Cross machine containers not visible

rogeralsing · February 27, 2016, 9:46am

I have set up 2 CoreOS machines in Azure. both run the Rancher agent.
They are visible in the Rancher UI and I can deploy containers to it.

On one machine, I have deployed Ubuntu and linked it to a Http Service on the other machie.
The Ubuntu container can see the other machine, so the network seems correct so far.

$ ping cow1          <-- that is the other machine                                           
PING cow1.rogerrancher.a1.internal.cloudapp.net (192.168.0.6) 56(84) bytes of da
ta.                                                                             
64 bytes from 192.168.0.6: icmp_seq=1 ttl=63 time=6.96 ms

But it cannot see the http service, it fails with a message “No route to host”

$ ping httpservice    <-- that is the linked service on cow1

PING httpservice.rancher.internal (10.42.173.246) 56(84) bytes of data.         
From 10.42.151.125 icmp_seq=1 Destination Host Unreachable

The services runs with the default Rancher managed network (httpservice.rancher.internal (10.42.173.246) )

This is probably not at all related to Rancher but rather my lack of Linux knowledge.
But any pointers would be welcome here.

I have also set up the exact same topology locally but running RancherOS, and with this configuration, the linked containers can see eachother without any issues.

Is there something that RancherOS does that CoreOS don’t do out of the box when it comes to networking?

Anyone?

denise · February 29, 2016, 6:09am

Are UDP ports 500 and 4500 open so that the IP sec tunneling works?

http://docs.rancher.com/rancher/rancher-ui/infrastructure/hosts/custom/#security-groups-firewalls

sjiveson · March 1, 2016, 1:56pm

Hey,

It’s very likely Denise is correct. You can see if the IPsec tunnels are up or not by opening a shell to the Network Agent on each host and entering this command:

swanctl --list-sas

An established tunnel/SA looks something like this;

conn-remote_ip: #78, ESTABLISHED, IKEv2, a75bfed49d30557f:bfcb7f908683b271
  local  '172.17.0.2' @ 172.17.0.2
  remote '172.17.0.2' @ remote_ip
  AES_CBC-128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
  established 3919s ago, rekeying in 10412s
  child-remote_ip: #1, reqid 1234, INSTALLED, TUNNEL-in-UDP, ESP:AES_CBC-128
    installed 257976s ago
    in  c40bff09, 6824631634 bytes, 33586897 packets
    out c217eecc, 6111275912 bytes, 34117586 packets
    local  0.0.0.0/0
    remote 0.0.0.0/0

Topic		Replies	Views
Cross Host Networking Issues Rancher 1.x	3	1923	April 9, 2017
Nodes on the same subnet? Rancher 1.x	1	1231	January 14, 2018
No connection to linked services on other hosts Rancher 1.x	7	2758	January 4, 2016
Cross-host intercontainer communication trouble Rancher 1.x	27	12102	May 14, 2016
Cross Host network communication failure Rancher 1.x	9	4027	December 2, 2015

Cross machine containers not visible

Related topics