docker访问网站丢包故障
故障现象
docker的容器内部
#ping www.baidu.com
可以ping通
docker内部访问centos的镜像下载
#curl https://centos的镜像源。
超时
处理
- 查看系统的网络情况
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:89:df:d6 brd ff:ff:ff:ff:ff:ff
inet 172.20.41.85/24 brd 172.20.41.255 scope global dynamic eth0
valid_lft 31140sec preferred_lft 31140sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:ef:4f:b1:ed brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: br-837a6f78d738: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:5a:5c:d8:ff brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-837a6f78d738
valid_lft forever preferred_lft forever
这里的eth0的网络的mtu为1442,但是生成的docker0的网卡和br的网络都是1500
- 查看虚拟机的网络
root@9481f2fd8688:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.5/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
这里的docker的网卡的mtu为1500
这里会导致一个问题,docker的最大数据包为1500,但是eth0这边能处理的最大的mtu为1442.当docker发送一个1500的包的时候 超过了eth0的mtu,这时候eth0会丢弃这个包。最终导致超时
- 解决办法
修改docker的启动配置
# cat /etc/docker/daemon.json
{
"log-driver": "json-file",
"log-opts": {"max-size": "50m", "max-file": "3"},
"mtu": 1440
}
- 重启docker
systemctl restart docker
另外,docker-compose文件
networks:
default:
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1440