Uploaded image for project: 'DC/OS'
  1. DC/OS
  2. DCOS_OSS-992

Docker 1.13.1 does not work with virtual networking

    Details

    • Sprint:
      Networking Team 1.10 Sprint 4

      Description

      The DC/OS documentation says Docker 1.13 is supported, however it looks like they changed the default iptables configuration as of 1.13 for improved security, which unfortunately breaks virtual networking.

      As of 1.13 the docker daemon sets iptables --policy FORWARD DROP, so when incoming packets reach the vtep1024 interface they are just dropped instead of being forwarded on to the d-dcos interface.

      There's some discussion about it here:

      https://github.com/moby/moby/issues/23987

      And Kubernetes reports the same issue with Docker 1.13 (just for reference):

      https://github.com/kubernetes/kubernetes/issues/40182

      The installation where I saw this problem was using DC/OS 1.9 on CentOS 7.3 with Docker 1.13.1.

      Luckily, Docker 1.12.6 works without any issues. Maybe this can be resolved with a documentation update saying that only docker 1.11 and 1.12 are supported with virtual networking.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dgoel Deepak Goel
                Reporter:
                jordanjennings jordanjennings
                Watchers:
                Avinash Sridharan (Inactive), jordanjennings, JulienBodin86
              • Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support

                    NextupJiraPlusStatus

                    Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your JIRA administrators.