for-linux
for-linux copied to clipboard
docker
The default network "bridge" is missing "Gateway" when docker installed in Virtual machine.
- [x] This is a bug report
- [ ] This is a feature request
- [x] I searched existing issues before opening this one
Expected behavior
The default network bridge should be created with a "Gateway". As follow image:
Actual behavior
In my physical machine, everything is OK.
But when I installed docker to a virtual machine, I found the default network bridge has no "Gateway". As follow image:
The surface problem is that the containers (like alpine) in the virtual machines can't ping github.com when the containers first running, while the containers in the physical machines can ping github.com when the containers first running. I don't konw if this problem has something to do with the missing "Gateway" config.
Plus informations: All of them above are all CentOS 7.
Steps to reproduce the behavior
service docker start
docker pull alpine
docker run -itd --name alpine-test alpine:latest
docker exec -it alpine-test /bin/sh
ping github.com
Output of docker version:
[root@localhost network-scripts]# docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:25:42 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
[root@localhost network-scripts]#
Output of docker info:
[root@localhost network-scripts]# docker info
Client:
Debug Mode: false
Server:
Containers: 4
Running: 1
Paused: 0
Stopped: 3
Images: 1
Server Version: 19.03.8
Storage Driver: devicemapper
Pool Name: docker-253:0-101101361-pool
Pool Blocksize: 65.54kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Udev Sync Supported: true
Data file: /dev/loop0
Metadata file: /dev/loop1
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Data Space Used: 42.73MB
Data Space Total: 107.4GB
Data Space Available: 17.22GB
Metadata Space Used: 675.8kB
Metadata Space Total: 2.147GB
Metadata Space Available: 2.147GB
Thin Pool Minimum Free Space: 10.74GB
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Library Version: 1.02.158-RHEL7 (2019-05-13)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.797GiB
Name: localhost.localdomain
ID: JZOV:4JOO:AEHN:LBWC:NFQG:TAFZ:RAPK:4AGB:DWBB:LX5K:AWFK:XMWT
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
http://hub-mirror.c.163.com/
Live Restore Enabled: false
WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release.
WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Additional environment details (AWS, VirtualBox, physical, etc.) I tried both in VirtulBox and VMware. They are having the same problem.
Surprisingly! "Gateway": "172.17.0.1" appears when I just restarted the docker!
But I still can't ping 172.17.0.1.
[root@localhost network-scripts]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@localhost network-scripts]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "e1f30e256c93ee70012f386b48324d9a628828b7dcf773e6b22efef178ba70b7",
"Created": "2020-04-14T16:55:48.535056143+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[root@localhost network-scripts]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost network-scripts]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
937078e5ae90 alpine "/bin/sh" 4 hours ago Exited (0) 4 hours ago test4
cf97b1259902 alpine "/bin/sh" 4 hours ago Exited (0) 4 hours ago test3
40c9763263d4 alpine "/bin/sh" 4 hours ago Created test2
25c75582d037 alpine:latest "/bin/sh" 5 hours ago Exited (137) 51 seconds ago alpine-test
[root@localhost network-scripts]# docker start test4
test4
[root@localhost network-scripts]# docker exec -it test4 /bin/sh
Error response from daemon: Container 937078e5ae900ad4aee8216bc89e7dc560597c44a87597f2706ffe853c30a8c5 is not running
[root@localhost network-scripts]# docker run -itd --name test5 alpine:latest
3f294ed7ea0ded426ab1d71eb6346e204183bcff91009c3a560f615364860e05
[root@localhost network-scripts]# docker exec -it test5 /bin/sh
/ # ping www.baidu.com
ping: bad address 'www.baidu.com'
/ # ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1): 56 data bytes
PING 172.17.0.1 (172.17.0.1): 56 data bytes
^C
--- 172.17.0.1 ping statistics ---
193 packets transmitted, 0 packets received, 100% packet loss
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:218 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:858 (858.0 B) TX bytes:20212 (19.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
Hi, did you find a solution to the issue? Unfortunatly I have exactly the same problem.
