I want to have two connected networks in my docker container.
Here is my docker-compose.yml:
services:
mycontainer:
image: ubuntu
command: tail -f /dev/null
networks:
- backend
- frontend
networks:
frontend:
driver: bridge
backend:
driver: bridge
I run container by:
docker-compose up -d
Then I attach to container using docker exec -it [container ID] bash and install necessary packages to use ifconfig and curl.
Problem
There are two interface currently and I want use them to connect to the internet:
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.24.0.2 netmask 255.255.0.0 broadcast 172.24.255.255
ether 02:42:ac:18:00:02 txqueuelen 0 (Ethernet)
RX packets 13903 bytes 26859192 (26.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10592 bytes 814165 (814.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.23.0.2 netmask 255.255.0.0 broadcast 172.23.255.255
ether 02:42:ac:17:00:02 txqueuelen 0 (Ethernet)
RX packets 39 bytes 5444 (5.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 252 (252.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 18 bytes 1638 (1.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 1638 (1.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The problem is that eth0 is connected to internet but eth1 is not connected!
The result for eth0:
# curl --interface eth0 https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
here.
</BODY></HTML>
But eth1 is not connected:
# curl --interface eth1 https://google.com
curl: (7) Failed to connect to google.com port 443 after 3082 ms: No route to host
How can I connect eth1 interface to host and respectively to internet?
Related
I use docker-compose to operate with 3 containers and a network with the bridge driver.
Network is created with following command:
docker network create -d bridge --subnet 192.168.60.0/24 --gateway 192.168.60.1 mynet
The problem is that containers are not available by their address from host machine:
curl: (7) Failed to connect to 192.168.60.3 port 80: Connection refused. I know exactly that container is running and listening on the port.
From the inside of container host machine is unavailable either: curl: (7) Failed to connect to 192.168.60.1.
There must be some trouble with driver, because the network is not listed in interfaces. I did the same thing on another machine and found all docker networks with names likevethXXXXXXX. But on this machine ifconfig -a shows:
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:98:c3:b9:63 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 41250 bytes 11892280 (11.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 41250 bytes 11892280 (11.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.43 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::65e5:6492:9305:2d71 prefixlen 64 scopeid 0x20<link>
ether d4:3b:04:74:5c:48 txqueuelen 1000 (Ethernet)
RX packets 693406 bytes 537178014 (537.1 MB)
RX errors 0 dropped 884 overruns 0 frame 0
TX packets 2803399 bytes 572926991 (572.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
What kind of problem it could be? Why the network is not shown in interfaces list?
I created two docker containers and connected them to the same network, but either of the container cannot connect to the other one.
I have tried the steps on this page, but none of the methods worked.
Anything else I can try?
docker run -d --name db1 -e POSTGRES_PASSWORD=password postgres:10-alpine
docker run -d --name db2 -e POSTGRES_PASSWORD=password postgres:10-alpine
docker network create myNetwork
docker network connect myNetwork db1
docker network connect myNetwork db2
# make sure that the network has 2 containers
docker inspect myNetwork
docker exec -it db1 ping db2
PING db2 (172.18.0.4): 56 data bytes
^C
--- cvat_db ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
docker exec -it db1route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.18.0.1 0.0.0.0 UG 0 0 0 eth0
172.18.0.0 * 255.255.0.0 U 0 0 0 eth0
#ifconfig
br-3f4022544f42: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::42:e5ff:fe9f:33bc prefixlen 64 scopeid 0x20<link>
ether 02:42:e5:9f:33:bc txqueuelen 0 (Ethernet)
RX packets 21 bytes 1164 (1.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 44 bytes 5656 (5.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:b9ff:fe47:f00c prefixlen 64 scopeid 0x20<link>
ether 02:42:b9:47:f0:0c txqueuelen 0 (Ethernet)
RX packets 1 bytes 28 (28.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 54 bytes 6637 (6.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
What I'm doing is connecting two docker containers using OVS-DPDK to test throughput between then (using sockperf or iperf3). For this, I've been suggested to use TAP interfaces.
What is expected is that container A passes/receives traffic from TAP0 and container B sends/receives traffic from the TAP1 interface. TAP0 must send traffic to TAP1 over userspace OVS-DPDK and vise versa.
But unfortunately, I can't get the traffic to go to the TAP interfaces.
Here is what I'm doing (based on this answer):
On the host OS:
sudo ./utilities/ovs-vsctl add-br br0 -- set bridge br0 datapath_type=netdev
sudo ./utilities/ovs-vsctl add-port br0 myeth0 -- set Interface myeth0 type=dpdk options:dpdk-devargs=net_tap0,iface=tap0
sudo ./utilities/ovs-vsctl add-port br0 myeth1 -- set Interface myeth1 type=dpdk options:dpdk-devargs=net_tap1,iface=tap1
sudo ./utilities/ovs-ofctl add-flow br0 in_port=1,action=output:2
sudo ./utilities/ovs-ofctl add-flow br0 in_port=2,action=output:1
It creates two TAP interfaces (shown in ifconfig) and two OVS-DPDK ports (myeth0 and myeth1)
Then I assign IP to the TAP interfaces:
sudo ip addr add 173.17.0.1/24 dev tap0
sudo ip addr add 173.17.1.1/24 dev tap1
sudo ip link set tap0 up
sudo ip link set tap1 up
And then run the docker containers:
docker run -it --rm --name=server -p 5201:5201 --entrypoint /bin/bash "networkstatic/iperf3"
docker run -it --rm --name=client --entrypoint /bin/bash "networkstatic/iperf3"
The traffic goes through docker created venth interfaces and nothing goes through TAP interfaces (As I check in ifconfig).
What is the correct way to connect two containers using OVS-DPDK and TAP interface in Linux?
EDIT:
Output of ifconfig:
tap0: flags=4931<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,MULTICAST> mtu 1500
inet6 fe80::3847:cbff:fe27:3c2e prefixlen 64 scopeid 0x20<link>
ether 3a:47:cb:27:3c:2e txqueuelen 1000 (Ethernet)
RX packets 16 bytes 2447 (2.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 29 bytes 3545 (3.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap1: flags=4931<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,MULTICAST> mtu 1500
inet6 fe80::2835:bcff:fe4c:4f0e prefixlen 64 scopeid 0x20<link>
ether 2a:35:bc:4c:4f:0e txqueuelen 1000 (Ethernet)
RX packets 12 bytes 1203 (1.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 2447 (2.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth8f1f04e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::50bf:f2ff:fed9:e03b prefixlen 64 scopeid 0x20<link>
ether 52:bf:f2:d9:e0:3b txqueuelen 0 (Ethernet)
RX packets 2047606 bytes 135148094 (135.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2717619 bytes 119774365333 (119.7 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethb6e1780: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::382b:e0ff:fe8f:afa0 prefixlen 64 scopeid 0x20<link>
ether 3a:2b:e0:8f:af:a0 txqueuelen 0 (Ethernet)
RX packets 2717563 bytes 119774357789 (119.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2047637 bytes 135151896 (135.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I am trying to set up a pihole docker instance running on a macvlan on a Raspberry Pi 4B.
I am unable to ping the external internet from my container.
I've managed to reduce the problem for replication:
Create a macvlan on wlan0, which has promiscuous mode enabled.
Launch a docker container and attempt to ping the external world.
Details:
I'm running a raspberry pi 4, using the wlan0 interface. I have enabled promiscuous mode on wlan0
I create the macvlan network with docker network create -d macvlan --subnet=10.0.37.27/24 --gateway=10.0.37.1 --ip-range 10.0.37.65/29 -o parent=wlan0 --aux-address="pi4=10.0.37.69" macvlan0 - this creates a child interface called macvlan0 under wlan0. This means that containers will get assigned IP's from .65-.70
I then run a busybox container to ping my wlan0 physical IP: docker run --net=macvlan0 busybox ping 10.0.37.27. This works.
If I try to ping 1.1.1.1 or even the gateway at 10.0.37.1, it fails
I verified the routing table is correct with docker run --net=macvlan0 busybox ip route get 1.1.1.1 and I get a result 1.1.1.1 via 10.0.37.1 dev eth0 src 10.0.37.64, which is perfectly reasonable.
Analysis:
I don't understand what is going on. I'm able to ping my container from my host, and my host from my container ( I set up a macvlan-shim).
My ip route and route -n show reasonable routing tables
And yet, ping externally fails. I'm very confused.
ifconfig on the pi4
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:c5:da:e3:84 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether dc:a6:32:08:56:eb txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 483666 bytes 87269371 (87.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 483666 bytes 87269371 (87.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
macvlan-shim: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.37.69 netmask 255.255.255.248 broadcast 0.0.0.0
inet6 fe80::bcd6:6fff:fe61:4eaf prefixlen 64 scopeid 0x20<link>
ether be:d6:6f:61:4e:af txqueuelen 1000 (Ethernet)
RX packets 94178 bytes 21676941 (21.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 227298 bytes 9556744 (9.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 10.0.37.27 netmask 255.255.255.0 broadcast 10.0.37.255
inet6 fe80::dea6:32ff:fe08:56ec prefixlen 64 scopeid 0x20<link>
ether dc:a6:32:08:56:ec txqueuelen 1000 (Ethernet)
RX packets 401557 bytes 108910986 (108.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 719387 bytes 112456816 (112.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I'm have eclipse che running natively on a CentOS 7 instance at google cloud platform.
I'm able to get che interface on my browser, but cannot start a project.
from my che.properties file
machine.docker.local_node_host=172.17.0.1
api.endpoint=http://_my instance external IP_:${SERVER_PORT}/ide/api
from my /etc/hosts (putted manualy):
172.17.0.1 che-host
installed Docker as pre-requirement
Docker version 1.10.3, build 20f81dd
from my ~/.bash_profile file
export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.77-0.b03.el7_2.x86_64
export CHE_HOME=/opt/eclipse-che-4.1.0
export CHE_LOCAL_CONF_DIR=$CHE_HOME/conf
export CHE_DOCKER_MACHINE_HOST=172.17.0.1
ifconfig output
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:68ff:fe05:66b1 prefixlen 64 scopeid 0x20<link>
ether 02:42:68:05:66:b1 txqueuelen 0 (Ethernet)
RX packets 3025 bytes 334688 (326.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2563 bytes 390278 (381.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet <google internal network IP for instance> netmask 255.255.255.255 broadcast 10.132.0.2
inet6 fe80::4001:aff:fe84:2 prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:84:00:02 txqueuelen 1000 (Ethernet)
RX packets 402499 bytes 1381254390 (1.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 292323 bytes 58381431 (55.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 1061 bytes 57399 (56.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1061 bytes 57399 (56.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth53e0def: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::1005:77ff:fe1d:83a4 prefixlen 64 scopeid 0x20<link>
ether 12:05:77:1d:83:a4 txqueuelen 0 (Ethernet)
RX packets 42 bytes 6574 (6.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40 bytes 7991 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
firewalld rules for trusted zone
instance-1 ~]$ sudo firewall-cmd --permanent --zone=trusted --list-all
trusted (default, active)
interfaces: docker0
sources:
services:
ports: 32768-65535/tcp 32768-65535/udp 4243/tcp 4401/tcp 4411/tcp 4403/tcp 22/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
output from che console in browser
[STDOUT] 2016-04-05 19:40:39,511[main] [INFO] [o.a.c.http11.Http11NioProtocol 470] - Starting ProtocolHandler ["http-nio-4401"]
[STDOUT] 2016-04-05 19:40:39,515[main] [INFO] [o.a.catalina.startup.Catalina 642] - Server startup in 4795 ms
[STDOUT] 2016-04-05 19:40:39,515[main] [INFO] [o.a.catalina.startup.Catalina 642] - Server startup in 4795 ms
[STDOUT] 2016-04-05 19:40:39,712[nio-4401-exec-1] [WARN ] [i.ContainerResponse$BodyWriter 90] - Client has aborted connection. Response writing omitted.
[STDOUT] 2016-04-05 19:40:39,712[nio-4401-exec-1] [WARN ] [i.ContainerResponse$BodyWriter 90] - Client has aborted connection. Response writing omitted.
this happens in Starting workspace agent stage, after below stages
Initializing workspace ... completed
Starting workspace runtime ... completed
```
the answer I got from the guys at che github repo is that :
The problem here is that browser tries to connect to a workspace agent and it uses CHE_DOCKER_MACHINE_HOST which is also used by the server to ping ws-agent.
So, CHE_DOCKER_MACHINE_HOST should be an externally available IP.
So, I understand from that that docker0 needs to have an external IP as well,
Any idea how to switch IP from the default 172.17.0.1 IP to an external IP for docker0 interface?