Develop Reference

No internet through docker

At my office's network I started getting this issue with internet access in docker last week. Here's what happens:
➜ docker run busybox nslookup google.com
;; connection timed out; no servers could be reached
➜ nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 216.58.207.238
Name: google.com
Address: 2a00:1450:400f:80c::200e
➜ docker run busybox cat /etc/resolv.conf
# Generated by resolvconf
nameserver 8.8.8.8
nameserver 1.1.1.1
options edns0
➜ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 8.8.8.8
nameserver 1.1.1.1
options edns0
➜ docker run busybox route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 * 255.255.0.0 U 0 0 0 eth0
➜ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 3003 0 0 wlp59s0
10.180.91.0 0.0.0.0 255.255.255.0 U 3003 0 0 wlp59s0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.56.0 0.0.0.0 255.255.255.0 U 0 0 0 vboxnet0
➜ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:72ff:fe03:3615 prefixlen 64 scopeid 0x20<link>
ether 02:42:72:03:36:15 txqueuelen 0 (Ethernet)
RX packets 32 bytes 1696 (1.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 91 bytes 11764 (11.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 116 bytes 13670 (13.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 116 bytes 13670 (13.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vboxnet0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.56.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 0a:00:27:00:00:00 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp59s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.180.91.211 netmask 255.255.255.0 broadcast 10.180.91.255
inet6 fe80::bae8:a31d:41ba:b1b7 prefixlen 64 scopeid 0x20<link>
inet6 fe80::aa6d:aaff:fe2b:98a prefixlen 64 scopeid 0x20<link>
ether a8:6d:aa:2b:09:8a txqueuelen 1000 (Ethernet)
RX packets 64726 bytes 71990806 (68.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21695 bytes 7359838 (7.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
➜ docker run busybox ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:200 (200.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
➜ docker network ls
NETWORK ID NAME DRIVER SCOPE
7596438b2c25 bridge bridge local
617a6542f360 host host local
2575c2c192a9 none null local
➜ docker run --network host busybox nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8:53
Non-authoritative answer:
Name: google.com
Address: 216.58.207.238
Non-authoritative answer:
Name: google.com
Address: 2a00:1450:400f:80c::200e
➜ docker run --network bridge busybox nslookup google.com
;; connection timed out; no servers could be reached
If I instead of using the office wifi use the hotspot through my phone, then I don't have this issue. However, no one else in the office has this issue. What can I do to debug this further?

Static IP on docker container not working

My ISP has given me a 10 IP addresses. x.x.x.91-95 and x.x.x.161-165
I want to use 9 of them for my containers.
I have the host eth0 on x.x.x.91
So I did:
docker network create --subnet x.x.x.0/24 --gateway x.x.x.254 mynet
and then
docker run -it --net mynet --ip x.x.x.165 ubuntu /bin/bash
But I can't connect out
PING 8.8.8.8 (8.8.8.8): 56 data bytes
3 packets transmitted, 0 packets received, 100% packet loss
# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:5b:cc:d2:a5
inet addr:x.x.x.165 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1296 (1.2 KB) TX bytes:504 (504.0 B)
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 x.x.x.254 0.0.0.0 UG 0 0 0 eth0
x.x.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Any ideas?
Docker version 17.09.0-ce, build afdb6d4

I switched to the Macvlan driver (as suggested by Matt)
https://docs.docker.com/engine/userguide/networking/get-started-macvlan/

