VMware NSX

Hi,

i am new to nsx and docker. I have the following question:

If i am using for example a ubuntu server with docker and install a tomcat, then i am able to open the defautl page of my tomcat container.

The VM is running on an standard vswitch on vSphere 6.7U2.

Now, if i move that vm or install a new vm on an different vSphere Cluster with own vCenter (same Version), i am not able to open the default tomcat website.

The only thing that is different, is the nsx part.

Insight NSX, i have an edge device connected to the switch and to the uplink. Thats the only thing that i have configured.

I try to change the docker network that is used for internal traffice (IP) because we are also using a 172. ip range. But that doesn´t help.

Update:

I was able to open the default tomcat website if i am insight the same switch (Network, subnet). But not from outside (different subnet).

Any help will be appreciated

Frank

Hello Frank,

if i am using for example a ubuntu server with docker and install a tomcat, then i am able to open the defautl page of my tomcat container.

The VM is running on an standard vswitch on vSphere 6.7U2.

May i know from were you are able to open the default web page successfully ? Is within the container VM or outside the VM  from same subnet or different subnet ?

Now, if i move that vm or install a new vm on an different vSphere Cluster with own vCenter (same Version), i am not able to open the default tomcat website.

The only thing that is different, is the nsx part.

Insight NSX, i have an edge device connected to the switch and to the uplink. Thats the only thing that i have configured.

I try to change the docker network that is used for internal traffice (IP) because we are also using a 172. ip range. But that doesn´t help.

How is your docker network configuration ? Is it running on default bridge and you have exposed any ports ? Do we have any overlay in the container network ? 

My suggestion would ensure VM external IP (which you are using for container traffic) is accessible in first place . So keep docker completely aside and check the connectivity for VM network connected to Edge . If that connectivity is successful , please revert with below points.

1. VM O/S model with iptables output (iptables -t nat -L -n)

2. Ifconfig output of Virtual machine with route -n output

3. VM network- Edge connectivity flow and routing protocol details(if routing is configured)

4. Destination network from which you are trying to access with the IP address and port details what you are using.

Hi,

i am able to open the default web page from an windows server insight the same subnet.

The docker host is able to ping an connect to our entire network. There is no issue what i see related to network connection.

I am not able to open the webpage for example from my own workstations. This workstation is on an different subnet and also not on the vmware cluster.

I am also able to login with ssh from my client into the server

I am using the default docker network bridge. And i expose only one  port with the option -p 8888:8080

It is an ubuntu 19.04 server.

The Firewall isn´t running.

Output of ufw status is inactive

iptables output

sudo iptables -t nat -L -n

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination

MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0

MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)

target     prot opt source               destination

RETURN     all  --  0.0.0.0/0            0.0.0.0/0

DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080

Thanks

Frank

Thanks for providing the config details of docker. Networking side of docker looks fine .

1. What IP address are you trying from workstation to access the web page ?

2. Can you also post ifconfig output of ubuntu machine ?

3. Iam also able to login with ssh from my client into the server - here the server you are referring is ubuntu machine ,is that correct ?

The issue was related to the bridge network. After creating a test network with a different ip range, the container runs as it should.

Thanks

Frank