Will docker inherit the host kernel parameters, such as tcp_tw_reuse/tcp_fin_timeout?

da245764231 · July 18, 2019, 2:44pm

I am confused with whether docker will inherit the host’s kernel parameter.I have do some tests as below:
The kernel version:

$ uname -r
3.10.0-957.el7.x86_64

I want to echo the ip_local_port_range parm and the command is :

$ sudo docker run --rm busybox cat /proc/sys/net/ipv4/ip_local_port_range

the output:

That is quite reasonable as ip_local_port_range is a namespaced parameter and I guess it inherits from the host.

Test tcp_tw_reuse parameter:

sudo docker run --rm busybox cat /proc/sys/net/ipv4/tcp_tw_reuse

the output:

cat: can't open '/proc/sys/net/ipv4/tcp_tw_reuse': No such file or directory

That is reasonable too, as far as I know, in kernel 3.10 the tcp_tw_reuse is not namespaced and the docker does not have that file.
Now, I would like to know is, as the ‘/proc/sys/net/ipv4/tcp_tw_reuse’ file is not present in the container, will the container inherit its value from the host. Any help will be appreciated.

da245764231 · July 21, 2019, 7:55am

Anyone have Any ideas?

meyay · July 22, 2019, 9:58pm

try docker --sysctl net.ipv4.ip_local_port_range="1024 65535" image

Todays release of Docker 19.03 introduced sysctl for swarm deployments as well.

da245764231 · July 30, 2019, 1:55am

Thanks for your reply , and I know I could use sysctl to change kernel parameter in Docker .What confused me is will docker inherit the host kernel parameters, such as tcp_tw_reuse/tcp_fin_timeout?

meyay · July 30, 2019, 6:35am

So the question is: do namespaced kernel parameters inherit the general value? Why shouldn’t they?!

See: Configure namespaced kernel parameters (sysctls) at runtime

I do set “net.ipv4.tcp_keepalive_time=600” to get rid of the service vip timouts. Standalone container (docker run/docker-compse) do use this value, though you can create the container using different values for their namespace. With Docker 19.03 the support was introduced for Docker swarm as well.

The way you are trying to change the kernel parameter is wrong! You have to use the cli-parameter or add --privilged when you run/create your container.

niaomingjian · August 27, 2020, 7:40am

docker --version
Docker version 19.03.12, build 48a66213fe

In any container running in Docker, I only can find out 6 files starting with “net.ipv4.tcp_”
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_mem = 133614 178153 267228
net.ipv4.tcp_min_snd_mss = 48

The docker host is CentOS7 and it has 55 these kind of files.
root@7d929239742c:/# uname -a
Linux 7d929239742c 3.10.0-1127.18.2.el7.x86_64 #1 SMP Sun Jul 26 15:27:06 UTC 2020 x86_64 GNU/Linux

If a file exists in the container, I can modify it via --sysctl, such as net.ipv4.tcp_keepalive_time.
If the file doesn’t exist, I also encounter the same error “No such file or directory”, such as net.ipv4.tcp_tw_reuse. Then there is no way to modify it?

Topic		Replies	Views
How to tune kernel properties in Docker Images General	2	22286	March 1, 2019
How to set net.ipv4.tcp_tw_reuse in docker General	2	7377	March 13, 2018
Setting tcp_keepalive_time param for containers Compose	7	30375	April 24, 2019
Unable to start a container when using the --sysctl flag General	5	7728	June 29, 2017
TCP timeout that occurs only in Docker Swarm, not simple "docker run" Swarm	5	22262	September 20, 2018

Will docker inherit the host kernel parameters, such as tcp_tw_reuse/tcp_fin_timeout?

Related Topics