Join GitHub today
Containers lose connectivity to the internet (after some time - trigger unknown) #15172
Once connectivity is lost, the container can still reach interfaces on the machine. For example, my wired interface is still reachable. But can't get past that.
But cannot reach any further.
Meanwhile, my laptop has no issues connecting to the interwebz.
Route table looks as it should:
Firewall has stock settings (confirmed there are no rules using
Syslog has the following output for when things work normally:
But when they don't work, syslog doesn't tell us anything different:
No idea what could be going on here. As mentioned earlier, this has been a problem since upgrading to 1.7.1
The upgrade came from the apt repo that was added sources.list.d by the first install. I attempted a reinstall which involved removing the old package (w/ purge), then installing the new one from the
Evidence of this (notice docker-engine is now installed, but entries for old ones remain):
@phemmer - that iptables output is the same as when things are working fine (i.e. it doesn't change when the containers lose network connectivity).
Also confirmed on a separate machine (which is running docker 1.5 and not exhibiting this behavior) that the output of
I took the following tcpdumps on the bridge interfaces while running
Seems like packets reach the
I think I experienced this problem recently, too. I have just upgraded from docker 1.5-ish and now have the following versions:
I had spun up a docker-compse.yml that I've been using since the earlier version of docker. I did some work in the office and then went home where I later resumed my work. I just closed my MacBook lid and opened it later, no shutdowns, restarts, etc.
In the earlier versions of docker I wouldn't notice anything at this point, it would just work. This time the network quit working and I used docker exec to confirm the container created by compose could no longer resolve hostnames. I tried docker-compose rm and rebuilt all the containers but still no luck.
Finally, I did a docker-machine rm -f to delete the virtualbox and then rebuilt it along with all the containers again. This fixed my issue so I'm up and running now.
I'm glad I have a workaround but it's still a pain to have to delete and rebuild the VM for docker with network changes. I anticipate having issues when I connect/disconnect from VPN, etc. But I haven't confirmed this empirically yet.
I'm happy to run any troubleshooting steps anyone has. I'll give the iptables and docker -D info a shot if/when the issue comes back. FWIW here is what I get now in a working state:
(from the MacBook)
(From the docker virtualbox host via docker-machine ssh):
$ sudo iptables -L
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
Chain DOCKER (1 references)
Guys, I was also facing the same issue on production servers. Somehow iptables were getting flushed daily.
what this option does is following (as mentioned in apf file)
Took me 2 days to figure it out, I hope it'll help someone. Thanks