for-linux
for-linux copied to clipboard
docker
Docker swarm node communication issues
Network Environment: One ubuntu server is userd as the swarm manager node, The ip address of one of its network interfaces is 192.168.200.82, and the route "to 10.3.71.0/24" is configured via netplan, and the default route is on another interface. One CentOS server, only one network interface, the ip address is 10.3.71.15, as a swarm worker. The network administrator maps 10.64.128.100 to the manager node through the proxy server so that worker 10.3.71.5 can access the manager, and then maps ports 12377/tcp, 17946/tcp, 7946/udp, and 4798/udp from 10.64.128.100 to ports 2377/tcp, 7946/tcp, 7946/udp, and 4798/udp on 192.168.200.82.
Qustion:
The containers between the manager node and the worker node cannot communicate with each other.
The worker node can successfully join the swarm by executing the command 「 docker swarm join-token
Investigation: On the server 192.168.200.82, I can successfully telnet to port 7946/tcp of 10.3.71.15, and successfully nc to port 7946/udp and 4798/udp of 10.3.71.15. On the server 10.3.71.15, I can successfully telnet to port 12377/tcp and 17946/tcp of 10.64.128.100, and successfully nc to port 7946/udp and 4798/udp of 10.64.128.100. On the server 10.3.71.15, I can see the swarm manager address is 192.168.200.82 by "docker info". I use tcpdump to see that 10.3.71.15 is communicating with port 7946/tcp and 7946/udp and 4798/udp of 192.168.200.82 , then I use iptables tool to redirect the traffic of 7946/tcp and 7946/udp and 4798/udp of 192.168.200.82 to port 17946/tcp and 7946/udp and 4798/udp of 10.64.128.100. I use tcpdump again and find that 10.3.71.15 is communicating with port 17946/tcp and 7946/udp and 4798/udp of 10.64.128.100, but the containers between the manager node and the worker node still cannot communicate with each other. I want to ask what might be the reason?
