docker访问网站丢包故障

发表评论
2140 views

docker访问网站丢包故障

docker访问网站丢包故障

故障现象

docker的容器内部

#ping www.baidu.com
可以ping通

docker内部访问centos的镜像下载

#curl https://centos的镜像源。
超时

处理

  • 查看系统的网络情况
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:89:df:d6 brd ff:ff:ff:ff:ff:ff
    inet 172.20.41.85/24 brd 172.20.41.255 scope global dynamic eth0
       valid_lft 31140sec preferred_lft 31140sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:ef:4f:b1:ed brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: br-837a6f78d738: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:5a:5c:d8:ff brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-837a6f78d738
       valid_lft forever preferred_lft forever

这里的eth0的网络的mtu为1442,但是生成的docker0的网卡和br的网络都是1500

  • 查看虚拟机的网络
root@9481f2fd8688:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.5/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

这里的docker的网卡的mtu为1500

这里会导致一个问题,docker的最大数据包为1500,但是eth0这边能处理的最大的mtu为1442.当docker发送一个1500的包的时候 超过了eth0的mtu,这时候eth0会丢弃这个包。最终导致超时

  • 解决办法
修改docker的启动配置
# cat /etc/docker/daemon.json 
{
  "log-driver": "json-file",
  "log-opts": {"max-size": "50m", "max-file": "3"},
  "mtu": 1440
}
  • 重启docker
systemctl restart docker

另外,docker-compose文件

networks:
  default:
    driver: bridge
    driver_opts:
      com.docker.network.driver.mtu: 1440