Skip to content

Instantly share code, notes, and snippets.

@deitch

deitch/01-source1-initial-state

Last active June 13, 2016 17:47
Show Gist options
  • Save deitch/b64da85ab1d700dabc0a662b72da154f to your computer and use it in GitHub Desktop.
Save deitch/b64da85ab1d700dabc0a662b72da154f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
01-source1-initial-state
[root@source1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@source1 ~]# docker network ls
NETWORK ID NAME DRIVER
14a1d4846055 bridge bridge
bb1d7812d0b3 docker_gwbridge bridge
438bc0b14dc7 host host
32a836950537 none null
[root@source1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ab:34 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ab:34 brd ff:ff:ff:ff:ff:ff
4: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 0c:c4:7a:18:ab:34 brd ff:ff:ff:ff:ff:ff
inet 147.75.199.15/31 brd 147.75.199.15 scope global team0
valid_lft forever preferred_lft forever
inet 10.99.101.129/31 brd 10.99.101.129 scope global team0:0
valid_lft forever preferred_lft forever
inet6 2604:1380:1:3c00::1/127 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ec4:7aff:fe18:ab34/64 scope link
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:1b:10:cc:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:1bff:fe10:cc6c/64 scope link
valid_lft forever preferred_lft forever
10: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
link/ether 6a:39:98:3f:80:f6 brd ff:ff:ff:ff:ff:ff
36: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:9e:a7:98:a3 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 scope global docker_gwbridge
valid_lft forever preferred_lft forever
inet6 fe80::42:9eff:fea7:98a3/64 scope link
valid_lft forever preferred_lft forever
[root@source1 ~]# ip ro
default via 147.75.199.14 dev team0
10.0.0.0/8 via 10.99.101.128 dev team0
10.99.101.128/31 dev team0 proto kernel scope link src 10.99.101.129
147.75.199.14/31 dev team0 proto kernel scope link src 147.75.199.15
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1
Raw
01-target1-initial-state
[root@target1 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@target1 ~]# docker network ls
NETWORK ID NAME DRIVER
03741d12fb84 bridge bridge
2c7eefefd55a docker_gwbridge bridge
cd5e6b3b0017 host host
4bc2ee78131f none null
[root@target1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ae:78 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ae:78 brd ff:ff:ff:ff:ff:ff
4: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 0c:c4:7a:18:ae:78 brd ff:ff:ff:ff:ff:ff
inet 147.75.199.63/31 brd 147.75.199.63 scope global team0
valid_lft forever preferred_lft forever
inet 10.99.101.131/31 brd 10.99.101.131 scope global team0:0
valid_lft forever preferred_lft forever
inet6 2604:1380:1:3c00::3/127 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c7f:c8ff:fea6:4e96/64 scope link
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:c0:a7:27:c8 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea7:27c8/64 scope link
valid_lft forever preferred_lft forever
10: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
link/ether 96:e1:61:36:4f:bd brd ff:ff:ff:ff:ff:ff
16: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:d9:ab:a7:16 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 scope global docker_gwbridge
valid_lft forever preferred_lft forever
inet6 fe80::42:d9ff:feab:a716/64 scope link
valid_lft forever preferred_lft forever
28: vethwg8b012@vethwl8b012: <BROADCAST,MULTICAST> mtu 1410 qdisc noop state DOWN
link/ether e6:95:1e:aa:d4:9a brd ff:ff:ff:ff:ff:ff
29: vethwl8b012@vethwg8b012: <NO-CARRIER,BROADCAST,MULTICAST,UP,M-DOWN> mtu 1410 qdisc noqueue state LOWERLAYERDOWN
link/ether fe:ab:ea:fa:15:5b brd ff:ff:ff:ff:ff:ff
inet6 fe80::fcab:eaff:fefa:155b/64 scope link
valid_lft forever preferred_lft forever
[root@target1 ~]# ip ro
default via 147.75.199.62 dev team0 proto static metric 350
10.0.0.0/8 via 10.99.101.130 dev team0 proto static metric 350
10.99.101.130/31 dev team0 proto kernel scope link src 10.99.101.131 metric 350
147.75.199.62/31 dev team0 proto kernel scope link src 147.75.199.63 metric 350
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1
Raw
02-source1-start-weave
[root@source1 ~]# WEAVE_NO_FASTDP=true weave launch --ipalloc-range 192.168.0.0/16 10.99.101.131
WARNING: existing iptables rule
'-A FORWARD -j REJECT --reject-with icmp-host-prohibited'
will block name resolution via weaveDNS - please reconfigure your firewall.
# after start on both hosts:
[root@source1 ~]# weave status
Version: 1.5.2 (up to date; next check at 2016/06/10 20:22:23)
Service: router
Protocol: weave 1..2
Name: 96:09:be:8a:53:0f(source1)
Encryption: disabled
PeerDiscovery: enabled
Targets: 1
Connections: 1 (1 established)
Peers: 2 (with 2 established connections)
TrustedSubnets: none
Service: ipam
Status: idle
Range: 192.168.0.0-192.168.255.255
DefaultSubnet: 192.168.0.0/16
Service: dns
Domain: weave.local.
