Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker for Windows use Hyper-V vEthernet (Default Switch) by default #4058

Open
doggy8088 opened this issue Jun 9, 2019 · 5 comments

Comments

@doggy8088
Copy link

commented Jun 9, 2019

  • I have tried with the latest version of my channel (Stable or Edge)
  • I have uploaded Diagnostics
  • Diagnostics ID: 54C0888E-BD05-47BB-ABA4-1233732A5408/20190609171708

Expected behavior

The nat network should create and use default nat VSwitch.

Actual behavior

The nat network use the 'Default Switch` VSwitch.

Information

  • Windows Version: 10.0.18362.116
  • Docker Desktop Version: 2.0.0.3 ( 31259 ) ( Stable ) ( Build: 8858db3 )

Steps to reproduce the behavior

  1. Open Windows PowerShell as administrator

  2. Start Docker Desktop

    &"C:\Program Files\Docker\Docker\Docker for Windows.exe"
    
  3. Check for Docker Network info. It looks like normal.

    C:\> docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    75cdf9b54bbf        Default Switch      ics                 local
    c7bb55709202        nat                 nat                 local
    90f3ac738510        none                null                local
    
  4. Check for VMSwitch info. Only one VMSwitch are shown. It should have a nat VSwitch there.

    C:\> Get-VMSwitch | select Id,Name,SwitchType
    Id                                   Name           SwitchType
    --                                   ----           ----------
    c08cb7b8-9b3c-408e-8e30-5e16a3aeb444 Default Switch   Internal
    
  5. Check for HNS info. There are two network information. It looks normal too.

    C:\> hnsdiag list networks
    Network : C08CB7B8-9B3C-408E-8E30-5E16A3AEB444
        Name             : Default Switch
        Type             : ICS
        Subnet Address   : 192.168.25.64/28
        Gateway          : 192.168.25.65
    
    Network : F7671C98-53F0-419C-BC1F-2C269F3E9B86
        Name             : nat
        Type             : nat
        Subnet Address   : 172.29.0.0/20
        Gateway          : 172.29.0.1
    
  6. Check for the nat detailed info inside HNS.

    hnsdiag list networks F7671C98-53F0-419C-BC1F-2C269F3E9B86 -dl

    You can check the exact result here: hnsdiag_nat_result.json

    I use jq to extract SwitchId which this one point to Default Switch. That's why my nat network don't have a standalone nat VSwitch.

    hnsdiag list networks F7671C98-53F0-419C-BC1F-2C269F3E9B86 -dl | jq ".Health.Extra.Resources.Allocators[0].SwitchId"

    I expected the nat network should associate with nat VSwitch and it will be created automatically by HNS, but it doesn't.

  7. The problem I suffered.

    I tried to run a IIS container and map a 80 port to it. I can't access to localhost:80 directly.

    C:\>docker run -d --rm -p 80:80 --isolation hyperv mcr.microsoft.com/windows/servercore/iis:windowsservercore-1903
    ba472503fda816b7c120fc8fc0dd6bd2c1555352795c8ab68e38046a99ed7b2d
    
    C:\>curl http://localhost/
    curl: (7) Failed to connect to localhost port 80: Timed out
    

    If I change the docker run command to --isolation process mode, then the connectivity is okay. I can access to localhost:80 directly.

  8. I tried to create a new docker network called nat1. The result is the same. The nat1 still using the Default Switch by default.

    C:\> docker network create -d nat nat1                                                                      5e8734d03b9a7cb1e8d901a2108070dd3350e191e0dce9947a3d09a7837de55f
    C:\> hnsdiag list networks
    Network : C08CB7B8-9B3C-408E-8E30-5E16A3AEB444
        Name             : Default Switch
        Type             : ICS
        Subnet Address   : 192.168.25.64/28
        Gateway          : 192.168.25.65
    
    Network : 52D621C2-6182-41D8-8B67-CB275BC51D1F
        Name             : 5e8734d03b9a7cb1e8d901a2108070dd3350e191e0dce9947a3d09a7837de55f
        Type             : nat
        Subnet Address   : 192.168.208.0/20
        Gateway          : 192.168.208.1
    
    Network : F7671C98-53F0-419C-BC1F-2C269F3E9B86
        Name             : nat
        Type             : nat
        Subnet Address   : 172.29.0.0/20
        Gateway          : 172.29.0.1
    
    C:\> hnsdiag list networks 52D621C2-6182-41D8-8B67-CB275BC51D1F -dl | jq ".Health.Extra.Resources.Allocators[0].SwitchId"                                                                                               "C08CB7B8-9B3C-408E-8E30-5E16A3AEB444"
    
  9. I tried to create a new VSwitch called nat2 and create a new network profile called nat2 in Docker. This kind of settings are work perfectly.

