You are not logged in.

#1 2019-11-08 13:32:51

eolien
Member
Registered: 2015-05-19
Posts: 7

Docker breaks host connectivity

I saw that topic but it didn't help : [SOLVED] Docker breaks existing bridge I use for KVM/QEMU

I use a bridge with DHCP and attach all eno interfaces in it.

br0.netdev

[NetDev]
Name=br0
Kind=bridge

br0.network

[Match]
Name=br0

[Network]
DHCP=ipv4

[DHCP]
UseDNS=true
RouteMetric=10

enoX.network

[Match]
Name=en*

[Network]
Bridge=br0

[DHCP]
RouteMetric=10

I changed my gateway to not match first ip of the network, to let docker get it for containers

root@osz ~# ip route
default via 192.168.1.254 dev br0 proto dhcp src 192.168.1.20 metric 10 
root@osz ~# ip a show br0
2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 82:00:0a:46:10:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 brd 192.168.1.255 scope global dynamic br0
       valid_lft 84839sec preferred_lft 84839sec

I tell docker to :
    - not use iptables as Archlinux wiki / Docker / Starting Docker breaks KVM bridged networking
    - use existing bridge as Serverfault / Networking between KVM VM and docker container on same host

/etc/docker/daemon.json

{
  "bridge": "br0",
  "iptables": false
}

When i start a docker container my host lose its connectivity after few time.
Also, an APIPA address is set to the interface host side, strange part is that docker inspect tells me that container as first ip of network and that i can ping it.

1° I start the container

root@osz /e/s/network# docker run -d -p 8080:80 nginx
8f083a9032d3e6d2798dafa13981fe322d78ba2e32fe7caf3b9c4a26f577f393

2° I can see the container interface in bridge and ping it

root@osz /e/s/network# brctl show br0
bridge name	bridge id		STP enabled	interfaces
br0		8000.82000a461088	no		eno1
							veth20ebda5

root@osz /e/s/network# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
8f083a9032d3        nginx               "nginx -g 'daemon of…"   10 seconds ago      Up 9 seconds        0.0.0.0:8080->80/tcp   strange_maxwell

root@osz /e/s/network# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 8f083a9032d3
192.168.1.1

root@osz /e/s/network# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.235 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.085 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.061 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.087 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.091 ms
^C
--- 192.168.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4066ms
rtt min/avg/max/mdev = 0.061/0.111/0.235/0.062 ms

3° Host side, after X seconds, interface get 'nodhcp' address, but 192.168.1.1 is still pingable

root@osz /e/s/network# ip a show veth20ebda5
21: veth20ebda5@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default 
    link/ether 2a:de:92:fb:53:6b brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::28de:92ff:fefb:536b/64 scope link 
       valid_lft forever preferred_lft forever

root@osz /e/s/network# ip a show veth20ebda5
21: veth20ebda5@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default 
    link/ether 2a:de:92:fb:53:6b brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 169.254.225.90/16 brd 169.254.255.255 scope global veth20ebda5
       valid_lft forever preferred_lft forever
    inet6 fe80::28de:92ff:fefb:536b/64 scope link 
       valid_lft forever preferred_lft forever

root@osz /e/s/network# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.100 ms
^C
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.100/0.100/0.100/0.000 ms

I think a bad route break my host connectivity

root@osz /e/s/network# ip route
default dev veth20ebda5 scope link 
default via 192.168.1.254 dev br0 proto dhcp src 192.168.1.20 metric 10 
169.254.0.0/16 dev veth20ebda5 proto kernel scope link src 169.254.225.90 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.20 
192.168.1.254 dev br0 proto dhcp scope link src 192.168.1.20 metric 10 

root@osz /e/s/network# ping www.google.fr
^C⏎                                                                                                                   

If i kill the container, connectivity comes back

root@osz /e/s/network# docker kill 8f083a9032d3e6d2798dafa13981fe322d78ba2e32fe7caf3b9c4a26f577f393 
8f083a9032d3e6d2798dafa13981fe322d78ba2e32fe7caf3b9c4a26f577f393

root@osz /e/s/network# ping www.google.fr
PING www.google.fr (216.58.198.195) 56(84) bytes of data.
64 bytes from par10s27-in-f195.1e100.net (216.58.198.195): icmp_seq=1 ttl=53 time=13.9 ms
^C
--- www.google.fr ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 13.910/13.910/13.910/0.000 ms

I'm a bit lost, any help would be appreciated.

Last edited by eolien (2019-11-08 21:20:29)

Offline

#2 2019-11-08 20:46:52

eolien
Member
Registered: 2015-05-19
Posts: 7

Re: Docker breaks host connectivity

It doesn't come from my bridge.
If i remove my bridge and configure my eno1 interface normally, problem still here.

Flushed every iptables, reinstalling docker, default configuration.
When i start a docker container, that strange route comes after 30sec....

I created an issue on docker/libnetwork : https://github.com/docker/libnetwork/issues/2481

Last edited by eolien (2019-11-08 21:20:00)

Offline

Board footer

Powered by FluxBB