Upstream: 147.75.207.207, 8.8.8.8, 8.8.4.4
TTL: 1
Entries: 0
Service: proxy
Address: unix:///var/run/weave/weave.sock
Service: plugin
DriverName: weave
[root@source1 ~]# weave status peers
96:09:be:8a:53:0f(source1)
<- 10.99.101.131:35086 6a:2d:57:e1:77:e2(target1) established
6a:2d:57:e1:77:e2(target1)
-> 10.99.101.129:6783 96:09:be:8a:53:0f(source1) established
[root@source1 ~]# weave status connections
<- 10.99.101.131:35086 established sleeve 6a:2d:57:e1:77:e2(target1)
Raw
02-target1-start-weave
[root@target1 ~]# WEAVE_NO_FASTDP=true weave launch --ipalloc-range 192.168.0.0/16 10.99.101.129
WARNING: existing iptables rule
'-A FORWARD -j REJECT --reject-with icmp-host-prohibited'
will block name resolution via weaveDNS - please reconfigure your firewall.
# after start on both hosts:
[root@target1 ~]# weave status
Version: 1.5.2 (up to date; next check at 2016/06/10 19:06:02)
Service: router
Protocol: weave 1..2
Name: 6a:2d:57:e1:77:e2(target1)
Encryption: disabled
PeerDiscovery: enabled
Targets: 1
Connections: 1 (1 established)
Peers: 2 (with 2 established connections)
TrustedSubnets: none
Service: ipam
Status: idle
Range: 192.168.0.0-192.168.255.255
DefaultSubnet: 192.168.0.0/16
Service: dns
Domain: weave.local.
Upstream: 147.75.207.207, 8.8.8.8, 8.8.4.4
TTL: 1
Entries: 0
Service: proxy
Address: unix:///var/run/weave/weave.sock
Service: plugin
DriverName: weave
[root@target1 ~]# weave status peers
6a:2d:57:e1:77:e2(target1)
-> 10.99.101.129:6783 96:09:be:8a:53:0f(source1) established
96:09:be:8a:53:0f(source1)
<- 10.99.101.131:35086 6a:2d:57:e1:77:e2(target1) established
[root@target1 ~]# weave status connections
-> 10.99.101.129:6783 established sleeve 96:09:be:8a:53:0f(source1)
Raw
03-source1-start-container
# netperf is just an alpine container with netperf added
[root@source1 ~]# docker run -it --rm --net=weave netperf sh
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
60: ethwe0@if61: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 65535 qdisc noqueue state UP
link/ether 62:47:be:3e:98:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.128.0/16 scope global ethwe0
valid_lft forever preferred_lft forever
inet6 fe80::6047:beff:fe3e:9852/64 scope link
valid_lft forever preferred_lft forever
62: eth1@if63: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe12:2/64 scope link
valid_lft forever preferred_lft forever
/ # ip ro
default via 172.18.0.1 dev eth1
172.18.0.0/16 dev eth1 src 172.18.0.2
192.168.0.0/16 dev ethwe0 src 192.168.128.0
224.0.0.0/4 dev ethwe0
Raw
03-target1-start-container
[root@target1 ~]# docker run -it --rm --net=weave netperf sh
/ # netserver -p 7002
Starting netserver with host 'IN(6)ADDR_ANY' port '7002' and family AF_UNSPEC
/ # ps -ef | grep netserver
7 root 0:00 netserver -p 7002
9 root 0:00 grep netserver
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
96: ethwe0@if97: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 65535 qdisc noqueue state UP
link/ether ee:a3:49:ad:0a:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/16 scope global ethwe0
valid_lft forever preferred_lft forever
inet6 fe80::eca3:49ff:fead:a20/64 scope link
valid_lft forever preferred_lft forever
98: eth1@if99: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe12:2/64 scope link
valid_lft forever preferred_lft forever
/ # ip ro
default via 172.18.0.1 dev eth1
172.18.0.0/16 dev eth1 src 172.18.0.2
192.168.0.0/16 dev ethwe0 src 192.168.0.1
224.0.0.0/4 dev ethwe0
Raw
04-source1-ping-test
/ # ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: seq=0 ttl=64 time=1.880 ms
64 bytes from 192.168.0.1: seq=1 ttl=64 time=1.346 ms
^C
--- 192.168.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.346/1.613/1.880 ms
# LOOKS GOOD
Raw
04-target1-ping-test
/ # ping 192.168.128.0
PING 192.168.128.0 (192.168.128.0): 56 data bytes
64 bytes from 192.168.128.0: seq=0 ttl=64 time=1.357 ms
64 bytes from 192.168.128.0: seq=1 ttl=64 time=1.127 ms
64 bytes from 192.168.128.0: seq=2 ttl=64 time=1.253 ms
^C
--- 192.168.128.0 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.127/1.245/1.357 ms
# LOOKS GOOD
Raw
05-source1-telnet-test
/ # netperf -H 192.168.0.1 -l -50 -v 2 -t UDP_RR -p 7002 -- -r 300,300 -P 7004,7003
^C
/ # netperf -H 192.168.0.1 -l -50 -v 2 -t TCP_RR -p 7002 -- -r 300,300 -P 7004,7003
^C
# BOTH FAIL
Raw
05-target1-other-container-telnet-test
[root@target1 ~]# docker run -it --net=weave --rm netperf sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
100: ethwe0@if101: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 65535 qdisc noqueue state UP
link/ether 1a:72:f4:69:9a:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/16 scope global ethwe0
valid_lft forever preferred_lft forever
inet6 fe80::1872:f4ff:fe69:9ab6/64 scope link
valid_lft forever preferred_lft forever
102: eth1@if103: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.3/16 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe12:3/64 scope link
valid_lft forever preferred_lft forever
/ # netperf -H 192.168.0.1 -l -50 -v 2 -t UDP_RR -p 7002 -- -r 300,300 -P 7004,7003
MIGRATED UDP REQUEST/RESPONSE TEST from 0.0.0.0 (0.0.0.0) port 7004 AF_INET to 192.168.0.1 (192.168) port 7003 AF_INET : first burst 0
Local /Remote
Socket Size Request Resp. Elapsed Trans.