Docker container can't reach or ping WAN using macvlan network driver

I'm trying to configure a Docker network using the macvlan driver, but my containers can't reach the gateway or the WAN.
The network is set up like so:
docker network create -d macvlan --subnet=10.1.1.0/24 --ip-range=10.1.1.160/28 --gateway=10.1.1.1 -o parent=ens160 pub_net
The host OS is Ubuntu 16.04, which itself is a VM running on ESXi (lots of layers, I know). The ens160 interface is connected to an ESXi vSwitch ("LAN"). The gateway (10.1.1.1) is a pfSense VM on the same machine, and connected to the same "LAN" vSwitch. The pfSense VM is also connected to a "WAN" vSwitch which physically connects to the upstream network. The Ubuntu host OS has an IP and full WAN connectivity, but the Docker container does not.
Some details about the Ubuntu host:
host$ ifconfig
docker0 Link encap:Ethernet HWaddr aa:bb:cc:00:e2:77
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ens160 Link encap:Ethernet HWaddr aa:bb:cc:9b:be:f2
inet addr:10.1.1.22 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::c7b7:d64c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64642 errors:0 dropped:0 overruns:0 frame:0
TX packets:1881 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19190911 (19.1 MB) TX bytes:169266 (169.2 KB)
ens192 Link encap:Ethernet HWaddr aa:bb:cc:9b:be:fc
inet addr:10.2.2.22 Bcast:10.2.2.255 Mask:255.255.255.0
inet6 addr: fe80::bb15:267d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:294 errors:0 dropped:10 overruns:0 frame:0
TX packets:515 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:57996 (57.9 KB) TX bytes:63258 (63.2 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2637 errors:0 dropped:0 overruns:0 frame:0
TX packets:2637 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:204727 (204.7 KB) TX bytes:204727 (204.7 KB)
host$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.2.2.1 0.0.0.0 UG 100 0 0 ens192
0.0.0.0 10.1.1.1 0.0.0.0 UG 101 0 0 ens160
10.1.1.0 0.0.0.0 255.255.255.0 U 100 0 0 ens160
10.2.2.0 0.0.0.0 255.255.255.0 U 100 0 0 ens192
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 ens192
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
Switching to the Docker container, and details there:
host$ sudo docker run --net=pub_net -it alpine /bin/sh
container$ ifconfig
eth0 Link encap:Ethernet HWaddr AA:BB:CC:01:01:A0
inet addr:10.1.1.160 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::42:1a0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1789 (1.7 KiB) TX bytes:634 (634.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:224 (224.0 B) TX bytes:224 (224.0 B)
container$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.1.1 0.0.0.0 UG 0 0 0 eth0
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
As mentioned, if I ping 10.1.1.1 (or any other external IP) from within the container I get no response. If I ping another Docker container on the same host I do get a response.
What do I need to change so that the container can reach the WAN?

You need to turn on promiscuous mode and allow forged transmits for your LAN vSwitch. This is because macvlan mode requires the guest to be listening for the falsified MAC addresses as well as be able to falsify MAC addresses.
VMware Knowledge Base article on promiscuous mode
VMware documentation on forged transmits

MirageOS and Xen - Virtual interface unable to acquire IP address

I've compiled and built a MirageOS unikernel for XEN following this guide https://github.com/mirage/mirage-www/blob/master/tmpl/wiki/hello-world.md (mostly last part, Step 4, stackv4) but after I launch it I'm not able to pass the DHCP discovery phase, as shown in the following log:
Parsing config from stackv4.xl
Xen Minimal OS!
Initialising console ... done.
getenv(OCAMLRUNPARAM) -> null
getenv(CAMLRUNPARAM) -> null
getenv(PATH) -> null
Unsupported function lseek called in Mini-OS kernel
Unsupported function lseek called in Mini-OS kernel
Unsupported function lseek called in Mini-OS kernel
getenv(OCAMLRUNPARAM) -> null
getenv(CAMLRUNPARAM) -> null
getenv(TMPDIR) -> null
getenv(TEMP) -> null
Netif: add resume hook
Netif.connect 0
Netfront.create: id=0 domid=0
sg:true gso_tcpv4:true rx_copy:true rx_flip:false smart_poll:false
MAC: 00:16:3e:7e:c0:0d
Attempt to open(/dev/urandom)!
Unsupported function getpid called in Mini-OS kernel
Unsupported function getppid called in Mini-OS kernel
Manager: connect
Manager: configuring
DHCP: start discovery
Sending DHCP broadcast (length 552)
DHCP: start discovery
Sending DHCP broadcast (length 552)
DHCP: start discovery
Sending DHCP broadcast (length 552)
DHCP: start discovery
....
My MirageOS unikernel configuration:
name = 'stackv4'
kernel = '/home/mirage/mirage-skeleton/stackv4/mir-stackv4.xen'
builder = 'linux'
memory = 256
on_crash = 'preserve'
disk = [ ]
# if your system uses openvswitch then either edit /etc/xen/xl.conf and set
# vif.default.script="vif-openvswitch"
# or add "script=vif-openvswitch," before the "bridge=" below:
vif = [ 'bridge=xenbr0' ]
My network configuration:
eth0 Link encap:Ethernet HWaddr 02:01:06:02:83:c0
inet6 addr: fe80::1:6ff:fe02:83c0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:110876 errors:0 dropped:0 overruns:0 frame:0
TX packets:14602 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9736700 (9.7 MB) TX bytes:1999992 (1.9 MB)
Interrupt:117
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:384394 errors:0 dropped:0 overruns:0 frame:0
TX packets:384394 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26761500 (26.7 MB) TX bytes:26761500 (26.7 MB)
vif16.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58 errors:0 dropped:0 overruns:0 frame:0
TX packets:11289 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:33640 (33.6 KB) TX bytes:778590 (778.5 KB)
xenbr0 Link encap:Ethernet HWaddr 02:01:06:02:83:c0
inet addr:131.159.24.167 Bcast:131.159.25.255 Mask:255.255.254.0
inet6 addr: fe80::1:6ff:fe02:83c0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:110689 errors:0 dropped:0 overruns:0 frame:0
TX packets:11987 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8328727 (8.3 MB) TX bytes:1703101 (1.7 MB)
My bridge configuration:
bridge name bridge id STP enabled interfaces
xenbr0 8000.0201060283c0 no eth0
vif16.0
My /etc/network/interface:
auto lo
iface lo inet loopback
auto eth0
#iface eth0 inet dhcp
# up ip link set eth0 up
iface eth0 inet manual
auto xenbr0
iface xenbr0 inet dhcp
bridge_ports eth0
I'm trying to understand what is the problem but everything appears to be correct (according to this other guide http://wiki.xen.org/wiki/Network_Configuration_Examples_(Xen_4.1%2B)#Example_Debian-style_bridge_configuration_.28e.g._Debian.2C_Ubuntu.29).

Some suggestions:
Check you're actually running a DHCP server.
Run tcpdump or wireshark on the bridge machine (probably dom0) and see what traffic there is. Do you see the DHCP request?
Try configuring a static IP address and see if that works.
Try running a Linux guest and see if DHCP works there (and compare packet captures for that).

I config docker bridge but now the network in container can't work will

I want to specify the docker container's IP address range to the host's, which has also been realized followed this tutor, WHILE it is still inaccessible to the global network. Of course I have checked the IP specified through ifconfig.
THEN, could you give me some suggestion or solution to this problem?
root#ubuntu:~# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.000000000000 no
root#ubuntu:~# brctl addbr bridge0
root#ubuntu:~# ip addr add 10.0.3.1/24 dev bridge0
root#ubuntu:~# ip link set dev bridge0 up
root#ubuntu:~# ip addr show bridge0
4: bridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:3a:46:ac:fe:57 brd ff:ff:ff:ff:ff:ff
inet 10.0.3.1/24 scope global bridge0
inet6 fe80::c3a:46ff:feac:fe57/64 scope link
valid_lft forever preferred_lft forever
root#ubuntu:~# echo 'DOCKER_OPTS="-b=bridge0"' >> /etc/default/docker
root#ubuntu:~# service docker restart
docker stop/waiting
docker start/running, process 3166
Then, I run ubuntu:14.04 container
root#ubuntu:~# docker run -t -i ubuntu:14.04 /bin/bash
root#630046b814dc:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:0a:00:03:02
inet addr:10.0.3.2 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::42:aff:fe00:302/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:238 (238.0 B) TX bytes:328 (328.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
When I try ping host IP
root#630046b814dc:/# ping 10.0.3.87
PING 10.0.3.87 (10.0.3.87) 56(84) bytes of data.
From 10.0.3.2 icmp_seq=1 Destination Host Unreachable
From 10.0.3.2 icmp_seq=2 Destination Host Unreachable
From 10.0.3.2 icmp_seq=3 Destination Host Unreachable