sysbox icon indicating copy to clipboard operation
sysbox copied to clipboard
verified publisher icon nestybox

DNS issues when using sysbox-runc in a macvlan

Open GiugAles opened this issue 1 year ago • 3 comments

Hey everyone,

thank you for your work on sysbox!

I am running sysbox-runc on archlinux which I know is not officially supported. Still, it would be much appreciated if you could give any pointers.

When I run a container that is connected to a macvlan with sysbox-runc and run e.g. curl example.org in that container, I get a lot of DNS queries even after I get the response from curl. If I use 8.8.8.8 as DNS server via the compose file, everything seems to be working fine. DNS queries go out, request to example.org is made, response is shown, no further DNS queries. However, I am posting this here because if I do not use sysbox-runc, everything works fine without specifying the DNS server in the compose file. I used wireshark for my observations. Any idea what I am missing?

compose file

services:
  debug-dns:
    build:
      context: .
      dockerfile: Dockerfile
    # I toggled these during my experiments
    # runtime: sysbox-runc
    # dns: 8.8.8.8
    entrypoint: ["tail", "-F", "anything"]
    networks:
      debug-network:

networks:
  debug-network:
    external: true
    name: my-macvlan-net

Note: This is image dose not require sysbox-runc. I just used it for demonstration purposes. I encountered this while actually using nestybox/ubuntu-noble-systemd-docker

Corresponding Dockerfile

FROM ubuntu

RUN apt update && apt install -y neovim curl

my-mavlan-net: docker network create -d macvlan --subnet=192.168.2.0/24 --gateway=192.168.2.1 -o parent=eth0 my-macvlan-net

GiugAles avatar Sep 01 '24 10:09 GiugAles

@GiugAles, I ran a quick test with a macvlan custom-network and observed the same forwarding issues in both the sysbox-runc and the regular runc container, so at first glance it doesn't look like a Sysbox-specific issue.

Also, you mentioned that the problem is not seen when you use a compose recipe, but I don't see you specifying the macvlan driver in this compose file.

Leaving the docker-compose variable aside for a moment, can you please try to run two docker containers using the same macvlan driver, one with sysbox-runc and the other with runc, and verify that the problem is only seen in Sysbox?

rodnymolina avatar Sep 09 '24 06:09 rodnymolina

@GiugAles, please try to reproduce with the fix for this (potentially similar) issue and let us know if this fixes your problem. Notice that you'll need to build sysbox yourself since our new sysbox-ce image is not ready yet. Thanks.

rodnymolina avatar Sep 23 '24 04:09 rodnymolina

Hey @rodnymolina ,

thank you for your response.

Also, you mentioned that the problem is not seen when you use a compose recipe, but I don't see you specifying the macvlan driver in this compose file.

The compose file was used in both cases, I just toggled setting DNS by commenting in/out in the compose file.

@GiugAles, please try to reproduce with the fix for https://github.com/nestybox/sysbox-runc/pull/99 (potentially similar) issue and let us know if this fixes your problem. Notice that you'll need to build sysbox yourself since our new sysbox-ce image is not ready yet. Thanks

I will have a look, but it might take a while.

GiugAles avatar Oct 01 '24 07:10 GiugAles