Monday, January 28, 2019

docker containers on VM does not get the correct MTU

I noticed sometime ago the following issue with docker/LXD container on top of a VM hosted by OpenStack:

apt-get hangs when called within an LXD or docker container. 

For instance: $ docker run -it ubuntu bash 
# apt-get update 
0% [Waiting for headers] 

This only occurs in Ubuntu Xenial, not on Trusty or CentOS. 

There is an easy workaround based on iptables to clamp the MTU: 
$ sudo iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

if you use juju this is annoying since for example juju bootstrap fails.
App[arently it could be related to this issue:

On the LXD side there is also another workaround that can be applied to the machine hosting the LXD containers: 

"""
lxc profile device remove default <interface on the LXD bridge name>
lxc profile device add default  <interface on the LXD bridge name> nic nictype=bridged parent=lxdbr0 mtu=1400
"""


my 2 cents 

1 comment:

  1. pitty lines of code are unreadble (unless selecting them). Too much "art", forgetting the content. Cris(INFN)

    ReplyDelete