Docker Community Forums

Share and learn in the Docker community.

Swarm service port communication error


(Swamip) #1

Hi,

We have deployed docker swarm on servers which are spread in the DMZ and Non-DMZ environment. The issue is that the docker services within the DMZ are reachable to each other, same for the services on the Non-DMZ servers, but the connection (telnet) fails for service port in Non- DMZ from DMZ server and vice-versa.

Non-DMZ to Non-DMZ service works:
[root@a8eeabc63843 ~]# ping zookeeper1
PING zookeeper1 (10.0.3.62) 56(84) bytes of data.
64 bytes from 10.0.3.62: icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from 10.0.3.62: icmp_seq=2 ttl=64 time=0.073 ms
^C
— zookeeper1 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.073/0.073/0.074/0.008 ms
[root@a8eeabc63843 ~]#
[root@a8eeabc63843 ~]#
[root@a8eeabc63843 ~]# telnet zookeeper1 32181
Trying 10.0.3.62…
Connected to zookeeper1.
Escape character is ‘^]’.
^CConnection closed by foreign host.
[root@a8eeabc63843 ~]#

DMZ to DMZ service works:
[mwapp@e20967b29823 local]$ ping apiadmin
PING apiadmin (10.0.3.163) 56(84) bytes of data.
64 bytes from 10.0.3.163: icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from 10.0.3.163: icmp_seq=2 ttl=64 time=0.078 ms
^C
— apiadmin ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.061/0.069/0.078/0.011 ms
[mwapp@e20967b29823 local]$
[mwapp@e20967b29823 local]$
[mwapp@e20967b29823 local]$
[mwapp@e20967b29823 local]$ telnet apiadmin 9080
Trying 10.0.3.163…
Connected to apiadmin.
Escape character is ‘^]’.
^C
Connection closed by foreign host.
[mwapp@e20967b29823 local]$

DMZ to Non-DMZ service, PING works but Telnet FAILS
[mwapp@e20967b29823 local]$ ping zookeeper1
PING zookeeper1 (10.0.3.62) 56(84) bytes of data.
64 bytes from 10.0.3.62: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 10.0.3.62: icmp_seq=2 ttl=64 time=0.111 ms
^C
— zookeeper1 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.073/0.092/0.111/0.019 ms
[mwapp@e20967b29823 local]$
[mwapp@e20967b29823 local]$
[mwapp@e20967b29823 local]$ telnet zookeeper1 32181
Trying 10.0.3.62…
^C
[mwapp@e20967b29823 local]$

docker version:
Client:
Version: 17.06.2-ce
API version: 1.30
Go version: go1.8.3
Git commit: cec0b72
Built: Tue Sep 5 19:59:06 2017
OS/Arch: linux/amd64

Server:
Version: 17.06.2-ce
API version: 1.30 (minimum version 1.12)
Go version: go1.8.3
Git commit: cec0b72
Built: Tue Sep 5 20:00:25 2017
OS/Arch: linux/amd64
Experimental: false

docker info:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 17.06.2-ce
Storage Driver: overlay
Backing Filesystem: extfs
Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: 1zupzp40ox28fx4xfwqtp2ak1
Is Manager: false
Node Address: 10.147.164.104
Manager Addresses:
10.147.164.103:2377
10.147.165.108:2377
10.147.165.143:2377
10.147.165.155:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 6e23458c129b551d5c9871e5174f6b1b7f6d1170
runc version: 810190ceaa507aa2727d7ae6f4790c76ec150bd2
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-327.10.1.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 15.51GiB
Name: JMNGD1BLD50V03
ID: JNGW:6J3M:R725:UBGP:XZNV:XUBQ:BLWE:MVID:5JJX:UTFP:VMMJ:Z2UX
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
ril-docker-repo:5000
127.0.0.0/8
Live Restore Enabled: false

WARNING: bridge-nf-call-ip6tables is disabled

Any help will be highly appreciated.