Share and learn in the Docker community.
I noticed that accessing Internet resources from a container is really slow.
In a terminal, I do:
traceroute google.com
The result is that the first hop to the gateway on the Docker subnet takes a really long time to complete.
Once the gateway hop is passed, we’re on the Internet and from here response times are normal.
When I open a terminal on the host, the traceroute has acceptable response times.
How do I proceed solving this issue?
The most important questions is what kind of Docker you have and how you installed it on what operating system.
Since Docker would not cause significant difference in the speed of network traffic, my guess is that the traffic is slow because of a large amount of lost packets. It could be caused by different MTU values. Run
ip link | grep mtu
Normally you should see something like this
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 ...
2: enp0s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
4: br-d5039cd04820: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 ...
6: veth25701db@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
I removed the end of the lines so the mtu values are more noticable. The value is usually 1500. If the difference is big, you can have many lost packages so everything is retried multiple times.
Since “lo” is the loopback interface communicating with the machine itself, I guess it is normal to have a large mtu.
Just like in your example, the MTU of “lo” is 65536 and for eth0, it is 1500, as per the settings in network.
I guess, from a settings perspective, everything is right.
Any other suggestions?
It was just an idea, because it was the most common issue I have seen before. When it comes to networking I always have to sit down and investigate everything I can, but I don’t have a todo list for these cases. You can use tcpdump or tshark to trace network packets, which can help to recognize unexpected behaviors if you know what is expected. You can check docker networks (ip addresses)
docker network inspect NETWORKNAME
and you can check the routing table
ip route
or
route
I am not sure what could go wrong there, but routing is relevant too
You can also check if all docker bridges are slow (default “docker0” and user-defined networks) or just one network. Normally the traffic would start from the container going through a veth* interface on the host to a docker bridge. I don’t see how it could slow down and what can slow it down. Maybe there is setting I don’t know about which matters, but I can’t tell you.
For me, I was connected to a VPN on my host and after disconnecting, the container networking was fast again.