Send Recv Size Size Time Rate
bytes Bytes bytes bytes secs. per sec
212992 212992 300 300 0.00 17642.91
212992 212992
/ # netperf -H 192.168.0.1 -l -50 -v 2 -t TCP_RR -p 7002 -- -r 300,300 -P 7004,7003
MIGRATED TCP REQUEST/RESPONSE TEST from 0.0.0.0 (0.0.0.0) port 7004 AF_INET to 192.168.0.1 (192.168) port 7003 AF_INET : first burst 0
Local /Remote
Socket Size Request Resp. Elapsed Trans.
Send Recv Size Size Time Rate
bytes Bytes bytes bytes secs. per sec
87380 87380 300 300 0.00 17966.22
87380 87380
Alignment Offset RoundTrip Trans Throughput
Local Remote Local Remote Latency Rate 10^6bits/s
Send Recv Send Recv usec/Tran per sec Outbound Inbound
8 0 0 0 55.660 17966.223 43.119 43.119
# WORKS FINE FROM OTHER CONTAINER ON SAME HOST
Raw
05-target1-telnet-test
/ # netperf -H 192.168.0.1 -l -50 -v 2 -t TCP_RR -p 7002 -- -r 300,300 -P 7004,7003
MIGRATED TCP REQUEST/RESPONSE TEST from 0.0.0.0 (0.0.0.0) port 7004 AF_INET to 192.168.0.1 (192.168) port 7003 AF_INET : first burst 0
Local /Remote
Socket Size Request Resp. Elapsed Trans.
Send Recv Size Size Time Rate
bytes Bytes bytes bytes secs. per sec
87380 87380 300 300 0.00 18968.13
87380 87380
Alignment Offset RoundTrip Trans Throughput
Local Remote Local Remote Latency Rate 10^6bits/s
Send Recv Send Recv usec/Tran per sec Outbound Inbound
8 0 0 0 52.720 18968.133 45.524 45.524
# WORKS FINE FROM WITHIN SAME CONTAINER
Raw
06-source1-docker-logs-weave
[root@source1 ~]# docker logs weave
INFO: 2016/06/10 14:04:28.870080 Command line options: map[iface:vethwe-pcap ipalloc-range:192.168.0.0/16 name:96:09:be:8a:53:0f nickname:source1 port:6783 dns-effective-listen-address:172.17.0.1 dns-listen-address:172.17.0.1:53 http-addr:127.0.0.1:6784]
INFO: 2016/06/10 14:04:28.900620 Communication between peers is unencrypted.
