AddressIPv6,

 	})

 	if err != nil && !os.IsExist(err) {

-		logrus.Errorf("Could not add route to IPv6 network %s via device %s", config.AddressIPv6.String(), config.BridgeName)

+		logrus.Errorf("Could not add route to IPv6 network %s via device %s: %s", config.AddressIPv6.String(), config.BridgeName, err)

 	}

 	return nil

@@ -144,6 +144,17 @@ const (

 	// a statically assigned hash table by their source IP

 	// addresses.

 	SourceHashing = "sh"

+

+	// WeightedRoundRobin assigns jobs to real servers proportionally

+	// to there real servers' weight. Servers with higher weights

+	// receive new jobs first and get more jobs than servers

+	// with lower weights. Servers with equal weights get

+	// an equal distribution of new jobs

+	WeightedRoundRobin = "wrr"

+

+	// WeightedLeastConnection assigns more jobs to servers

+	// with fewer jobs and relative to the real servers' weight

+	WeightedLeastConnection = "wlc"

 )

 const (

@@ -12,6 +12,7 @@ import (

 	"os"

 	"path/filepath"

+	"github.com/docker/docker/pkg/stringid"

 	"github.com/docker/libnetwork/types"

 	"github.com/opencontainers/runtime-spec/specs-go"

 	"github.com/sirupsen/logrus"

@@ -24,7 +25,7 @@ const (

 )

 // processSetKeyReexec is a private function that must be called only on an reexec path

-// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <controller-id> }

+// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <short-controller-id> }

 // It also expects specs.State as a json string in <stdin>

 // Refer to https://github.com/opencontainers/runc/pull/160/ for more information

 // The docker exec-root can be specified as "-exec-root" flag. The default value is "/run/docker".

@@ -41,14 +42,14 @@ func processSetKeyReexec() {

 	execRoot := flag.String("exec-root", defaultExecRoot, "docker exec root")

 	flag.Parse()

-	// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<controller-id> }

+	// expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<short-controller-id> }

 	// (i.e. expecting 2 flag.Args())

 	args := flag.Args()

 	if len(args) < 2 {

 		err = fmt.Errorf("Re-exec expects 2 args (after parsing flags), received : %d", len(args))

 		return

 	}

-	containerID, controllerID := args[0], args[1]

+	containerID, shortCtlrID := args[0], args[1]

 	// We expect specs.State as a json string in <stdin>

 	stateBuf, err := ioutil.ReadAll(os.Stdin)

@@ -60,16 +61,16 @@ func processSetKeyReexec() {

 		return

 	}

-	err = SetExternalKey(controllerID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)

+	err = SetExternalKey(shortCtlrID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)

 }

 // SetExternalKey provides a convenient way to set an External key to a sandbox

-func SetExternalKey(controllerID string, containerID string, key string, execRoot string) error {

+func SetExternalKey(shortCtlrID string, containerID string, key string, execRoot string) error {

 	keyData := setKeyData{

 		ContainerID: containerID,

 		Key:         key}

-	uds := filepath.Join(execRoot, execSubdir, controllerID+".sock")

+	uds := filepath.Join(execRoot, execSubdir, shortCtlrID+".sock")

 	c, err := net.Dial("unix", uds)

 	if err != nil {

 		return err

@@ -120,7 +121,8 @@ func (c *controller) startExternalKeyListener() error {

 	if err := os.MkdirAll(udsBase, 0600); err != nil {

 		return err

 	}

-	uds := filepath.Join(udsBase, c.id+".sock")

+	shortCtlrID := stringid.TruncateID(c.id)

+	uds := filepath.Join(udsBase, shortCtlrID+".sock")

 	l, err := net.Listen("unix", uds)

 	if err != nil {

 		return err

@@ -80,30 +80,15 @@ func (c *controller) getStores() []datastore.DataStore {

 }

 func (c *controller) getNetworkFromStore(nid string) (*network, error) {

-	for _, store := range c.getStores() {

-		n := &network{id: nid, ctrlr: c}

-		err := store.GetObject(datastore.Key(n.Key()...), n)

-		// Continue searching in the next store if the key is not found in this store

-		if err != nil {

-			if err != datastore.ErrKeyNotFound {

-				logrus.Debugf("could not find network %s: %v", nid, err)

-			}

-			continue

-		}

-

-		ec := &endpointCnt{n: n}

-		err = store.GetObject(datastore.Key(ec.Key()...), ec)

-		if err != nil && !n.inDelete {

-			return nil, fmt.Errorf("could not find endpoint count for network %s: %v", n.Name(), err)

-		}

-

-		n.epCnt = ec

-		if n.scope == "" {

-			n.scope = store.Scope()

+	ns, err := c.getNetworksFromStore()

+	if err != nil {

+		return nil, err

+	}

+	for _, n := range ns {

+		if n.id == nid {

+			return n, nil

 		}

-		return n, nil

 	}

-

 	return nil, fmt.Errorf("network %s not found", nid)

 }