Re: NSX and Docker

JimKnopf99 · ‎05-20-2019

Hi,

i am new to nsx and docker. I have the following question:

If i am using for example a ubuntu server with docker and install a tomcat, then i am able to open the defautl page of my tomcat container.

The VM is running on an standard vswitch on vSphere 6.7U2.

Now, if i move that vm or install a new vm on an different vSphere Cluster with own vCenter (same Version), i am not able to open the default tomcat website.

The only thing that is different, is the nsx part.

Insight NSX, i have an edge device connected to the switch and to the uplink. Thats the only thing that i have configured.

I try to change the docker network that is used for internal traffice (IP) because we are also using a 172. ip range. But that doesn´t help.

Update:

I was able to open the default tomcat website if i am insight the same switch (Network, subnet). But not from outside (different subnet).

Any help will be appreciated

Frank

If you find this information useful, please award points for "correct" or "helpful".

Sreec · ‎05-20-2019

Hello Frank,

if i am using for example a ubuntu server with docker and install a tomcat, then i am able to open the defautl page of my tomcat container.

The VM is running on an standard vswitch on vSphere 6.7U2.

May i know from were you are able to open the default web page successfully ? Is within the container VM or outside the VM from same subnet or different subnet ?

Now, if i move that vm or install a new vm on an different vSphere Cluster with own vCenter (same Version), i am not able to open the default tomcat website.

The only thing that is different, is the nsx part.

Insight NSX, i have an edge device connected to the switch and to the uplink. Thats the only thing that i have configured.

I try to change the docker network that is used for internal traffice (IP) because we are also using a 172. ip range. But that doesn´t help.

How is your docker network configuration ? Is it running on default bridge and you have exposed any ports ? Do we have any overlay in the container network ?

My suggestion would ensure VM external IP (which you are using for container traffic) is accessible in first place . So keep docker completely aside and check the connectivity for VM network connected to Edge . If that connectivity is successful , please revert with below points.

1. VM O/S model with iptables output (iptables -t nat -L -n)

2. Ifconfig output of Virtual machine with route -n output

3. VM network- Edge connectivity flow and routing protocol details(if routing is configured)

4. Destination network from which you are trying to access with the IP address and port details what you are using.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

JimKnopf99 · ‎05-20-2019

Hi,

i am able to open the default web page from an windows server insight the same subnet.

The docker host is able to ping an connect to our entire network. There is no issue what i see related to network connection.

I am not able to open the webpage for example from my own workstations. This workstation is on an different subnet and also not on the vmware cluster.

I am also able to login with ssh from my client into the server

I am using the default docker network bridge. And i expose only one port with the option -p 8888:8080

It is an ubuntu 19.04 server.

The Firewall isn´t running.

Output of ufw status is inactive

iptables output

sudo iptables -t nat -L -n

Chain PREROUTING (policy ACCEPT)