INFO: 2016/06/10 14:04:28.902171 Our name is 96:09:be:8a:53:0f(source1)
INFO: 2016/06/10 14:04:28.902187 Initial set of peers: [10.99.101.131]
INFO: 2016/06/10 14:04:28.902903 Docker API on unix:///var/run/docker.sock: &[Os=linux Arch=amd64 KernelVersion=3.10.0-327.18.2.el7.x86_64 BuildTime=2016-06-01T21:23:11.279703501+00:00 Version=1.11.2 ApiVersion=1.23 GitCommit=b9f10c9 GoVersion=go1.5.4]
INFO: 2016/06/10 14:04:28.902948 [allocator 96:09:be:8a:53:0f] No valid persisted data
INFO: 2016/06/10 14:04:28.904231 [allocator 96:09:be:8a:53:0f] Initialising via deferred consensus
INFO: 2016/06/10 14:04:28.904742 Listening for DNS queries on 172.17.0.1
INFO: 2016/06/10 14:04:28.904768 Sniffing traffic on vethwe-pcap (via pcap)
INFO: 2016/06/10 14:04:28.922304 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:04:28.922694 Listening for HTTP control messages on 127.0.0.1:6784
INFO: 2016/06/10 14:04:28.922839 ->[10.99.101.131:6783] error during connection attempt: dial tcp4 :0->10.99.101.131:6783: getsockopt: connection refused
INFO: 2016/06/10 14:04:29.232464 Discovered local MAC 96:09:be:8a:53:0f
INFO: 2016/06/10 14:04:29.610457 Discovered local MAC b2:a7:ae:6c:47:b0
INFO: 2016/06/10 14:04:31.639976 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:04:31.640716 ->[10.99.101.131:6783] error during connection attempt: dial tcp4 :0->10.99.101.131:6783: getsockopt: connection refused
INFO: 2016/06/10 14:04:35.275521 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:04:35.276101 ->[10.99.101.131:6783] error during connection attempt: dial tcp4 :0->10.99.101.131:6783: getsockopt: connection refused
INFO: 2016/06/10 14:04:40.338243 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:04:40.338924 ->[10.99.101.131:6783] error during connection attempt: dial tcp4 :0->10.99.101.131:6783: getsockopt: connection refused
INFO: 2016/06/10 14:04:44.294344 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:04:44.295090 ->[10.99.101.131:6783] error during connection attempt: dial tcp4 :0->10.99.101.131:6783: getsockopt: connection refused
INFO: 2016/06/10 14:04:52.905577 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:04:52.906302 ->[10.99.101.131:6783] error during connection attempt: dial tcp4 :0->10.99.101.131:6783: getsockopt: connection refused
INFO: 2016/06/10 14:05:07.372922 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:05:07.373568 ->[10.99.101.131:6783] error during connection attempt: dial tcp4 :0->10.99.101.131:6783: getsockopt: connection refused
INFO: 2016/06/10 14:05:19.452189 ->[10.99.101.131:35086] connection accepted
2016/06/10 14:05:19 ->[10.99.101.131:35086|6a:2d:57:e1:77:e2(target1)]: connection ready; using protocol version 2
INFO: 2016/06/10 14:05:19.453777 overlay_switch ->[6a:2d:57:e1:77:e2(target1)] using sleeve
2016/06/10 14:05:19 ->[10.99.101.131:35086|6a:2d:57:e1:77:e2(target1)]: connection added (new peer)
2016/06/10 14:05:19 ->[10.99.101.131:35086|6a:2d:57:e1:77:e2(target1)]: connection fully established
INFO: 2016/06/10 14:05:19.956358 EMSGSIZE on send, expecting PMTU update (IP packet was 60028 bytes, payload was 60020 bytes)
INFO: 2016/06/10 14:05:19.956942 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: Effective MTU verified at 1438
INFO: 2016/06/10 14:05:20.109117 Discovered remote MAC 6a:2d:57:e1:77:e2 at 6a:2d:57:e1:77:e2(target1)
INFO: 2016/06/10 14:05:20.708884 Discovered remote MAC 6e:d8:91:9a:77:f3 at 6a:2d:57:e1:77:e2(target1)
INFO: 2016/06/10 14:08:14.951066 Discovered remote MAC ee:a3:49:ad:0a:20 at 6a:2d:57:e1:77:e2(target1)
INFO: 2016/06/10 14:08:20.960504 Discovered local MAC 62:47:be:3e:98:52
INFO: 2016/06/10 14:08:20.991330 [nameserver 96:09:be:8a:53:0f] Ignoring registration 99cd1d0b0331. 192.168.128.0 99cd1d0b0331c7082860d28f3b49a077692bf64b9085720292aed87e4e060728 (not a subdomain of weave.local.)
INFO: 2016/06/10 14:14:36.148590 Discovered remote MAC 1a:72:f4:69:9a:b6 at 6a:2d:57:e1:77:e2(target1)
INFO: 2016/06/10 14:15:28.904090 Expired MAC 96:09:be:8a:53:0f at 96:09:be:8a:53:0f(source1)
INFO: 2016/06/10 14:15:28.904139 Expired MAC b2:a7:ae:6c:47:b0 at 96:09:be:8a:53:0f(source1)
INFO: 2016/06/10 14:15:28.904157 Expired MAC 6a:2d:57:e1:77:e2 at 6a:2d:57:e1:77:e2(target1)
INFO: 2016/06/10 14:15:28.904173 Expired MAC 6e:d8:91:9a:77:f3 at 6a:2d:57:e1:77:e2(target1)
Raw
06-target1-docker-logs-weave
[root@target1 ~]# docker logs weave
INFO: 2016/06/10 14:05:18.604750 Command line options: map[ipalloc-range:192.168.0.0/16 name:6a:2d:57:e1:77:e2 nickname:target1 port:6783 dns-effective-listen-address:172.17.0.1 dns-listen-address:172.17.0.1:53 http-addr:127.0.0.1:6784 iface:vethwe-pcap]
INFO: 2016/06/10 14:05:18.626049 Communication between peers is unencrypted.
INFO: 2016/06/10 14:05:18.628406 Our name is 6a:2d:57:e1:77:e2(target1)
INFO: 2016/06/10 14:05:18.628427 Initial set of peers: [10.99.101.129]
INFO: 2016/06/10 14:05:18.629092 Docker API on unix:///var/run/docker.sock: &[Os=linux Arch=amd64 KernelVersion=3.10.0-327.18.2.el7.x86_64 BuildTime=2016-06-01T21:23:11.279703501+00:00 Version=1.11.2 ApiVersion=1.23 GitCommit=b9f10c9 GoVersion=go1.5.4]
INFO: 2016/06/10 14:05:18.629145 [allocator 6a:2d:57:e1:77:e2] No valid persisted data
INFO: 2016/06/10 14:05:18.629899 [allocator 6a:2d:57:e1:77:e2] Initialising via deferred consensus
INFO: 2016/06/10 14:05:18.630437 Listening for DNS queries on 172.17.0.1
INFO: 2016/06/10 14:05:18.630467 Sniffing traffic on vethwe-pcap (via pcap)
INFO: 2016/06/10 14:05:18.644698 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:05:18.645024 Listening for HTTP control messages on 127.0.0.1:6784
2016/06/10 14:05:18 ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: connection ready; using protocol version 2
INFO: 2016/06/10 14:05:18.646786 overlay_switch ->[96:09:be:8a:53:0f(source1)] using sleeve
2016/06/10 14:05:18 ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: connection added (new peer)
INFO: 2016/06/10 14:05:18.898881 Discovered local MAC 6e:d8:91:9a:77:f3
INFO: 2016/06/10 14:05:19.141840 Discovered local MAC 6a:2d:57:e1:77:e2
INFO: 2016/06/10 14:05:19.148036 EMSGSIZE on send, expecting PMTU update (IP packet was 60028 bytes, payload was 60020 bytes)
2016/06/10 14:05:19 ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: connection fully established
INFO: 2016/06/10 14:05:19.148595 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: Effective MTU verified at 1438
INFO: 2016/06/10 14:08:14.058750 Assuming quorum size of 2
INFO: 2016/06/10 14:08:14.141871 Discovered local MAC ee:a3:49:ad:0a:20
INFO: 2016/06/10 14:08:14.171416 [nameserver 6a:2d:57:e1:77:e2] Ignoring registration 98d8e087f8e8. 192.168.0.1 98d8e087f8e860286b12c8d136d1bb01d524e21fade6dd138f2bd605de1ca746 (not a subdomain of weave.local.)
INFO: 2016/06/10 14:08:20.152239 Discovered remote MAC 62:47:be:3e:98:52 at 96:09:be:8a:53:0f(source1)
INFO: 2016/06/10 14:14:35.334903 Discovered local MAC 1a:72:f4:69:9a:b6
INFO: 2016/06/10 14:14:35.369041 [nameserver 6a:2d:57:e1:77:e2] Ignoring registration 566751ae5dfe. 192.168.0.2 566751ae5dfe4a60c749bbc751a1fc25b89408cc09978475964a675394efd007 (not a subdomain of weave.local.)
Raw
07-source1-status-after-start-containers
[root@source1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ab:34 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ab:34 brd ff:ff:ff:ff:ff:ff
4: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 0c:c4:7a:18:ab:34 brd ff:ff:ff:ff:ff:ff
inet 147.75.199.15/31 brd 147.75.199.15 scope global team0
valid_lft forever preferred_lft forever
inet 10.99.101.129/31 brd 10.99.101.129 scope global team0:0
valid_lft forever preferred_lft forever
inet6 2604:1380:1:3c00::1/127 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ec4:7aff:fe18:ab34/64 scope link
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:1b:10:cc:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:1bff:fe10:cc6c/64 scope link
valid_lft forever preferred_lft forever
10: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
link/ether 6a:39:98:3f:80:f6 brd ff:ff:ff:ff:ff:ff
36: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:9e:a7:98:a3 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 scope global docker_gwbridge
valid_lft forever preferred_lft forever
inet6 fe80::42:9eff:fea7:98a3/64 scope link
valid_lft forever preferred_lft forever
56: weave: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc noqueue state UP
link/ether 96:09:be:8a:53:0f brd ff:ff:ff:ff:ff:ff
inet6 fe80::9409:beff:fe8a:530f/64 scope link
valid_lft forever preferred_lft forever
58: vethwe-pcap@vethwe-bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc pfifo_fast state UP qlen 1000
link/ether 8e:cd:02:ed:40:25 brd ff:ff:ff:ff:ff:ff
inet6 fe80::8ccd:2ff:feed:4025/64 scope link
valid_lft forever preferred_lft forever
59: vethwe-bridge@vethwe-pcap: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc pfifo_fast master weave state UP qlen 1000
link/ether b2:a7:ae:6c:47:b0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b0a7:aeff:fe6c:47b0/64 scope link
valid_lft forever preferred_lft forever
