Skip to content
This repository has been archived by the owner on Dec 7, 2023. It is now read-only.

When using containerd + CNI network, the VM could not ping the Internet IPs #418

Closed
chanwit opened this issue Sep 11, 2019 · 3 comments · Fixed by #442
Closed

When using containerd + CNI network, the VM could not ping the Internet IPs #418

chanwit opened this issue Sep 11, 2019 · 3 comments · Fixed by #442
Assignees
@chanwit
Labels
area/networking Issues related to networking kind/bug Categorizes issue or PR as related to a bug.
Milestone
v0.6.1

Comments

@chanwit
Copy link
Member

chanwit commented Sep 11, 2019

When using CNI network, the VM could not ping the Internet IPs.

This is because there is no forward setting in iptables to handle traffic atm.
We should implement this inside pkg/network/cni.
@chanwit chanwit added area/networking Issues related to networking kind/bug Categorizes issue or PR as related to a bug. labels Sep 11, 2019
@chanwit chanwit added this to the v0.6.1 milestone Sep 11, 2019
@chanwit chanwit self-assigned this Sep 11, 2019
@chanwit
Copy link
Member Author

chanwit commented Sep 11, 2019
edited
Loading

addressed by #427

@chanwit chanwit mentioned this issue Sep 11, 2019
Closed
@stealthybox
Copy link
Contributor

docker+cni actually works -- the container gets configured with NetworkMode: none
containerd+cni is broken for me
( mentioned in #393 (comment) )

Here's all 3 cases for me just demonstrating with exec curl google.com:

test-all.sh (click for source) 
#!/bin/bash
set -uo pipefail

ignite="sudo ./bin/ignite"
docker="docker"
ctr="sudo $(which ctr)"

vm_info() {
  $ignite vm ls | grep "\\b${1}\\b"
}
vm_id() {
  vm_info "${1}" | awk '{print $1}'
}

test_net() {
  runtime="$1"
  net_plugin="$2"
  name="test_${runtime}_${net_plugin}"

  echo
  echo "${name} ..."

  $ignite \
    --runtime "${runtime}" \
    --network-plugin "${net_plugin}" \
    run weaveworks/ignite-ubuntu \
    --name "${name}" \
    --ssh

  vm_info "${name}"

  case "${runtime}" in
  docker)
    $docker inspect "ignite-$(vm_id "${name}")" | grep -E 'IPAddress|NetworkMode'
    ;;
  esac

  sleep 2
  
  $ignite \
    --runtime "${runtime}" \
    --network-plugin "${net_plugin}" \
    exec "${name}" curl google.com
  
  $ignite \
    --runtime "${runtime}" \
    --network-plugin "${net_plugin}" \
    vm rm -f "${name}"
}

test_net docker docker-bridge
test_net docker cni
test_net containerd cni
./test-all.sh

test_docker_docker-bridge ...
time="2019-09-11T05:55:26-06:00" level=info msg="Created VM with ID \"6e63f33a5a1e98ff\" and name \"test_docker_docker-bridge\""
time="2019-09-11T05:55:26-06:00" level=info msg="Networking is handled by \"docker-bridge\""
time="2019-09-11T05:55:26-06:00" level=info msg="Started Firecracker VM \"6e63f33a5a1e98ff\" in a container with ID \"4fec07c8b6cff4a26bd2fbf057476c5e8a9459297d6aa69a9c244f166918ab4e\""
6e63f33a5a1e98ff	weaveworks/ignite-ubuntu:latest	weaveworks/ignite-kernel:4.19.47	4.0 GB	1	512.0 MB	1s ago	Up 1s	172.17.0.5		test_docker_docker-bridge
            "NetworkMode": "default",
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.5",
                    "IPAddress": "172.17.0.5",
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.

</BODY></HTML>

time="2019-09-11T05:55:29-06:00" level=info msg="Removing the container with ID \"ignite-6e63f33a5a1e98ff\" from the \"docker-bridge\" network"
time="2019-09-11T05:55:30-06:00" level=info msg="Removed VM with name \"test_docker_docker-bridge\" and ID \"6e63f33a5a1e98ff\""

test_docker_cni ...
time="2019-09-11T05:55:30-06:00" level=info msg="Created VM with ID \"20385f5e4d9af61c\" and name \"test_docker_cni\""
time="2019-09-11T05:55:31-06:00" level=info msg="Networking is handled by \"cni\""
time="2019-09-11T05:55:31-06:00" level=info msg="Started Firecracker VM \"20385f5e4d9af61c\" in a container with ID \"8a59397bd778d0f18a89c278a73a284386aa9a07ae8ee3498fa36d68c3ffaad7\""
20385f5e4d9af61c	weaveworks/ignite-ubuntu:latest	weaveworks/ignite-kernel:4.19.47	4.0 GB	1	512.0 MB	0s ago	Up 0s	172.18.0.69		test_docker_cni
            "NetworkMode": "none",
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "",
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.

</BODY></HTML>

time="2019-09-11T05:55:34-06:00" level=info msg="Removing the container with ID \"ignite-20385f5e4d9af61c\" from the \"cni\" network"
time="2019-09-11T05:55:34-06:00" level=fatal msg="invalid CIDR address: !192.168.122.0/24%!(EXTRA string=could not parse destination)"

test_containerd_cni ...
time="2019-09-11T05:55:35-06:00" level=info msg="Created VM with ID \"cee7ad1345418fe7\" and name \"test_containerd_cni\""
time="2019-09-11T05:55:36-06:00" level=info msg="Networking is handled by \"cni\""
time="2019-09-11T05:55:36-06:00" level=info msg="Started Firecracker VM \"cee7ad1345418fe7\" in a container with ID \"ignite-cee7ad1345418fe7\""
cee7ad1345418fe7	weaveworks/ignite-ubuntu:latest	weaveworks/ignite-kernel:4.19.47	4.0 GB	1	512.0 MB	0s ago	Up 0s	172.18.0.70		test_containerd_cni
curl: (6) Could not resolve host: google.com
time="2019-09-11T05:55:39-06:00" level=fatal msg="Process exited with status 6"
time="2019-09-11T05:55:39-06:00" level=info msg="Removing the container with ID \"ignite-cee7ad1345418fe7\" from the \"cni\" network"
time="2019-09-11T05:55:39-06:00" level=fatal msg="invalid CIDR address: !192.168.122.0/24%!(EXTRA string=could not parse destination)"

@chanwit
Copy link
Member Author

chanwit commented Sep 11, 2019

You're right. This issue should be saying only for containerd + cni as Docker seems to do some forwarding behind the scene and it's somehow working.

@chanwit chanwit changed the title When using CNI network, the VM could not ping the Internet IPs When using containerd + CNI network, the VM could not ping the Internet IPs Sep 11, 2019
@chanwit chanwit mentioned this issue Sep 14, 2019
Closed
@stealthybox stealthybox mentioned this issue Sep 19, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chanwit chanwit

Labels
area/networking Issues related to networking kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
v0.6.1
2 participants
@chanwit @stealthybox