[DCOS_OSS-4396] Docker container might disrupt l4lb traffic Created: 26/Oct/18  Updated: 01/May/19  Resolved: 01/May/19

Status: Resolved
Project: DC/OS
Component/s: dcos-net
Affects Version/s: DC/OS 1.11.6, DC/OS 1.12.0
Fix Version/s: DC/OS 1.12

Type: Bug Priority: Medium
Reporter: Deepak Goel Assignee: Deepak Goel
Resolution: Duplicate  
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
is duplicated by DCOS_OSS-5061 Conflict between VIP port and port ma... Resolved
Team: DELETE Networking Team
Deepak Goel, Evan Lezar, Ivan Chernetsky (Inactive), Sergey Urbanovich (Inactive)


It was observed that in the soak112s cluster one of the private agents wasn't able to access the service via l4lb. The root cause was found out to be a Docker container which was forwarding the traffic on port 80 to itself via iptables rules. VIP traffic should still continue to work even when such a container is running.

iptables rule that impacted the VIP traffic were:

1. -A OUTPUT ! -d -m addrtype --dst-type LOCAL -j DOCKER
2. -A DOCKER ! -i docker0 -p tcp -m tcp --dport 80 -j DNAT --to-destination

Comment by Evan Lezar [ 02/Nov/18 ]

There is also a container running on the soak111 cluster (agent int-agent12-soak111).

Comment by Catherine Southard [ 16/Nov/18 ]

Updating the fixVersion to 1.12 since this has not yet landed.

Comment by Deepak Goel [ 01/May/19 ]

This is a duplicate of DCOS_OSS-5061

Generated at Sat Jan 22 02:03:14 CST 2022 using JIRA 7.8.4#78004-sha1:5704c55c9196a87d91490cbb295eb482fa3e65cf.