Hi, did you find a solution to the issue? Unfortunatly I have exactly the same problem.
Unfortunatly, so far, I haven't found a solution.
FYI: After I updated Docker to version 19.03.14 today, the problems are gone. Seems that something was odd on their side.
Thanks for your information. But I tried again, this issue is still there.
Hi, i'm having the exact same issue on Docker version 20.10.2, build 2291f61 on a CentOS 8 virtual machine. Every container using the "bridge" network has been unable to reach network starting from yesterday nigh, no problem until that moment. (for solution read below)
To solve the issue i had to create a new bridge type connection with docker network create --driver bridge alpine-bridge
# docker version
Client: Docker Engine - Community
Version: 20.10.2
API version: 1.41
Go version: go1.13.15
Git commit: 2291f61
Built: Mon Dec 28 16:17:40 2020
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 8891c58
Built: Mon Dec 28 16:15:09 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.3
GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b
runc:
Version: 1.0.0-rc92
GitCommit: ff819c7e9184c13b7c2607fe6c30ae19403a7aff
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Same problem here on CentOS 7.7
$ rpm -q centos-release
centos-release-7-7.1908.0.el7.centos.x86_64
Docker version:
$ docker version
Client: Docker Engine - Community
Version: 20.10.6
API version: 1.41
Go version: go1.13.15
Git commit: 370c289
Built: Fri Apr 9 22:45:33 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.6
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 8728dd2
Built: Fri Apr 9 22:43:57 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad0
same problem on:
Alibaba Cloud Linux (Aliyun Linux) release 2.1903 LTS (Hunting Beagle)
docker version
Client: Docker Engine - Community
Version: 20.10.7
API version: 1.41
Go version: go1.13.15
Git commit: f0df350
Built: Wed Jun 2 11:58:10 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:56:35 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.6
GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc:
Version: 1.0.0-rc95
GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
docker-init:
Version: 0.19.0
GitCommit: de40ad0
https://github.com/moby/moby/issues/26799
Hola. Tengo el mismo inconveniente en un CentOS 7.2. Alguien ha podido solucionarlo?
Same here with Ubuntu 20.04 and Docker version 20.10.9
When I create a network, Docker create a related bridge interface but do not add it as gateway to the network.
ip a display the bridge interface which seem ok (could be ping from the host)
79: br-f9bc0d86bd69: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:2e:7e:ee:d6 brd ff:ff:ff:ff:ff:ff
inet 10.10.22.1/24 brd 10.10.22.255 scope global br-f9bc0d86bd69
valid_lft forever preferred_lft forever
inet6 fe80::42:2eff:fe7e:eed6/64 scope link
valid_lft forever preferred_lft forever
Restarting docker service do not help. I also try to force gateway configuration
docker network create --driver=bridge --gateway=10.10.22.1 --subnet=10.10.22.0/24 test-network
After that docker inspect test-network shown gateway as expected, but network did not really working (container not reachable from other network).
At the end I try a full reboot and that's fix my network without any other change. Maybe a missing step when reloading network setting or iptables rules at network creation under certain conditions???
Enabling IP Forwarding fixed the problem for me:
add this line in /etc/sysctl.conf
net.ipv4.ip_forward=1
reload settings and restart docker
sysctl -p
systemctl restart docker
docker network inspect bridge now shows the gateway
Enabling IP Forwarding fixed the problem for me: add this line in
/etc/sysctl.confnet.ipv4.ip_forward=1reload settings and restart docker
sysctl -p systemctl restart docker
docker network inspect bridgenow shows the gateway
Works For me
Same here, docker-ce 20.10.18, Ubuntu 20.04
The GW address is present in the output of docker network inspect bridge.
Adding the address back to the interface using ip addr add 172.17.0.1/16 dev docker0 fixes the problem temporarily until it disappears again.
The issue only appears on a single host out of >60 in a cluster. It is the only one with version 20.10.18. Others are:
7 20.10.12 docker.io with backports/ZFS fixes
52 20.10.17 docker-ce
1 20.10.18 docker-ce <-- only this one suffers from the issue
2 20.10.22 docker-ce
