Containers lose connectivity to the internet after being connected to by the host

[qwitwa]

To reproduce:

• Create a new container on the acme network
• Drop to shell inside it using docker exec
• Run ping 8.8.8.8, and get back responses
• Run python -m http.server
• Connect from a browser on the mac and look at the directory listing
• Quit the python server with Ctrl-C
• Run ping 8.8.8.8 again

Expected behavior:

• ping command behaves as before

Actual behavior:

• ping hangs and all packets are lost

[mal]

Thanks for the report @qwitwa.

A few of my colleages have seen this on occasion too, I believe it to be related https://github.com/docker/for-mac/issues/1374 or perhaps https://github.com/moby/moby/issues/15172.

There are multiple suggested solutions for both of these issues, I'm afraid the best I can do is suggest you try those and see what may or may not work for you. Both issues are still currently open so to the best of my knowledge there are no "official" solutions to the issue.

Hope this helps, I'll leave this issue open for now to make it easier for anyone experiencing similar issues to find, but at present I don't believe this to be a direct issue with the solution in this repo.

[qwitwa]

Thanks for the quick reply.

I'm not sure if those issues are related or not, but I think I'm about done trying to hack around the limitations of Docker For Mac; using docker inside Vagrant seems to be the way to go for my needs.

Maybe this issue was caused by some latent configuration weirdness from trying out other workarounds; it'd be interesting to see if anyone else can reproduce it reliably.

[mal]

I've finally managed to reproduce this. It seems to be related to the shadowing of the gateway IP in the linuxkit VM, but there doesn't appear a nice way around that. Giving the host another IP in the subnet seems to work some of the time, but not reliably as it can lead to a routing issue where the containers can see the host, but the host can't see them.

Not afraid to say I may be a little out of my depth here, and without a Mac to play about on passively I'll likely struggle to come up with a satisfactory solution to this.

Anecdotally some of my colleagues seeing this occasionally reported that rebooting the host solved the issue, and that raising the connection limit gave a longer period before the network became inaccessible. YMMV.

Any solutions to this issue would be welcome as pull requests.

[mahmoudimus]

Yeah, I'm definitely seeing this as well. It's very frustrating. @mal do you have a reproducible test case?

[mal]

I'm afraid not, I only managed to reproduce it in the sense that I saw the issue occur, I still don't know exactly what triggers it or how to go about fixing it.