Skip to content

Docker network leaves iptables entries after being removed. #18910

New issue
New issue
Closed
Closed
Docker network leaves iptables entries after being removed.#18910
Assignees
mavenugo
Labels
area/networkingNetworkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.priority/P1Important: P1 issues are a top priority and a must-have for the next release.
Milestone
1.10.0
@necto

Description

@necto
necto
opened on Dec 25, 2015

This may be connected to another networks issue #18901.
docker version:

Client:
 Version:      1.9.1
 API version:  1.21
 Go version:   go1.4.2
 Git commit:   a34a1d5
 Built:        Fri Nov 20 13:12:04 UTC 2015
 OS/Arch:      linux/amd64

Server:
 Version:      1.9.1
 API version:  1.21
 Go version:   go1.4.2
 Git commit:   a34a1d5
 Built:        Fri Nov 20 13:12:04 UTC 2015
 OS/Arch:      linux/amd64

docker info:

Containers: 0
Images: 6
Server Version: 1.9.1
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 6
 Dirperm1 Supported: false
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.13.0-35-generic
Operating System: Ubuntu 14.04.3 LTS
CPUs: 4
Total Memory: 7.676 GiB
Name: hermes
ID: K5FF:7DYK:R4CX:SYUC:EWJD:4BIO:DOOC:IWEL:3PZI:7HYD:DHKB:F6EP
WARNING: No swap limit support

uname -a:
Linux hermes 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

  1. In the beginning sudo iptables -L:

    Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination

  2. Execute docker network create A

  3. Execute docker network rm A

  4. Check again sudo iptables -L:

    Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (2 references)
target     prot opt source               destination

  5. In fact, if you do this many times:

for i in `seq 1 50`;
do
    docker network create N
    docker network rm N
done

Docker looses connectivity:
docker run -it --rm debian ping 8.8.8.8:

PING 8.8.8.8 (8.8.8.8): 56 data bytes
92 bytes from d986949dfb23 (172.17.0.1): Destination Host Unreachable
92 bytes from d986949dfb23 (172.17.0.1): Destination Host Unreachable
92 bytes from d986949dfb23 (172.17.0.1): Destination Host Unreachable

P.S. I have not figured out how to restore it yet. sudo iptables -F && sudo service docker restart does not help.

Metadata

Metadata

Assignees

Labels

area/networkingNetworkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.priority/P1Important: P1 issues are a top priority and a must-have for the next release.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions