4 Replies Latest reply on May 21, 2019 2:18 AM by JimKnopf99

    NSX and Docker

    JimKnopf99 Master

      Hi,

      i am new to nsx and docker. I have the following question:

       

      If i am using for example a ubuntu server with docker and install a tomcat, then i am able to open the defautl page of my tomcat container.

      The VM is running on an standard vswitch on vSphere 6.7U2.

       

      Now, if i move that vm or install a new vm on an different vSphere Cluster with own vCenter (same Version), i am not able to open the default tomcat website.

      The only thing that is different, is the nsx part.

      Insight NSX, i have an edge device connected to the switch and to the uplink. Thats the only thing that i have configured.

      I try to change the docker network that is used for internal traffice (IP) because we are also using a 172. ip range. But that doesn´t help.

       

      Update:

      I was able to open the default tomcat website if i am insight the same switch (Network, subnet). But not from outside (different subnet).

       

      Any help will be appreciated

       

      Frank

        • 1. Re: NSX and Docker
          Sreec Master
          vExpertCommunity Warriors

          Hello Frank,

           

          if i am using for example a ubuntu server with docker and install a tomcat, then i am able to open the defautl page of my tomcat container.

          The VM is running on an standard vswitch on vSphere 6.7U2.

           

          May i know from were you are able to open the default web page successfully ? Is within the container VM or outside the VM  from same subnet or different subnet ?

           

          Now, if i move that vm or install a new vm on an different vSphere Cluster with own vCenter (same Version), i am not able to open the default tomcat website.

          The only thing that is different, is the nsx part.

          Insight NSX, i have an edge device connected to the switch and to the uplink. Thats the only thing that i have configured.

          I try to change the docker network that is used for internal traffice (IP) because we are also using a 172. ip range. But that doesn´t help.

           

          How is your docker network configuration ? Is it running on default bridge and you have exposed any ports ? Do we have any overlay in the container network ? 

          My suggestion would ensure VM external IP (which you are using for container traffic) is accessible in first place . So keep docker completely aside and check the connectivity for VM network connected to Edge . If that connectivity is successful , please revert with below points.

           

          1. VM O/S model with iptables output (iptables -t nat -L -n)

          2. Ifconfig output of Virtual machine with route -n output

          3. VM network- Edge connectivity flow and routing protocol details(if routing is configured)

          4. Destination network from which you are trying to access with the IP address and port details what you are using.

          • 2. Re: NSX and Docker
            JimKnopf99 Master

            Hi,

             

            i am able to open the default web page from an windows server insight the same subnet.

             

            The docker host is able to ping an connect to our entire network. There is no issue what i see related to network connection.

            I am not able to open the webpage for example from my own workstations. This workstation is on an different subnet and also not on the vmware cluster.

            I am also able to login with ssh from my client into the server

             

            I am using the default docker network bridge. And i expose only one  port with the option -p 8888:8080

            It is an ubuntu 19.04 server.

            The Firewall isn´t running.

            Output of ufw status is inactive

             

            iptables output

            sudo iptables -t nat -L -n

            Chain PREROUTING (policy ACCEPT)

            target     prot opt source               destination

            DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

             

            Chain INPUT (policy ACCEPT)

            target     prot opt source               destination

             

            Chain OUTPUT (policy ACCEPT)

            target     prot opt source               destination

            DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

             

            Chain POSTROUTING (policy ACCEPT)

            target     prot opt source               destination

            MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0

            MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:8080

             

            Chain DOCKER (2 references)

            target     prot opt source               destination

            RETURN     all  --  0.0.0.0/0            0.0.0.0/0

            DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080

             

             

            Thanks

            Frank

            • 3. Re: NSX and Docker
              Sreec Master
              Community WarriorsvExpert

              Thanks for providing the config details of docker. Networking side of docker looks fine .

               

              1. What IP address are you trying from workstation to access the web page ?

              2. Can you also post ifconfig output of ubuntu machine ?

              3. Iam also able to login with ssh from my client into the server - here the server you are referring is ubuntu machine ,is that correct ?

              • 4. Re: NSX and Docker
                JimKnopf99 Master

                The issue was related to the bridge network. After creating a test network with a different ip range, the container runs as it should.

                Thanks

                Frank