gorb icon indicating copy to clipboard operation
gorb copied to clipboard
Published 1 year ago verified publisher icon kobolog

does IPVS work for container to container communication on the same bridge?

Open asridharan opened this issue 8 years ago • 3 comments

When I create a backend service with IPVS for a given container, other containers on the same bridge are unable to talk to this container. Reason is due to partially open TCP connection, since all traffic from and to the IPVS service is supposed to go through the host network namespace, but for container to container communication some of the traffic might get switched through the bridge itself.

Does gorb setup iptables SNAT to avoid this situation?

asridharan avatar Jan 19 '17 00:01 asridharan

Do you mean that adding a backend service with container's IP for an IPVS virtual service effectively blocks inter-container communications with that container?

kobolog avatar Jan 24 '17 16:01 kobolog

I noticed, that IPVS doesn't work in separate namespace, i.e. when gorb container is created using --net mybridge. Then if I put backend containers to the same net and define service <gorb_container_ip>:80 -> [<backend_container_1_ip>:80, <backend_container_2_ip>:80], I got connection refused if I do nc -v <gorb_container_ip>:80. Everything works as expected if I create gorb container with --net host.

scsnow avatar Feb 14 '17 13:02 scsnow

I'm still not sure I understand the issue here. Are you trying to access an IPVS service from inside a container that is attached to the same bridge as one of the backends?

kobolog avatar Nov 28 '17 20:11 kobolog