A server that we have docker installed on has suddenly become unavailable from one of our internal networks.
The network team has identified that the issue only affects users on a network 172.31.0.0/18 other users on networks starting 10.x.x.x are not affected.
Our docker bridge network is 172.17.0.0/16
The symptoms are that the server is totally inaccessible, we don’t even get a response from a ping to the server.
The only drop messages in iptables are as follows
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
RETURN all – anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (14 references)
target prot opt source destination
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
RETURN all – anywhere anywhere
Does anyone know if these iptables entries could cause these symptoms?
If not, is there anything else I could try to remove docker or the server itself from the equation and perhaps narrow the source of the problem down to a network router issue?