New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.5: No TCP connectivity between docker container and qemu/dynamips #444
Comments
I don't have the firewall active, so I didn't check that. But it seems, that docker starts one:
But after flushing the table with |
I think I found the cause!!! The docker interfaces have TCP checksum offloading enabled, but no-one actually calculates the checksum !!! After activated the wireshark option, that verifies the TCP checksum, it shows it clearly: The first TCP session is dynamips to qemu with correct TCP checksums, the second session is dynamips to docker with invalid checksums from docker. Now the question is how to fix it?
|
I think we need to fix that here: |
Talk about this in docker issue tracker: And the kernel issue: |
Do you confirm @Ehlers that is the same issue? |
@Ehlers, @noplay According to Wireshark, the issue is in the TCP handshaking:
|
I think, it's not exactly my problem. The bug reports talks about bad packets from real hardware, that is routed to veth interfaces. These interfaces don't check the checksum and deliver them, even if the checksum is bad. My issue is a docker container creating TCP packets. As TCP offloading seems to be active no-one creates the checksum. Container-to-container communication seems to work, because the receiving container doesn't check the checksum, so it doesn't matter. The problem arises only, when the other end checks the checksum, as it's done in qemu and dynamips. |
Yeah after reading all the doc I think it's a different issue |
With eth tool the fix seem to be:
|
This could explain why running IOU in a container doesn't work. |
Quite confusing... Can make some tests with ethtool in the container tomorrow. But a solution outside the containers would be better, otherwise we would have to inject ethtool binary into every container. |
Yeah I think we should be able to found a solution outside |
A trick for running ehttool from the outside. But require to be root. Start the gns3server with --debug Locate a line like this: This is the process pid of the container. You can also found it with ps
|
Just tested ethtool in the docker container, Before:
And now the change:
|
As a workaround here a fix-up script, only tested on debian jessie, has to be started with sudo.
|
I have different results depending on who is the client and who is the server: - client (container) ==> http server (VM) - client (VM) ==> http server (container) |
Looks like similar issue has been reported to docker: |
For me the "ethtool tx off" solves my issues. Here a tiny C program, that does this specific ioctl: |
Thanks! On Thu, Mar 3, 2016 at 11:57 PM Bernhard Ehlers notifications@github.com
|
Could you test with last git version of ubridge (via git or https://github.com/GNS3/ubridge/archive/master.zip) |
Just tested between docker and VMware VM (tinycore), also successful, also in both directions. |
Here my proposed changes to ubridge. I decided to give only a warning, because I don't want to rollback the veth pair.
|
Patch merged! On Fri, Mar 4, 2016 at 11:19 AM Bernhard Ehlers notifications@github.com
|
Thanks for merging. For me the issue is resolved. As this has already a long history, I suggest, that we close it. If we experience other problems with the connectivity, a new issue should be opened. |
Thanks a lot for your contribution it's very precious |
since the OP has been deleted, may I ask @noplay if the original issue was with the linux networking stack which container used that caused packets coming out to dynamips being not checksummed? Which caused the TCP termination by dynamips? |
Not really, I think it was an issue due to the fact the checksum was not matching the sending machine but I don't remember |
GNS3 version latest 1.5.0dev1 on Linux (64-bit) with Python 3.4.2 Qt 5.3.2.
I've got a very strange issue and currently I'm completely puzzled.
I want to exchange data between docker container and non-docker VMs, e.g. dynamips or qemu.
I set up the following project:
alpine-socat's Dockerfile:
ubuntu-socat's Dockerfile:
Extreme simple, isn't it? I start the docker container with the cmd "sh".
MicroCore-1 is a qemu VM, R1 a 3725 dynamips router.
After configuring the interfaces with their IP address, I have full connectivity with ping. Every device can ping every other.
But I can't setup a TCP connection between the docker VMs and the other network elements. I'm starting a
socat TCP-LISTEN:1234 -
on the docker container and then try to connect from the other devices viatelnet <destination IP> 1234
, but it fails (timeout). Also doing telnet from the docker containers to dynamips/qemu VM fails. Between the docker containers I have no problems, between dynamips and qemu also no problem.I made a wireshark trace on R1:
You see that R1 sends out a SYN, which is answered by a SYN-ACK. But R1 doesn't seem to process the SYN-ACK, it re-sends the SYN. The same happens on the qemu-VM.
Any ideas ?
The text was updated successfully, but these errors were encountered: