New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: exposing SCTP ports for container #9689

Closed
rickhofstede opened this Issue Dec 16, 2014 · 26 comments

Comments

Projects
None yet
@rickhofstede

rickhofstede commented Dec 16, 2014

While trying to expose an incoming SCTP port for my container, I found out that something like -p x:y/sctp is not yet supported. It would be great to have the flexibility of exposing ports for any protocol for a container, although SCTP currently has the highest priority on my wish list.

@scottstamp

This comment has been minimized.

Show comment
Hide comment
@scottstamp

scottstamp Dec 16, 2014

Contributor

-- from IRC --
From what I can see, the components that back things should be compatible, but the client is parsing the spec as x:y(/proto) where /proto defaults to tcp, and can only validate to udp or tcp.

I'm not very familiar with this part of the code base and there seems to be a large number of references, so this change might be better looked at by someone more experienced. It seems like just modifying the checks for the -p flag would be sufficient.

Contributor

scottstamp commented Dec 16, 2014

-- from IRC --
From what I can see, the components that back things should be compatible, but the client is parsing the spec as x:y(/proto) where /proto defaults to tcp, and can only validate to udp or tcp.

I'm not very familiar with this part of the code base and there seems to be a large number of references, so this change might be better looked at by someone more experienced. It seems like just modifying the checks for the -p flag would be sufficient.

@duglin

This comment has been minimized.

Show comment
Hide comment
@duglin

duglin Jul 14, 2015

Contributor

ping @crosbymichael @mavenugo is there any reason, aside from trying to fail fast, that we don't just let the protocol string be passed all the way down to the iptables call and let unknown/invalid protocols be detected at that point? Then we don't need to check in docker itself and just let the underlying OS decide.

Contributor

duglin commented Jul 14, 2015

ping @crosbymichael @mavenugo is there any reason, aside from trying to fail fast, that we don't just let the protocol string be passed all the way down to the iptables call and let unknown/invalid protocols be detected at that point? Then we don't need to check in docker itself and just let the underlying OS decide.

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Aug 15, 2015

Member

ping @mavenugo could you answer this?

Member

thaJeztah commented Aug 15, 2015

ping @mavenugo could you answer this?

@mavenugo

This comment has been minimized.

Show comment
Hide comment
@mavenugo

mavenugo Aug 16, 2015

Contributor

With CNM (Container Networking Model), container connectivity across multiple hosts can be achieved through various drivers/plugins. Some of the drivers such as the in-built overlay, supports these container connectivity without the need to port mapping. Hence SCTP or other protocols can just work without the need to map or expose ports.

But, in order to expose the service provided by a container to external networks that are not managed under CNM, we would have to do port-mapping and hence this request must be addressed. Also, the concept of external connectivity varies under different deployment scenario. This enhancement request should be included in that context when making design decisions.

Contributor

mavenugo commented Aug 16, 2015

With CNM (Container Networking Model), container connectivity across multiple hosts can be achieved through various drivers/plugins. Some of the drivers such as the in-built overlay, supports these container connectivity without the need to port mapping. Hence SCTP or other protocols can just work without the need to map or expose ports.

But, in order to expose the service provided by a container to external networks that are not managed under CNM, we would have to do port-mapping and hence this request must be addressed. Also, the concept of external connectivity varies under different deployment scenario. This enhancement request should be included in that context when making design decisions.

@mavenugo mavenugo added this to the 1.9.0 milestone Aug 16, 2015

@icecrime icecrime removed this from the 1.9.0 milestone Oct 10, 2015

@LK4D4

This comment has been minimized.

Show comment
Hide comment
@LK4D4

LK4D4 Sep 16, 2016

Contributor

@mavenugo @mrjana @sanimej @aboch still need to be addressed?

Contributor

LK4D4 commented Sep 16, 2016

@mavenugo @mrjana @sanimej @aboch still need to be addressed?

@razaborg

This comment has been minimized.

Show comment
Hide comment
@razaborg

razaborg Apr 21, 2017

What is the current status of this feature ?
I'm facing the problem to expose a sctp port on the host, and that still seems to be unsupported

razaborg commented Apr 21, 2017

What is the current status of this feature ?
I'm facing the problem to expose a sctp port on the host, and that still seems to be unsupported

@AkihiroSuda

This comment has been minimized.

Show comment
Hide comment
@AkihiroSuda
Member

AkihiroSuda commented Jul 3, 2017

@AkihiroSuda

This comment has been minimized.

Show comment
Hide comment
@AkihiroSuda

AkihiroSuda Jul 11, 2017

Member

libnetwork-side PR has been opened as docker/libnetwork#1825

Anyone please look into the PR?

Member

AkihiroSuda commented Jul 11, 2017

libnetwork-side PR has been opened as docker/libnetwork#1825

Anyone please look into the PR?

@Peter-eid

This comment has been minimized.

Show comment
Hide comment
@Peter-eid

Peter-eid Jan 9, 2018

@mavenugo What is the current status of this feature ?

Peter-eid commented Jan 9, 2018

@mavenugo What is the current status of this feature ?

@rkbug

This comment has been minimized.

Show comment
Hide comment
@rkbug

rkbug Jan 9, 2018

@mavenugo (Madhu), Can you please update the current status of this feature?

rkbug commented Jan 9, 2018

@mavenugo (Madhu), Can you please update the current status of this feature?

@verizonold

This comment has been minimized.

Show comment
Hide comment
@verizonold

verizonold Mar 6, 2018

hi can you please provide details on how SCTP is now supported? Any examples that you can share?

verizonold commented Mar 6, 2018

hi can you please provide details on how SCTP is now supported? Any examples that you can share?

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Mar 6, 2018

Member

I think all PR's are merged now, and will be included in Docker 18.03 (release candidates are available); see

Closing this issue, because it looks like we're done, but feel free to comment in case I missed something

Member

thaJeztah commented Mar 6, 2018

I think all PR's are merged now, and will be included in Docker 18.03 (release candidates are available); see

Closing this issue, because it looks like we're done, but feel free to comment in case I missed something

@thaJeztah thaJeztah closed this Mar 6, 2018

@verizonold

This comment has been minimized.

Show comment
Hide comment
@verizonold

verizonold Mar 6, 2018

do you know if Kubernetes supports SCTP?

verizonold commented Mar 6, 2018

do you know if Kubernetes supports SCTP?

@verizonold

This comment has been minimized.

Show comment
Hide comment
@verizonold

verizonold Mar 6, 2018

@thaJeztah Can you please provide me a pointer to Docker 18.03? Should I see this in Edge releases?

verizonold commented Mar 6, 2018

@thaJeztah Can you please provide me a pointer to Docker 18.03? Should I see this in Edge releases?

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Mar 6, 2018

Member

It's not released yet; release candidates are available in the "test" channel, or through the install script at https://test.docker.com

Member

thaJeztah commented Mar 6, 2018

It's not released yet; release candidates are available in the "test" channel, or through the install script at https://test.docker.com

@verizonold

This comment has been minimized.

Show comment
Hide comment
@verizonold

verizonold Mar 6, 2018

@thaJeztah thanks...so I just run this script on my CentOS VM? Also, I would like to try the support for SCTP. Can you please provide some doc/info on how to use this feature in docker?

verizonold commented Mar 6, 2018

@thaJeztah thanks...so I just run this script on my CentOS VM? Also, I would like to try the support for SCTP. Can you please provide some doc/info on how to use this feature in docker?

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Mar 6, 2018

Member

@verizonold from docker's perspective it's mainly allowing you to specify sctp in addition to tcp or udp when publishing container ports. What to use it for / how you use it for things running in your container is a bit out of scope.

Member

thaJeztah commented Mar 6, 2018

@verizonold from docker's perspective it's mainly allowing you to specify sctp in addition to tcp or udp when publishing container ports. What to use it for / how you use it for things running in your container is a bit out of scope.