61: vethwl7777a@if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc noqueue master weave state UP
link/ether 9e:de:33:f7:17:74 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::9cde:33ff:fef7:1774/64 scope link
valid_lft forever preferred_lft forever
63: veth1a9332b@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP
link/ether 3a:8f:c9:8b:cb:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::388f:c9ff:fe8b:cbf1/64 scope link
valid_lft forever preferred_lft forever
[root@source1 ~]# ip ro
default via 147.75.199.14 dev team0
10.0.0.0/8 via 10.99.101.128 dev team0
10.99.101.128/31 dev team0 proto kernel scope link src 10.99.101.129
147.75.199.14/31 dev team0 proto kernel scope link src 147.75.199.15
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1
Raw
07-target1-status-after-start-containers
[root@target1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ae:78 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master team0 state UP qlen 1000
link/ether 0c:c4:7a:18:ae:78 brd ff:ff:ff:ff:ff:ff
4: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 0c:c4:7a:18:ae:78 brd ff:ff:ff:ff:ff:ff
inet 147.75.199.63/31 brd 147.75.199.63 scope global team0
valid_lft forever preferred_lft forever
inet 10.99.101.131/31 brd 10.99.101.131 scope global team0:0
valid_lft forever preferred_lft forever
inet6 2604:1380:1:3c00::3/127 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c7f:c8ff:fea6:4e96/64 scope link
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:c0:a7:27:c8 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea7:27c8/64 scope link
valid_lft forever preferred_lft forever
10: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
link/ether 96:e1:61:36:4f:bd brd ff:ff:ff:ff:ff:ff
16: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:d9:ab:a7:16 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 scope global docker_gwbridge
valid_lft forever preferred_lft forever
inet6 fe80::42:d9ff:feab:a716/64 scope link
valid_lft forever preferred_lft forever
28: vethwg8b012@vethwl8b012: <BROADCAST,MULTICAST> mtu 1410 qdisc noop state DOWN
link/ether e6:95:1e:aa:d4:9a brd ff:ff:ff:ff:ff:ff
29: vethwl8b012@vethwg8b012: <NO-CARRIER,BROADCAST,MULTICAST,UP,M-DOWN> mtu 1410 qdisc noqueue state LOWERLAYERDOWN
link/ether fe:ab:ea:fa:15:5b brd ff:ff:ff:ff:ff:ff
inet6 fe80::fcab:eaff:fefa:155b/64 scope link
valid_lft forever preferred_lft forever
92: weave: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc noqueue state UP
link/ether 6a:2d:57:e1:77:e2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::682d:57ff:fee1:77e2/64 scope link
valid_lft forever preferred_lft forever
94: vethwe-pcap@vethwe-bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc pfifo_fast state UP qlen 1000
link/ether 2a:7e:bf:3b:06:75 brd ff:ff:ff:ff:ff:ff
inet6 fe80::287e:bfff:fe3b:675/64 scope link
valid_lft forever preferred_lft forever
95: vethwe-bridge@vethwe-pcap: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc pfifo_fast master weave state UP qlen 1000
link/ether 6e:d8:91:9a:77:f3 brd ff:ff:ff:ff:ff:ff
inet6 fe80::6cd8:91ff:fe9a:77f3/64 scope link
valid_lft forever preferred_lft forever
97: vethwlbde20@if96: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65535 qdisc noqueue master weave state UP
link/ether 4e:41:ec:94:fe:ad brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::4c41:ecff:fe94:fead/64 scope link
valid_lft forever preferred_lft forever
99: veth04ba03a@if98: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP
link/ether 8e:3e:76:6d:d6:88 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::8c3e:76ff:fe6d:d688/64 scope link
valid_lft forever preferred_lft forever
[root@target1 ~]# ip ro
default via 147.75.199.62 dev team0 proto static metric 350
10.0.0.0/8 via 10.99.101.130 dev team0 proto static metric 350
10.99.101.130/31 dev team0 proto kernel scope link src 10.99.101.131 metric 350
147.75.199.62/31 dev team0 proto kernel scope link src 147.75.199.63 metric 350
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1
Raw
08-source1-docker-logs-weave-with-debug
INFO: 2016/06/10 14:23:04.646854 Command line options: map[dns-effective-listen-address:172.17.0.1 log-level:debug name:96:09:be:8a:53:0f nickname:source1 port:6783 dns-listen-address:172.17.0.1:53 http-addr:127.0.0.1:6784 iface:vethwe-pcap ipalloc-range:192.168.0.0/16]
INFO: 2016/06/10 14:23:04.668783 Communication between peers is unencrypted.
INFO: 2016/06/10 14:23:04.670297 Our name is 96:09:be:8a:53:0f(source1)
INFO: 2016/06/10 14:23:04.670313 Initial set of peers: [10.99.101.131]
INFO: 2016/06/10 14:23:04.671179 Docker API on unix:///var/run/docker.sock: &[Arch=amd64 KernelVersion=3.10.0-327.18.2.el7.x86_64 BuildTime=2016-06-01T21:23:11.279703501+00:00 Version=1.11.2 ApiVersion=1.23 GitCommit=b9f10c9 GoVersion=go1.5.4 Os=linux]
INFO: 2016/06/10 14:23:04.671261 [allocator 96:09:be:8a:53:0f] No valid persisted data
INFO: 2016/06/10 14:23:04.672084 [allocator 96:09:be:8a:53:0f] Initialising via deferred consensus
INFO: 2016/06/10 14:23:04.672646 Listening for DNS queries on 172.17.0.1
INFO: 2016/06/10 14:23:04.672666 Sniffing traffic on vethwe-pcap (via pcap)
INFO: 2016/06/10 14:23:04.690399 ->[10.99.101.131:6783] attempting connection
INFO: 2016/06/10 14:23:04.690849 Listening for HTTP control messages on 127.0.0.1:6784
2016/06/10 14:23:04 ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: connection ready; using protocol version 2
INFO: 2016/06/10 14:23:04.692410 overlay_switch ->[6a:2d:57:e1:77:e2(target1)] using sleeve
2016/06/10 14:23:04 ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: connection added (new peer)
DEBU: 2016/06/10 14:23:04.692504 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: Confirm
DEBU: 2016/06/10 14:23:04.692535 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: confirmed
DEBU: 2016/06/10 14:23:04.692546 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:04.695088 [allocator 96:09:be:8a:53:0f]: Allocator.OnGossip: 607 bytes
DEBU: 2016/06/10 14:23:04.697602 [allocator 96:09:be:8a:53:0f]: OnGossipBroadcast from 6a:2d:57:e1:77:e2 : 733 bytes
DEBU: 2016/06/10 14:23:04.703308 [allocator 96:09:be:8a:53:0f]: OnGossipBroadcast from 6a:2d:57:e1:77:e2 : 646 bytes
INFO: 2016/06/10 14:23:05.092472 Discovered local MAC 9e:75:f9:61:72:fa
INFO: 2016/06/10 14:23:05.186463 Discovered local MAC 96:09:be:8a:53:0f
DEBU: 2016/06/10 14:23:05.192747 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:05.193461 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeatAck
DEBU: 2016/06/10 14:23:05.193479 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendFragTest
INFO: 2016/06/10 14:23:05.193648 EMSGSIZE on send, expecting PMTU update (IP packet was 60028 bytes, payload was 60020 bytes)
DEBU: 2016/06/10 14:23:05.193663 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendMTUTest: mtu candidate 1438
2016/06/10 14:23:05 ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: connection fully established
DEBU: 2016/06/10 14:23:05.193685 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:05.194302 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleMTUTestAck: for mtu candidate 1438
DEBU: 2016/06/10 14:23:05.194315 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: searchMTU: 1438 1439
INFO: 2016/06/10 14:23:05.194336 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: Effective MTU verified at 1438
DEBU: 2016/06/10 14:23:05.194488 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleFragTestAck
INFO: 2016/06/10 14:23:05.527602 Discovered remote MAC 5a:0c:3e:3f:f4:09 at 6a:2d:57:e1:77:e2(target1)
DEBU: 2016/06/10 14:23:15.193718 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:15.194780 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:19.123219 [allocator 96:09:be:8a:53:0f]: Allocator.OnGossip: 646 bytes
DEBU: 2016/06/10 14:23:25.194013 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:25.195061 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:35.194315 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:35.195450 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:45.194493 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:45.195656 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:49.124117 [allocator 96:09:be:8a:53:0f]: Allocator.OnGossip: 646 bytes
DEBU: 2016/06/10 14:23:49.593992 [allocator 96:09:be:8a:53:0f]: Allocated 192.168.128.0 for 192.168.128.0 in 192.168.0.0/16
DEBU: 2016/06/10 14:23:55.194867 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:55.196116 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
INFO: 2016/06/10 14:23:55.719483 Discovered local MAC c2:c4:fc:33:cf:62
INFO: 2016/06/10 14:23:55.763407 [nameserver 96:09:be:8a:53:0f] Ignoring registration c920992400e4. 192.168.128.0 c920992400e48778e2b0d562ebabfa6863cd2231894c1a0cca6e14c26f7a372b (not a subdomain of weave.local.)
DEBU: 2016/06/10 14:24:05.195195 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:05.196325 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:15.195540 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:15.196697 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:19.124262 [allocator 96:09:be:8a:53:0f]: Allocator.OnGossip: 648 bytes
DEBU: 2016/06/10 14:24:25.195851 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:25.197076 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:35.196276 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:35.197391 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:45.196576 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:45.197645 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:49.124817 [allocator 96:09:be:8a:53:0f]: Allocator.OnGossip: 648 bytes
DEBU: 2016/06/10 14:24:55.196775 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:55.197817 sleeve ->[10.99.101.131:6783|6a:2d:57:e1:77:e2(target1)]: handleHeartbeat
Raw
08-target1-docker-logs-weave-with-debug
[root@target1 ~]# docker logs -f weave
INFO: 2016/06/10 14:22:18.273647 Command line options: map[dns-effective-listen-address:172.17.0.1 log-level:debug name:6a:2d:57:e1:77:e2 port:6783 dns-listen-address:172.17.0.1:53 http-addr:127.0.0.1:6784 iface:vethwe-pcap ipalloc-range:192.168.0.0/16 nickname:target1]
INFO: 2016/06/10 14:22:18.301114 Communication between peers is unencrypted.
