The DC/OS documentation says Docker 1.13 is supported, however it looks like they changed the default iptables configuration as of 1.13 for improved security, which unfortunately breaks virtual networking.
As of 1.13 the docker daemon sets iptables --policy FORWARD DROP, so when incoming packets reach the vtep1024 interface they are just dropped instead of being forwarded on to the d-dcos interface.
There's some discussion about it here:
And Kubernetes reports the same issue with Docker 1.13 (just for reference):
The installation where I saw this problem was using DC/OS 1.9 on CentOS 7.3 with Docker 1.13.1.
Luckily, Docker 1.12.6 works without any issues. Maybe this can be resolved with a documentation update saying that only docker 1.11 and 1.12 are supported with virtual networking.