@verizonold

This comment has been minimized.

Show comment
Hide comment
@verizonold

verizonold Mar 6, 2018

@thaJeztah thanks...so what is the link to the release candidates in the "test" channel?

verizonold commented Mar 6, 2018

@thaJeztah thanks...so what is the link to the release candidates in the "test" channel?

@AkihiroSuda

This comment has been minimized.

Show comment
Hide comment
@AkihiroSuda

AkihiroSuda Mar 6, 2018

Member

@verizonold you just need to do

# For test builds (ie. release candidates):
#   $ curl -fsSL test.docker.com -o test-docker.sh
#   $ sh test-docker.sh

Kubernetes-part hasn't been worked out yet.

Member

AkihiroSuda commented Mar 6, 2018

@verizonold you just need to do

# For test builds (ie. release candidates):
#   $ curl -fsSL test.docker.com -o test-docker.sh
#   $ sh test-docker.sh

Kubernetes-part hasn't been worked out yet.

@teknoraver

This comment has been minimized.

Show comment
Hide comment
@teknoraver

teknoraver May 10, 2018

Hi all.

Are memory cgroups limits enforced for SCTP kernel buffers?
I hope I'm wrong, but looking at the code it seems not.
Please do proper testing before enabling SCTP by default.

teknoraver commented May 10, 2018

Hi all.

Are memory cgroups limits enforced for SCTP kernel buffers?
I hope I'm wrong, but looking at the code it seems not.
Please do proper testing before enabling SCTP by default.

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah May 10, 2018

Member

@AkihiroSuda ^^ think you may have more insight into that

Member

thaJeztah commented May 10, 2018

@AkihiroSuda ^^ think you may have more insight into that

@AkihiroSuda

This comment has been minimized.

Show comment
Hide comment
@AkihiroSuda

AkihiroSuda May 11, 2018

Member

@teknoraver You're talking about SCTP-equivalent of memory.kmem.tcp.limit_in_bytes, right?
I'm not sure Linux has equivalent of that for SCTP.

Member

AkihiroSuda commented May 11, 2018

@teknoraver You're talking about SCTP-equivalent of memory.kmem.tcp.limit_in_bytes, right?
I'm not sure Linux has equivalent of that for SCTP.

@teknoraver

This comment has been minimized.

Show comment
Hide comment
@teknoraver

teknoraver May 11, 2018

@AkihiroSuda exactly that one. One to avoid that a process will waste all the system memory?

teknoraver commented May 11, 2018

@AkihiroSuda exactly that one. One to avoid that a process will waste all the system memory?

@AkihiroSuda

This comment has been minimized.

Show comment
Hide comment
@AkihiroSuda

AkihiroSuda May 11, 2018

Member

Although not specific to SCTP buffer, does docker run --kernel-memory (which sets memory.kmem.limit_in_bytes) works for you?

Member

AkihiroSuda commented May 11, 2018

Although not specific to SCTP buffer, does docker run --kernel-memory (which sets memory.kmem.limit_in_bytes) works for you?

@Jacob-E

This comment has been minimized.

Show comment
Hide comment
@Jacob-E

Jacob-E May 16, 2018

Is there a way to run userspace sctp stack in the container?
Currently , if we try that, the kernel sctp ends up sending an ABORT .

Jacob-E commented May 16, 2018

Is there a way to run userspace sctp stack in the container?
Currently , if we try that, the kernel sctp ends up sending an ABORT .

@teknoraver

This comment has been minimized.

Show comment
Hide comment
@teknoraver

teknoraver May 25, 2018

I don't think so.
Running an userspace layer 4 protocol requires you to have RAW socket permissions, which is unlikely in containers.

teknoraver commented May 25, 2018

I don't think so.
Running an userspace layer 4 protocol requires you to have RAW socket permissions, which is unlikely in containers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment