hi, i’m trying to use a container as a router from an internal weave network to the external internet and while the router container works it has some problems. basically any traffic coming back from the internet generates MTU errors from the first weave router (not my router container) slowing things down or making them time out. i know i can play around with the MTU size and have tried that but that doesn’t work too well if the remote host doesn’t get ICMP MTU errors because of firewalling. but to me that really isn’t the problem. the problem is that the packets coming in from the internet aren’t segmented into smaller sizes when going through my router container. if i get packet captures on the internet facing interface (eth1) and the weave interface (ethwe0) on my router container i can see 2k to 4k packets coming in on the internet interface and going out the weave interface with the same size and all of the MTU errors. but if i expose the container host to the weave network (so it’s not going through a docker container) and run the traffic through the host i can see the 2k to 4k packets coming in on the internet side but they are segmented and sent out on the weave side as 1.2k byte packets. so my router container isn’t doing some kind of segmentation process (which should take place in the kernel) and since the container appears to have a subset of the proc file system networking parameters i’m wondering if that’s what is causing the problem and since i can’t add the missing parameters in the container i was wondering how i can go about adding them. so does anybody have any suggestions or ideas? the router container is running as a privileged container and i’m using docker 1.11.1 on centos 7 with a 4.5 kernel. the router container only has iptables in it for NAT.
bitmotel (Bitmotel) #1