Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When attaching a network to a container, sysctl params should be allowed #40753

Open
paaguti opened this issue Mar 29, 2020 · 0 comments
Open

When attaching a network to a container, sysctl params should be allowed #40753

paaguti opened this issue Mar 29, 2020 · 0 comments
Labels
area/networking version/18.03

Comments

@paaguti
Copy link

paaguti commented Mar 29, 2020
edited
Loading

Description

Steps to reproduce the issue:

  1. Create two docker networks with IPv6
  2. Create a container with the first network, attach the second network and attach to the container
sudo docker run --rm -dit \
     --network net1 \
     --sysctl net.ipv4.ip_forward=1 \
     --sysctl net.ipv6.conf.all.forwarding=1 \
     --sysctl net.ipv6.conf.default.forwarding=1 \
     --sysctl net.ipv6.conf.eth0.forwarding=1 \
     --name my-vlan-debian \
     debian

CONTAINER_ID=$(sudo docker ps -a -q -f name=debian)

sudo docker network connect \
     net2 $CONTAINER_ID

sudo docker attach $CONTAINER_ID
  1. Inside the container, check that you have both networks and check the
    /proc/sys/net/ipv6/*/forwarding files

Describe the results you received:

All /proc/sys/net/ipv6/*/forwarding files are set to 1 except /proc/sys/net/ipv6/eth1/forwarding which is set to 0. This blocks IPv6 forwarding between eth0 and eth1.

Describe the results you expected:

I somehow expected this to happen. What I need is a way to have /proc/sys/net/ipv6/eth1/forwarding set to 1. Sort of what you do when you create the container with the --sysctl parameters.

Additional information you deem important (e.g. issue happens only occasionally):

I need to build IPv6 routers as containers in order to implement a DMZ inside Docker

Output of docker version:

student@uc3m:~/Devel$ sudo docker version
Client:
 Version:      18.03.1-ce
 API version:  1.37
 Go version:   go1.9.5
 Git commit:   9ee9f40
 Built:        Thu Apr 26 07:17:14 2018
 OS/Arch:      linux/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.03.1-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.5
  Git commit:   9ee9f40
  Built:        Thu Apr 26 07:15:24 2018
  OS/Arch:      linux/amd64
  Experimental: false

Output of docker info:

student@uc3m:~/Devel$ sudo docker version
Client:
 Version:      18.03.1-ce
 API version:  1.37
 Go version:   go1.9.5
 Git commit:   9ee9f40
 Built:        Thu Apr 26 07:17:14 2018
 OS/Arch:      linux/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.03.1-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.5
  Git commit:   9ee9f40
  Built:        Thu Apr 26 07:15:24 2018
  OS/Arch:      linux/amd64
  Experimental: false

Additional environment details (AWS, VirtualBox, physical, etc.):

Inside a VirtualBox 6.0 with A Debian:

uname -a

Linux my-VBox 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/networking version/18.03
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paaguti @AkihiroSuda