You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm relatively new to Docker and networking, and I'm having an issue where requests to some external hosts from within a Docker container fail.
For example, when I run $ curl -v https://github.com, the request times out with the following error:
* Trying 140.82.121.4:443...
* Connected to github.com (140.82.121.4) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* Recv failure: Connection reset by peer
* OpenSSL SSL_connect: Connection reset by peer in connection to github.com:443
* Closing connection 0
curl: (35) Recv failure: Connection reset by peer
while requests to other hosts (google.com, apple.com) succeed.
One solution I found suggests lowering the MTU (link 1, link 2).
Running $ ip a | grep mtu returns
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
4: br-057b96d3de83: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
8: veth7261868@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-057b96d3de83 state UP group default
10: veth2f584f4@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-057b96d3de83 state UP group default
16: veth9c457f8@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-057b96d3de83 state UP group default
18: veth66d763f@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-057b96d3de83 state UP group default
The MTU value for docker0 and br- is higher than ens3's. I've found a way to set docker0's mtu to 1450 by overriding a value either in in /etc/docker/daemon.json or /lib/systemd/system/docker.service. However, the Kamal network still uses an MTU of 1500. Is there a way to set the MTU of the kamal bridge network to a lower value? Or could something else cause this issue?
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
45647e21c6a2 bridge bridge local
0123447ba8e8 host host local
057b96d3de83 kamal bridge local
66a66f821b25 none null local
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm relatively new to Docker and networking, and I'm having an issue where requests to some external hosts from within a Docker container fail.
For example, when I run
$ curl -v https://github.com, the request times out with the following error:while requests to other hosts (google.com, apple.com) succeed.
One solution I found suggests lowering the MTU (link 1, link 2).
Running
$ ip a | grep mtureturnsThe MTU value for
docker0andbr-is higher thanens3's. I've found a way to setdocker0's mtu to 1450 by overriding a value either in in/etc/docker/daemon.jsonor/lib/systemd/system/docker.service. However, the Kamal network still uses an MTU of 1500. Is there a way to set the MTU of the kamal bridge network to a lower value? Or could something else cause this issue?Beta Was this translation helpful? Give feedback.
All reactions