Issue with Transparent Network in Docker on a Windows VM Hosted on VMware

barsuk4 · March 9, 2024, 9:25pm

I’m facing a networking issue with Docker running on a Windows virtual machine hosted on VMware. My goal is to establish direct network communication between Docker containers and a SQL Server Database (DB) for using Distributed Transaction Coordinator (DTC) via NetBIOS names and ports, within the same network segment 192.168.12.0/24.

Here’s a summary of my setup and the problem:

Environment Setup:
- The Docker host (Windows VM) and the SQL Server are both located within the same network segment 192.168.12.0/24.
- The Windows VM Docker host has an additional network interface.
- Docker containers need to communicate directly with the SQL Server using DTC, which requires them to be in the same network and be accessible by NetBIOS names and ports.
Issue Description:
- I attempted to use Docker’s transparent networking to allow containers to obtain IP addresses from the 192.168.12.0/24 subnet directly and communicate with the SQL Server.
- Despite the containers seemingly receiving IP addresses from the desired subnet, DHCP requests don’t seem to reach the DHCP server.
- Containers appear to obtain IP addresses automatically but are not accessible from any physical host within the 192.168.12.0/24 network, suggesting a lack of direct network visibility or incorrect IP address allocation.
- Network monitoring tools on the Docker host have shown packets being routed from the host to the DB server during container DB access attempts, indicating that the containers might not have direct network access to the 192.168.12.0/24 network as intended.
Attempts and Observations:
- Firewall configurations have been checked and are not blocking the communication. (Firewall is off on both DB and Docker)
- Direct usage of host networking, as commonly applied in Linux environments, doesn’t apply here due to the Windows-based setup.
- There seems to be a “hidden” layer of routing or network address translation happening that prevents the containers from participating in the network as independent hosts with direct visibility.

Has anyone encountered a similar issue with Docker on Windows, particularly with transparent networking not working as expected?
Any insights into ensuring direct network visibility for Docker containers in the same subnet as the SQL Server, or how to properly configure Docker networking on Windows to support DTC over NetBIOS, would be greatly appreciated.

rimelek · March 9, 2024, 9:29pm

I moved the topic to the DockerEngine category, because you mention you run a Windows virtual machine on VMWare, but I might have made a mistake as I’m not sure you are not trying to run Docker Desktop in that Windows virtual machine. So how exactly did you installed Docker in that VM? And do you really run Windows containers or Linux containers on Windows?

barsuk4 · March 10, 2024, 12:04pm

Hi, Ákos

Exactly.

I ran docker desktop on a Windows virtual machine.

My problem is that - I cannot get direct access from the container to
the existing physical network.

When creating a network in docker with the transparent driver, packets
from inside the container are routed through the docker network. And
this is not a transparent network mode.
Maybe there are additional settings that I don’t know about

meyay · March 10, 2024, 12:34pm

Did you follow the instructions in the docs when you created the container network using the transparent driver?

https://learn.microsoft.com/en-us/virtualization/windowscontainers/container-networking/advanced#bind-a-network-to-a-specific-network-interface

Those instructions are for the Docker Engine on Windows Server, so they may or may not work with Docker Desktop.

barsuk4 · March 10, 2024, 1:20pm

Hi, Metin!

Thanks for the link!
I didn’t find it before.
I am using docker on windows 2022
I followed the recommendation in your link, but I didn’t quite get what
I wanted.

The DHCP server lease the container address. ICMP packets began to flow.
This is already a success!

But… From the physical network, the container is still not available
by the received address.

I made a trace from inside the container. Packages do not go directly to
the network, but through the docker interface.

I use Network Monitor on docker host. ICMP traffic goes through docker
interface 172.###.###.### to the DB server.

meyay · March 10, 2024, 1:50pm

@vrapolinario: can you pitch in?

rimelek · March 10, 2024, 7:19pm

I have to add that Docker Desktop is not supported on Windows server and never was.

@vrapolinario once shared a link to run Linux containers in WSL2 on Windows server 2022

But you wrote you wanted to run Linux containers. I can’t say that what you want wont work with Docker dEsktop and Windows containers (maybe vrapolinario knows the answer), but at least it is not officially supported.

barsuk4 · March 11, 2024, 5:48am

My fail!

I forgot to add the details of the problem.
I am creating a windows container. I need to containerize a Windows
application with ActiveX components.

And i need same network with ms sql server to work with MSDTC.

vrapolinario · March 11, 2024, 10:23pm

Thanks for adding me @meyay.

@barsuk4 To confirm: you have installed Docker from the official link provided above (which installs Moby), correct? Did you create a network before you created the containers? Which network type? and when you created the containers, did you add them to that network? Here’s the docs for networking: Windows container network drivers | Microsoft Learn