Docker networking only works with --net=host

11
votes

Edit: I've managed to realize that the issue is with bridge networking, as network functionality seems fine with --net=host.

docker run -it --net=host busybox ping -c 1 8.8.8.8 works consistently.

Looking at this thread on reddit Docker network problem. Only works with --net=host the OP's issue was resolved by uninstalling ebtables. I've done the same but still have the same problem.

--

I've read through numerous threads (see below) trying to get to the bottom of an issue I'm having installing Discourse through a docker instance which fails when it tries to pull from github. Most threads point to issues in DNS, but I realized it's something else as I can't ping a static IP address either.

The discourse install fails with: cd /pups && git pull && /pups/bin/pups --stdin fatal: unable to access 'https://github.com/discourse/pups.git/': Could not resolve host: github.com

The oddest thing is that it works immediately after a restart:

systemctl restart docker

docker run -it busybox ping -c 1 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=58 time=0.646 ms

--- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.646/0.646/0.646 ms

docker run -it busybox ping -c 1 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss

No matter what, the subsequent call fails. I'm confused how to go about debugging this.

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:        18.04
Codename:       bionic
Docker version 18.09.5, build e8ff056 (released 2019-04-11)

Attempted fixes:

1
dockernetworking
What does cat /etc/resolv.conf return?Alassane Ndiaye
@AlassaneNdiaye it returns nameserver 127.0.0.53 options edns0 - which I understand is problematic from a DNS perspective, but shouldn't pining a static IP still work?waffl
It depends, does ip -r show a default route? If not, you should add a default route to your gateway. Also, did you change your DHCP settings recently by any chance? This reminds me of an issue I once had.Alassane Ndiaye
ip -r does indeed show a default route to the gateway. I don't think anything has changed as it's a newly provisioned server. I've done all sorts of other tests in the meantime (disabled ipv6, made a custom bridge, flushed all iptables to default) - and same thing, the docker0 bridge always loses its ip address after a network connection is initiated (only has an ether address). One thing I did notice is that it the system's network interface is ens5 vs the typical eth0 if it matters.waffl
That's very odd. Assuming something is wrong with the default bridge, what happens if you create a new network using docker network create my-net and docker container run --network my-net .... If that fixes the issue, you know the problem is caused by the default docker bridge configuration.Alassane Ndiaye

1 Answers

1
votes

Docker is used for local host development testing, so the testing is configured to serve locally. If you want to talk to other hosts, try Docker Swarm, it might solve your direction for host to host communication and the other perks that Docker Swarm can do.

We might need to see more of your Dockerfile. The docker run commands you have presented are using the "-it" flag, which is for interactive mode for the container busybox you create. (Using your commands listed.)

I haven't used the --net flag, but from the course I took on Docker, after running a simple container you can build and create services that use network overlay techniques for Docker Swarm mode. https://docs.docker.com/network/overlay/

Disclosure: I took a Docker Course from Bret Fisher on Udemy.