none
Unable to ping containers created with transparent network from other hosts. RRS feed

  • Question

  • Environment : Windows Server 2016 in Azure 

    Docker Version : 1.12.2-cs2-ws-beta

    Kernel Version: 10.0 14393 (14393.321.amd64fre.rs1_release_inmarket.161004-2338)

    -----------------------------

    I have created a transparent network with

    docker network create -d transparent trans

    and created two containers say A and B in the same network.  I am able to ping A from B and vice versa.  But i am NOT able to ping the containers from its host and of course from any other machines.  Then i removed previous and created a network with subnet as

    docker network create -d transparent --subnet=10.5.0.1/23 --gateway=10.5.0.4 trans

    where the subnet & gateway are same as the container host.   Then created a container in the network as

    docker run -d --network trans --ip 10.5.0.20 microsoft/iis

    Now i am able to ping container's IP from the host machine.  But UNABLE to ping the containers from different host and also most importantly, from the container unable to ping the VM where SQL Server is running.  Note, all the VMs are in the same Azure Virtual network.  

    Not sure if this is related to MacAddressSpoofing??  According to Windows Server Containers Article, MacAddressSpoofing should be enabled in VM host.  As this is Azure VM, its not possible to enable MacAddressProofing. 

    Any help will be greatful.

    Further analysis in case helps

    Created a transparent network as

    docker network create -d transparent -o com.docker.network.windowsshim.interface="Ethernet" --subnet=10.5.0.0/24 --gateway=10.5.0.1 trans

    <<<<<   In Container Host >>>>>

    PS C:\Users\server_admin> Get-NetAdapter

    Name                      InterfaceDescription                    ifIndex Status       MacAddress        LinkSpeed
    ----                      --------------------                    ------- ------       ----------        ---------
    vEthernet (HNSTranspar... Hyper-V Virtual Ethernet Adapter #2          13 Up           00-0D-3A-81-81-FC   10 Gbps
    vEthernet (HNS Interna... Hyper-V Virtual Ethernet Adapter              9 Disabled     00-15-5D-D3-24-FA   10 Gbps
    Ethernet                  Microsoft Hyper-V Network Adapter             5 Up           00-0D-3A-81-81-FC   10 Gbps



    Created a container in the above trans network

    docker run -d --network trans --ip 10.5.0.51 microsoft/iis ping -t 127.0.0.1


    <<<<<   Within Container  >>>>>
    PS C:\> Get-NetAdapter

    Name                      InterfaceDescription                    ifIndex Status       MacAddress          LinkSpeed
    ----                      --------------------                    ------- ------       ----------          ---------
    vEthernet (Temp Nic Name) Hyper-V Virtual Ethernet Adapter #3          19 Up           00-15-5D-DE-8D-6E     10 Gbps


    The adapter name shown within the container is a new one (Adapter #3, including MacAdress).  Is this the reason for not able to ping the other servers in the Network?  Can someone please explain?

    kind regards,

    Sasi


    • Edited by SasiR Monday, October 17, 2016 2:39 PM
    Monday, October 17, 2016 5:24 AM

All replies

  • I'm having similar issues not in Azure but just on a 2016 server.

    I've set up a transparent network and run the container up with a specified Ip address (and DNS server as that's not included by default?!). I can't even ping the default gateway.

    Shout if you've found anything subsequently.

    Monday, October 24, 2016 3:22 PM
  • Andrew,

    I had the same issue on my on premise 2016 server.  I had to enable mac address spoofing to get this to work.  The documentation is misleading because it makes you think you only need mac address spoofing if you want your containers to receive DHCP addresses from an external DHCP server.  Anyhow, try enabling by running the command below on your Hyper-V host server assuming your container host is virtual sitting on a Hyper-V host

    Get-VMNetworkAdapter -VMName <name of vm that is your container host> | set-VMNetworkAdapter -MacAddressSpoofing On

    As for the original question, I am very much interested in the solution.

    -Pete

    Wednesday, November 23, 2016 2:16 PM
  • Thanks for the reply. Yes already aware of that, however I'm running this under VMWare so this command does not work.

    Current issue is that container is running with a transparent network but does not pick up a DHCP address from the external DHCP server. Instead it sets itself a static IP address which happens to be valid for the subnet it is on.

    No idea where it is getting the static IP from as I've not defined it anywhere!

    So basic connectivity is there but because it is not DHCP, its not got a DNS server so can't resolve anything . (and can't as a workaround obviously update the host file as you are not allowed to do that within the comntainer - for obvious reasons)

    Very odd. A colleague set the same thing up on their home lab, also VMware and it worked for them so not sure why this is behaving the way it is.

    Wednesday, November 23, 2016 3:02 PM
  • On VMWare you have to enable promiscuous mode. This should help...
    • Edited by Jakub Vanak Thursday, November 24, 2016 8:53 PM
    Thursday, November 24, 2016 8:51 PM
    • Edited by Jakub Vanak Thursday, November 24, 2016 8:57 PM
    Thursday, November 24, 2016 8:56 PM
  • I fixed my issue, passing on here for peoples information.

    My container on the transparent network was not configured for a DHCP address. It had a static IP address (valid) but no DNS servers.

    Turns out there was another DHCP server on the same subnet (a cloned vm that I knew nothing about).

    once it was switched off leaving the solitary DHCP I had set up, the container now picks up a DHCP address and network connectivity is ok.

    Very bizarre issue and not obvious at all.

    Wednesday, December 14, 2016 12:59 PM
  • Hi, Jakub!

    After enabling promiscuous mode transparent networking on windows container start working. Because of security issue, it may work for lab environment.

    Did you find permanent resolution for production?

    Thank you

    Tuesday, January 10, 2017 5:27 PM