I’m running Docker Desktop v4.34.2 (167172) - and was trying out the (relatively) new host networking support. Observed a situation where some clients had issues connecting to the server (running in docker), and after a bit of troubleshooting distilled it down to the following reproducing example:

On the “server” (running in docker using --network=host) I spawn 20 listener processes, listening to ports N - N+19. Then I start (on the host itself) 20 clients, each connecting to one of the server ports. The expected outcome would be that each client connects and then gracefully close the connection. However, only the first 18 of the clients (and this number is consistent!) succeed. The last 2 clients fail with econnrefused as if the listener is not active. No indication of an issue on the server-side; the call to open a the TCP-listener is successful and there are no errors.

The image is a bog standard alpine-image. If the server is started without --network=host but with the ports being explicitly mapped the test works as expected. Is there a (known) limitation in the host networking support limiting the number of active sockets? If so 18 seems a bit low (and a weird number), is there a way to work around this?

I can’t give you an exact answer, but it is worth knowing that the host network of Docker desktop is something that I usally just call “fake host network”. The aplications will always listen inside the virtual machine, but Docker Desktop can forward requests so you can access a port used on the host as long as the protocol is supported. I guess what you experience is the consequence of this solution.

Thanks for your insights!

We concluded the same thing, the host network isn’t “production ready” just yet. A quick experiment with one of the alternatives (Colima) shows no problems with this particular test, but we’ll see what works out best eventually. Interesting problem to investigate, nevertheless, listen sockets capping at 18 was a first!