Can't communicate between docker from bridge to vlan

[yquirion]

Dear all,

 

I'm having an issue and I'm unable to fix it. I've made many search, but all of them didn't help me solving the problem.

 

I have two dockers; one is using the br0.xx interface which has been configured for xx VLAN. In my case, this is vlan 147, so the network is br0.147.

 

The other docker is using the bridge infertace and will have an IP in the subnet 172.17.0.0/16 being assigned.

 

Here is the "ifconfig" from the "bridge" docker:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.4  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:04  txqueuelen 0  (Ethernet)
        RX packets 55  bytes 9319 (9.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

The is ipconfig output from the docker using br0.147 interface:

eth0      Link encap:Ethernet  HWaddr 5C:F9:DD:74:4A:2D  
          inet addr:192.168.147.46  Bcast:192.168.147.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:888970 errors:0 dropped:0 overruns:0 frame:0
          TX packets:568976 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:755281824 (720.2 MiB)  TX bytes:37585820 (35.8 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:546 errors:0 dropped:0 overruns:0 frame:0
          TX packets:546 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:302203 (295.1 KiB)  TX bytes:302203 (295.1 KiB)

 

Now, from the docker using the br0.147 interface, I will try some ping tests:

PING 192.168.147.1 (192.168.147.1): 56 data bytes
64 bytes from 192.168.147.1: seq=0 ttl=64 time=0.132 ms
64 bytes from 192.168.147.1: seq=1 ttl=64 time=0.166 ms
64 bytes from 192.168.147.1: seq=2 ttl=64 time=0.169 ms
64 bytes from 192.168.147.1: seq=3 ttl=64 time=0.151 ms
^C
--- 192.168.147.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.132/0.154/0.169 ms
/opt/shinobi # ping 192.168.147.45
PING 192.168.147.45 (192.168.147.45): 56 data bytes
64 bytes from 192.168.147.45: seq=0 ttl=64 time=1.016 ms
64 bytes from 192.168.147.45: seq=1 ttl=64 time=0.814 ms
64 bytes from 192.168.147.45: seq=2 ttl=64 time=0.768 ms
^C
--- 192.168.147.45 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.768/0.866/1.016 ms
/opt/shinobi # ping 192.168.147.46
PING 192.168.147.46 (192.168.147.46): 56 data bytes
64 bytes from 192.168.147.46: seq=0 ttl=64 time=0.062 ms
64 bytes from 192.168.147.46: seq=1 ttl=64 time=0.040 ms
^C
--- 192.168.147.46 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.040/0.051/0.062 ms

Here, we can see that I can ping some addresses:

192.168.147.1: Gateway

192.168.147.45: Some device outside unraid

192.168­147.46: Docker using br0.147 interface.

 

Now, from the docker using bridge interface, if I'm doing the same tests:

PING 192.168.147.1 (192.168.147.1) 56(84) bytes of data.
64 bytes from 192.168.147.1: icmp_seq=1 ttl=63 time=0.209 ms
64 bytes from 192.168.147.1: icmp_seq=2 ttl=63 time=0.144 ms
64 bytes from 192.168.147.1: icmp_seq=3 ttl=63 time=0.193 ms
^C
--- 192.168.147.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2073ms
rtt min/avg/max/mdev = 0.144/0.182/0.209/0.027 ms
root@dceeff0d5b93:/# ping 192.168.147.45
PING 192.168.147.45 (192.168.147.45) 56(84) bytes of data.
64 bytes from 192.168.147.45: icmp_seq=1 ttl=62 time=0.681 ms
64 bytes from 192.168.147.45: icmp_seq=2 ttl=62 time=0.817 ms
64 bytes from 192.168.147.45: icmp_seq=3 ttl=62 time=0.572 ms
^C
--- 192.168.147.45 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2045ms
rtt min/avg/max/mdev = 0.572/0.690/0.817/0.100 ms
root@dceeff0d5b93:/# ping 192.168.147.46
PING 192.168.147.46 (192.168.147.46) 56(84) bytes of data.
^C
--- 192.168.147.46 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4093ms

We can see that I can ping the first two, which are the gateway and a device outside unraid, but I can't ping or access any ports from the docker using br0.147, which uses the same subnet (192.168.147.0/24) of the two other devices I can sucessfully ping.

 

Here are my network and docker settings:

 

 

Does someone has an idea regarding that issue?

 

If you need more information on my Unraid configuration, please feel free to ask.

 

Thanks you and best regards,

Yanick

[kyoumei]

Did you manage to end up finding a solution to this? As I have the same problem myself with a similar configuration

[fezster]

Try enabling "Host access to custom networks" under Settings -> Docker (need to disable Docker first).

 

 

[yquirion]

Hi!

 

Thanks for your reply.

 

Should I also change "Docker custom network" type parameter to macvlan? It is currently set to ipvlan, which was recomended by "Fix Common Problems" plugin.

 

Thanks,

Yanick