wtanzer
(Wtanzer)
October 2, 2024, 1:37pm
1
I’ve updated docker-ce to 27.3.1 on my dietpi linux today.
after that I saw a lot of connection issues between the containers.
the container lost the connection but have been able to reconnect after a few seconds.
I’ve downgraded to 27.2.0 and there I don’t have this issue. all container have a stable connection to each others.
any idea’s what this could be?
all containers have the same bridge network
You could check the release notes (link ).
rimelek
(Ákos Takács)
October 2, 2024, 8:42pm
3
I would also add that Dietpi linux is not a supported distribution. Supported distributions can be found here:
https://docs.docker.com/engine/install/#supported-platforms
If dietpi had a guide for installing Docker, maybe you can try a Dietpi form (if it exists) just in case it is not a general Docker issue.
wtanzer
(Wtanzer)
October 3, 2024, 8:19pm
4
Dietpi is based on Debian and uses the standard packages.
And I had the same issue as well on raspberry
rimelek
(Ákos Takács)
October 4, 2024, 11:24am
5
I found the topic you opend on the Dietpi forum so I leave the link here:
I’ve updated docker-ce to 27.3.1 on my dietpi linux today. after that I saw a lot of connection issues between the containers. the container lost the connection but have been able to reconnect after a few seconds. I’ve downgraded to 27.2.0 and...
Reading time: 1 mins 🕑
Likes: 2 ❤
A distribution is made to change some things in the base distribution. Any small change could affect how some software work which was not expected running on that distribution even if using the same packages.
I’m not saying you can’t ask about the issue here, but if it can’t be reproduced on Debian, it will be harder to help you. I use Ubuntu, and I didn’t notice network issues there yet with v27.3.1. So it is either something that happens on Debian, or something that is different on your machine.
What does this command returns on Dietpi?
cat /etc/os-release
I think the only network related change according to the changelog is this:
moby:27.x
← robmry:backport-27.x/48375_bridge_netfiltering
Kernel module br_netfilter is loaded when the daemon starts with
either iptables… or ip6tables enabled. That automatically sets:
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
So, when:
- docker was running happily with iptables=false, and
- no explicit ip6tables=false, and
- br_netfilter was not loaded
... the change in moby 27.0 to enable ip6tables by default, resulted
in net.bridge.bridge-nf-call-iptables being enabled.
If the host also had a firewall with default-drop on its forward
chain - that resulted in packets getting dropped between containers
on a bridge network.
So, only try to load br_netfilter when it's needed - it's only needed
to implement "--icc=false", which can only be used when iptables or
ip6tables is enabled.
Signed-off-by: Rob Murray <rob.murray@docker.com>
(cherry picked from commit db25b0dcd0461802289e962aa0df3abd323d1994)
Signed-off-by: Rob Murray <rob.murray@docker.com>
wtanzer
(Wtanzer)
October 7, 2024, 3:31pm
6
I still have no solution, but I found something.
Is it possible, that two containers can have the same internal mac address?
In my case two containers have the same mac address. not sure if this is a problem, but it might be
wtanzer
(Wtanzer)
October 7, 2024, 4:05pm
7
I changed the mac address from one of this containers and it seems that solved the issue.
meyay
(Metin Y.)
October 7, 2024, 4:19pm
8
A mac address should be unique in a network, otherwise the switches and network devices in this network will freak out… Regardless, whether docker is part of the equation or not.
wtanzer
(Wtanzer)
October 7, 2024, 4:33pm
9
yes, I know.
but how can it be that two containers get the same mac address? they are both on the same network.
meyay
(Metin Y.)
October 7, 2024, 4:37pm
10
If you don’t specify the mac addresses, docker should assign unique mac addresses.
wtanzer
(Wtanzer)
October 7, 2024, 4:41pm
11
I haven’t specified any mac address. but two containers got the same mac. only removing one from the network and adding it back solved the issue
meyay
(Metin Y.)
October 7, 2024, 4:46pm
12
Sounds like a bug to me…
If you have troubleshooting notes that allow to reconstruct the issue, then it would be great if you could report it here https://github.com/moby/moby/issues .
wtanzer
(Wtanzer)
October 7, 2024, 4:57pm
13
I tried to reproduce. But it happened only twice.
wtanzer
(Wtanzer)
October 7, 2024, 6:25pm
14
I can now reproduce it. it happens after docker deamon restart
I opened a bug
opened 04:55PM - 07 Oct 24 UTC
status/0-triage
kind/bug
area/networking
version/27.3
### Description
Two containers got after a docker service restart the same MAC … address. This caused a lot of network issues.
it happened only twice after the restart. Not always
Containers are in the same bridge network
### Reproduce
Restart of host or docker service
### Expected behavior
Each container should have it’s own MAC address
### docker version
```bash
Client: Docker Engine - Community
Version: 27.3.1
API version: 1.47
Go version: go1.22.7
Git commit: ce12230
Built: Fri Sep 20 11:41:11 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 27.3.1
API version: 1.47 (minimum version 1.24)
Go version: go1.22.7
Git commit: 41ca978
Built: Fri Sep 20 11:41:11 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.22
GitCommit: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
runc:
Version: 1.1.14
GitCommit: v1.1.14-0-g2c9f560
docker-init:
Version: 0.19.0
GitCommit: de40ad0
```
### docker info
```bash
Client: Docker Engine - Community
Version: 27.3.1
Context: default
Debug Mode: false
Plugins:
compose: Docker Compose (Docker Inc.)
Version: v2.29.7
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 11
Running: 10
Paused: 0
Stopped: 1
Images: 11
Server Version: 27.3.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: journald
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
runc version: v1.1.14-0-g2c9f560
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1.0-26-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.58GiB
Name: DietPi
ID: 9fb2b93b-d4a0-470f-bfb8-c5496e5161db
Docker Root Dir: /mnt/dietpi_userdata/docker-data
Debug Mode: false
Username: wtanzer
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
```
### Additional Info
_No response_
1 Like
rimelek
(Ákos Takács)
October 7, 2024, 8:01pm
15
It seems you are indeed not the first with this issue
docker network inspect prod-net
"7926d6c3e74c3fe11823f2497d82680b85cce93e67b3fffdf4ffd36c6bf89f5b": {
"Name": "mongo",
"EndpointID": "d6f4bc568b35d27e79e3737e2ad5384021fab6f0ed8195c17bfa5aa6d5bf0c13",
"MacAddress": "02:42:ac:13:00:08",
"IPv4Address": "172.19.0.8/16",
"IPv6Address": ""
},
"665a547e8feb7a5cfbc936281133c6d7b4665a8e7ed4c1186664f64900c36fd7": {
"Name": "analytics",
"EndpointID": "3a2a62064e6d7ec50da28e81eae197cd4e99a7c920fcb79fa579e1f7d41f390a",
"Mac…
1 Like