Network issues occur on debian 12 host (No ping or ssh) after mysql container starts

Not sure whee to post htis but really use some help.

I have docker installed on debian 12.
4 CPU
8 GB RAM
172.20.2.151
172.20.2.0/24
No firewall

I have tested two containers set up via docker-compose : hello_world and busy_box and have been able to stay connected remotely via ssh and ping both remotely and locally on the VM host. Networking is stable.
Awesome Docker works like a dream -

Oh really?

However when deploying the official MySQL image/container (also tested bitnamis version of mysql) and having it start up… my remote SSH connection drops and the local ping test (ping www.google.com or 8.8.8.8) on the Linux host goes “no reply”… Stopping the mySQL instance restores SSH and the local ping check once again starts to reply.

I have done everything i can and have not been able to find a resolution…??
no resources issues - mysql is 5% of total resource
No issue on ip addr show or ip routes before and after the container start?
even gave the container in network bridge interface a custom network - no change…

There has to be a conflict somewhere right???

I have no idea why host network stack goes out to lunch when the mysql container is run?

Has any had this happen before? This is making me obsessive…

  • John

I know you mentioned there is no problem with the IP addresses and you tried a custom docker network, but your host IP is still in the IP range where Docker creates networks. It should not be a problem as Docker would (should) recognize it, but it is still suspicious.

I would try a traceroute or tracepath on the host when ping doesn’t work. Have you checked al the docker networks? Could be there one that has a mask that confused you and you thought the IP addresses could not collide? It is not likely though that even a custom network is configured wrong and you choose a wrong ip range. Can you share how you created a custom network with what config?

I could also imagine that when the container starts, an IP tables rule added which causes the problem, but I don’t find it likely either.

docker-compose or docker compose? Make sure you don’t use the old compose. Unless you are using Docker Desktop, docker-compose is Compose v1. You should always use Compose v2.

i’m on (host) 172.20.2.* - docker mySQL container is on the default, what IP in the network bridge host file or config would you recommend?

how can you ping from the container out? the host loses its net connectivity and fails to ping www.google.com when the container is running. I have not tried pinging from inside hte container?

Overall when the container starts something is happening to the ip stack or supporting configurations? right? but what?

Every compose project creates a docker network dynamically. It could be the same every time or it could be different.

not sure what you mean by “network bridge host file”. But the default subnet mask is /16 so it includes 172.20.*.*. I have no recommendation just to use an ip range that doesn’t intersect with another network.

Can you explain what you mean? You can use a ping command if the image already has the package. I guess iputils-ping or something like that. Or use a special test container based on nicolaka/netshoot.