    New-VMSwitch -Name nat2 -SwitchType Internal
    docker network create -d nat -o com.docker.network.windowsshim.interface='vEthernet (nat2)' nat2
    docker run -d --rm -p 80:80 --network nat2 --isolation hyperv mcr.microsoft.com/windows/servercore/iis:windowsservercore-1903

    But I want my nat back. Is that possible?

I checked on my another machine. It's do create a nat VSwitch for windows containers if the nat doesn't exists in the condition that Default Switch already exists. Why my Docker Networking use Default Switch VSwitch by default and doesn't create a nat VSwitch for me?

How can I configure Docker Desktop or Hyper-V or HNS to use nat by default.

@bbalon

This comment has been minimized.

Copy link

commented Jun 19, 2019

Looks like the problem with 1903 upgrade.

Docker inspect shows different IP than container actually gets.

Temporary fix for us is to execute docker network prune that would actually remove Default Switch and upon container restart, IP addresses in docker inspect and IP in container matches.
After a restart, this Default Switch returns and we need to do docker network prune again to fix this behavior.

@bbalon

This comment has been minimized.

Copy link

commented Jun 20, 2019

Steps to reproduce:

  1. Check docker networks
PS C:\Users\User> docker network list
NETWORK ID          NAME                DRIVER              SCOPE
d059496bdd73        Default Switch      ics                 local
dd11411d9e0a        nat                 nat                 local
9d72e2517a3d        none                null                local
  1. Check subnets for Docker networks
PS C:\Users\User> docker network inspect -f '{{.Name}} - {{range .IPAM.Config}}{{.Subnet}}{{end}}' "Default Switch" nat
Default Switch - 172.17.142.176/28
nat - 172.31.192.0/20
  1. Start web container:
    docker run -d --rm -p 80:80 --name web mcr.microsoft.com/windows/servercore/iis:windowsservercore-1903

  2. Check IP of docker inspect:

PS C:\Users\User> docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web
172.31.196.111
  1. Check IP from inside container:
PS C:\Users\User> docker exec web ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : mshome.net
   Link-local IPv6 Address . . . . . : fe80::79c4:425b:57aa:9931%4
   IPv4 Address. . . . . . . . . . . : 172.17.142.188
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 172.31.192.1
                                       172.17.142.177

You can see that docker inspect show IP from Default Switch subnet, and ipconfig shows IP from nat subnet.

  1. Check if container is accessible by any of provided IPs
PS C:\Users\User> Invoke-RestMethod http://172.17.142.188

html
----
html
PS C:\Users\User> Invoke-RestMethod http://172.31.196.111
Invoke-RestMethod : Unable to connect to the remote server
At line:1 char:1
+ Invoke-RestMethod http://172.31.196.111
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
  1. Do docker network prune:
PS C:\Users\User> docker network prune
WARNING! This will remove all networks not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Networks:
Default Switch
  1. Restart container and check IP:
PS C:\Users\User> docker restart web
web
PS C:\Users\User> docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' dazzling_chebyshev
172.31.204.190
PS C:\Users\User> docker exec web ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : mshome.net
   Link-local IPv6 Address . . . . . : fe80::4dfe:79bf:bd42:1523%4
   IPv4 Address. . . . . . . . . . . : 172.31.204.190
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . : 172.31.192.1

IP is correct now and the container is accessible over localhost

@thaJeztah

This comment has been minimized.

Copy link
Member

commented Jun 20, 2019

@simonferquel @ddebroy ptal

@MikeChristensen

This comment has been minimized.

Copy link

commented Jun 27, 2019

I'm curious if this is the same issue as this

@bbalon

This comment has been minimized.

Copy link

commented Aug 28, 2019

I don't have this issue with version 2.1.0.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.