Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-4396

Docker container might disrupt l4lb traffic

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Medium
    • Resolution: Duplicate
    • Affects Version/s: DC/OS 1.11.6, DC/OS 1.12.0
    • Fix Version/s: DC/OS 1.12
    • Component/s: dcos-net
    • Labels:
      None

      Description

      It was observed that in the soak112s cluster one of the private agents wasn't able to access the service via l4lb. The root cause was found out to be a Docker container which was forwarding the traffic on port 80 to itself via iptables rules. VIP traffic should still continue to work even when such a container is running.

      iptables rule that impacted the VIP traffic were:

      1. -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
      2. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.17.0.2:80

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dgoel Deepak Goel
                Reporter:
                dgoel Deepak Goel
                Team:
                Networking Team
                Watchers:
                Deepak Goel, Evan Lezar, Ivan Chernetsky, Sergey Urbanovich
              • Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: