You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I create a backend service with IPVS for a given container, other containers on the same bridge are unable to talk to this container. Reason is due to partially open TCP connection, since all traffic from and to the IPVS service is supposed to go through the host network namespace, but for container to container communication some of the traffic might get switched through the bridge itself.
Does gorb setup iptables SNAT to avoid this situation?
The text was updated successfully, but these errors were encountered:
Do you mean that adding a backend service with container's IP for an IPVS virtual service effectively blocks inter-container communications with that container?
I noticed, that IPVS doesn't work in separate namespace, i.e. when gorb container is created using --net mybridge. Then if I put backend containers to the same net and define service <gorb_container_ip>:80 -> [<backend_container_1_ip>:80, <backend_container_2_ip>:80], I got connection refused if I do nc -v <gorb_container_ip>:80.
Everything works as expected if I create gorb container with --net host.
I'm still not sure I understand the issue here. Are you trying to access an IPVS service from inside a container that is attached to the same bridge as one of the backends?
When I create a backend service with IPVS for a given container, other containers on the same bridge are unable to talk to this container. Reason is due to partially open TCP connection, since all traffic from and to the IPVS service is supposed to go through the host network namespace, but for container to container communication some of the traffic might get switched through the bridge itself.
Does gorb setup iptables SNAT to avoid this situation?
The text was updated successfully, but these errors were encountered: