Docker Beta has conflicts when mapping same port on different IPs

Expected behavior

I should be able to map one port on different IP addresses from different containers. When not using docker it’s possible on Mac OS X:

$ sudo ifconfig lo0 add 127.10.0.1 netmask 0xffffffff
$ sudo ifconfig lo0 add 127.10.0.2 netmask 0xffffffff
$ nc -l 127.10.0.1 4444 &
 [1] 75410
$ nc -l 127.10.0.2 4444 &
 [2] 75418

I’ll be able to connect to these listening ports separately using (for example) telnet

From Docker I would expect this similar functionality to work properly:

$ docker run -it --rm -p 127.10.0.1:4444:4444 appropriate/nc -l 4444
# (in another terminal)
$ docker run -it --rm -p 127.10.0.2:4444:4444 appropriate/nc -l 4444

Actual behavior

Docker does not allow me to map the same port on a second IP address:

$ sudo ifconfig lo0 add 127.10.0.1 netmask 0xffffffff
$ sudo ifconfig lo0 add 127.10.0.2 netmask 0xffffffff
$ docker run -it --rm -p 127.10.0.1:4444:4444 appropriate/nc -l 4444
# (in another terminal)
$ docker run -it --rm -p 127.10.0.2:4444:4444 appropriate/nc -l 4444
docker: Error response from daemon: driver failed programming external connectivity on endpoint serene_torvalds (7cc7c5e6ad2ac75f7285a067dae239f567d608c0f96283ac2adc9d32ace2f00d): Error starting userland proxy: failed bind vsock connection to ffffffff.0001115c, returned -1.

Information

$ pinata diagnose -u
OS X: version 10.11.4 (build: 15E65)
Docker.app: version v1.11.1-beta13
Running diagnostic tests:
[OK]      Moby booted
[OK]      driver.amd64-linux
[OK]      vmnetd
[OK]      osxfs
[OK]      db
[OK]      slirp
[OK]      menubar
[OK]      environment
[OK]      Docker
[OK]      VT-x
Docker logs are being collected into /tmp/20160527-120209.tar.gz
Most specific failure is: No error was detected
Your unique id is: CF956663-CA82-4531-AE65-5758039FA3FE
Please quote this in all correspondence.

Reproducible case: see “steps to reproduce” or "actual behavior"
Host distribution: OS X El Capitan Version 10.11.4

Steps to reproduce the behavior

  1. Add two IP addresses to lo0 interface:
$ sudo ifconfig lo0 add 127.10.0.1 netmask 0xffffffff
$ sudo ifconfig lo0 add 127.10.0.2 netmask 0xffffffff
  1. Try to run two docker instances attempting to map the same port on these two new IP addresses (in separate terminals):
$ docker run -it --rm -p 127.10.0.1:4444:4444 appropriate/nc -l 4444
# (in another terminal)
$ docker run -it --rm -p 127.10.0.2:4444:4444 appropriate/nc -l 4444

Note the containers do not actually have to listen on the port, it’s also possible to use alpine image:

$ docker run -it --rm -p 127.10.0.1:4444:4444 alpine sh
$ docker run -it --rm -p 127.10.0.2:4444:4444 alpine sh
  1. An error will occur on the second terminal similar to the following:
    docker: Error response from daemon: driver failed programming external connectivity on endpoint condescending_nobel (545e9683b4ad06088a10019647f66a1ee8aab644a5848ef3676f03d0641a9b9b): Error starting userland proxy: failed bind vsock connection to ffffffff.0001115c, returned -1.

Similar issues

Please note that this issue is different from this one: Bind on loopback different from 127.0.0.1
In the given issue there’s a EADDRNOTAVAIL error issued because OSX does not allow to allocate another IP address on the interface unless you explicitly add it with ifconfig. Contrary to the mentioned issue, I am able to map port on non-127.0.0.1 address, but only once per port.

1 Like