Hi,

I’m currently testing docker 1.12 rc3 in AWS EC2 instances and I can’t seem to get the Routing Mesh to work. I need help.

I tried creating an Nginx service using:

docker service create --name nginx -p 80:80 nginx

After creating a 1 replica, I can only access the Nginx service from the Node where the container was deployed.

I have successfully followed the instruction to create a swarm cluster and have this:
All has public IP…

ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS
2x5htiwk15oe5yxlv57bzmnqw ip-10-10-1-81 Accepted Ready Active
es3mo4ewooa8j389dqq2plwcv ip-10-10-1-224 Accepted Ready Active
esyryf8ebj5eu9urm77udyy0g * ip-10-10-1-82 Accepted Ready Active Leader

I have the following ports opened to public:

TCP 2377
TCP 4789
TCP 7946
TCP 80
TCP 22

Edit: Okay, I’ve managed to make it work by allowing all ports opened to public. I wonder what are the important ports to consider opening ;D

Edit2: The ports that must be opened are:

TCP 2377
TCP 4789
TCP 7946 / UDP 7946
TCP 80
TCP 22

The port requirements should be documented here: https://docs.docker.com/engine/swarm/swarm-tutorial/#/open-ports-between-the-hosts

Hi ! My Mesh routing doesn’t work too and I all my ports are allowed.
When I deployed a Nginx service on one node of the cluster, the container is reacheable only from the node he run on.
Have you an idea ?

@valentinnc What does /var/log/docker.log say. Any errors about Raft, gossip, VXLan, etc.?

Without detailed information we cannot help you fix the issue.

As far as I am concerned, none of the networking is working properly in 1.12. I have a forum topic here:

I run into this issue to today on a CentOS 7. Docker was logging something like:

Apr 14 20:39:40 <hostname> docker[15787]: time="2017-04-14T20:39:40Z" level=error msg="Failed to write to /proc/sys/net/ipv4/vs/conntrack: open /proc/sys/net/ipv4/vs/conntrack: nno such file or directory"
Apr 14 20:39:40 <hostname> docker[15787]: time="2017-04-14T20:39:40.154260407Z" level=error msg="Failed to add firewall mark rule in sbox ingress (ingress): reexec failed: exit status 8"
Apr 14 20:41:17 <hostname> docker[15787]: time="2017-04-14T20:41:17.432619182Z" level=error msg="Failed to delete real server 10.255.0.3 for vip 10.255.0.2 fwmark 259 in sbox ingress (ingress): no such process"
Apr 14 20:41:17 <hostname> docker[15787]: time="2017-04-14T20:41:17.432762944Z" level=error msg="Failed to delete service for vip 10.255.0.2 fwmark 259 in sbox ingress (ingress): no such process"

Problem came from a bad kernel config, my hosting service (scaleway) had the IP_VS_NFCT not enabled (see this issue).

I just updated their boot script to the latest mainline version which set this flag and it works now.