INFO: 2016/06/10 14:22:18.302615 Our name is 6a:2d:57:e1:77:e2(target1)
INFO: 2016/06/10 14:22:18.302634 Initial set of peers: [10.99.101.129]
INFO: 2016/06/10 14:22:18.303351 Docker API on unix:///var/run/docker.sock: &[BuildTime=2016-06-01T21:23:11.279703501+00:00 Version=1.11.2 ApiVersion=1.23 GitCommit=b9f10c9 GoVersion=go1.5.4 Os=linux Arch=amd64 KernelVersion=3.10.0-327.18.2.el7.x86_64]
INFO: 2016/06/10 14:22:18.303395 [allocator 6a:2d:57:e1:77:e2] No valid persisted data
INFO: 2016/06/10 14:22:18.304149 [allocator 6a:2d:57:e1:77:e2] Initialising via deferred consensus
INFO: 2016/06/10 14:22:18.304672 Listening for DNS queries on 172.17.0.1
INFO: 2016/06/10 14:22:18.304692 Sniffing traffic on vethwe-pcap (via pcap)
INFO: 2016/06/10 14:22:18.326819 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:22:18.327159 Listening for HTTP control messages on 127.0.0.1:6784
INFO: 2016/06/10 14:22:18.327172 ->[10.99.101.129:6783] error during connection attempt: dial tcp4 :0->10.99.101.129:6783: getsockopt: connection refused
INFO: 2016/06/10 14:22:18.909897 Discovered local MAC 6a:2d:57:e1:77:e2
INFO: 2016/06/10 14:22:18.979842 Discovered local MAC c6:bf:73:ef:84:00
INFO: 2016/06/10 14:22:20.625616 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:22:20.626018 ->[10.99.101.129:6783] error during connection attempt: dial tcp4 :0->10.99.101.129:6783: getsockopt: connection refused
INFO: 2016/06/10 14:22:22.216507 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:22:22.216948 ->[10.99.101.129:6783] error during connection attempt: dial tcp4 :0->10.99.101.129:6783: getsockopt: connection refused
INFO: 2016/06/10 14:22:27.425898 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:22:27.426638 ->[10.99.101.129:6783] error during connection attempt: dial tcp4 :0->10.99.101.129:6783: getsockopt: connection refused
INFO: 2016/06/10 14:22:31.505414 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:22:31.506154 ->[10.99.101.129:6783] error during connection attempt: dial tcp4 :0->10.99.101.129:6783: getsockopt: connection refused
INFO: 2016/06/10 14:22:31.950987 Assuming quorum size of 2
DEBU: 2016/06/10 14:22:31.951031 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
DEBU: 2016/06/10 14:22:33.304411 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
DEBU: 2016/06/10 14:22:38.304490 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
INFO: 2016/06/10 14:22:42.438363 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:22:42.439129 ->[10.99.101.129:6783] error during connection attempt: dial tcp4 :0->10.99.101.129:6783: getsockopt: connection refused
DEBU: 2016/06/10 14:22:43.304477 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
DEBU: 2016/06/10 14:22:48.304437 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
DEBU: 2016/06/10 14:22:53.304476 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
DEBU: 2016/06/10 14:22:58.304467 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
INFO: 2016/06/10 14:23:00.176405 ->[10.99.101.129:6783] attempting connection
INFO: 2016/06/10 14:23:00.176930 ->[10.99.101.129:6783] error during connection attempt: dial tcp4 :0->10.99.101.129:6783: getsockopt: connection refused
DEBU: 2016/06/10 14:23:03.304399 [allocator 6a:2d:57:e1:77:e2] Paxos proposing
INFO: 2016/06/10 14:23:03.872075 ->[10.99.101.129:53327] connection accepted
2016/06/10 14:23:03 ->[10.99.101.129:53327|96:09:be:8a:53:0f(source1)]: connection ready; using protocol version 2
INFO: 2016/06/10 14:23:03.873442 overlay_switch ->[96:09:be:8a:53:0f(source1)] using sleeve
2016/06/10 14:23:03 ->[10.99.101.129:53327|96:09:be:8a:53:0f(source1)]: connection added (new peer)
DEBU: 2016/06/10 14:23:03.873785 sleeve ->[<nil>|96:09:be:8a:53:0f(source1)]: Confirm
DEBU: 2016/06/10 14:23:03.874069 sleeve ->[<nil>|96:09:be:8a:53:0f(source1)]: confirmed
DEBU: 2016/06/10 14:23:03.876580 [allocator 6a:2d:57:e1:77:e2]: Allocator.OnGossip: 553 bytes
DEBU: 2016/06/10 14:23:03.877406 [allocator 6a:2d:57:e1:77:e2]: OnGossipBroadcast from 96:09:be:8a:53:0f : 677 bytes
DEBU: 2016/06/10 14:23:03.879028 [allocator 6a:2d:57:e1:77:e2]: OnGossipBroadcast from 96:09:be:8a:53:0f : 790 bytes
DEBU: 2016/06/10 14:23:03.879567 [allocator 6a:2d:57:e1:77:e2]: Paxos consensus: [96:09:be:8a:53:0f 6a:2d:57:e1:77:e2]
DEBU: 2016/06/10 14:23:03.882927 [allocator 6a:2d:57:e1:77:e2]: Allocated 192.168.0.1 for 192.168.0.1 in 192.168.0.0/16
INFO: 2016/06/10 14:23:03.972906 Discovered local MAC 5a:0c:3e:3f:f4:09
INFO: 2016/06/10 14:23:04.020960 [nameserver 6a:2d:57:e1:77:e2] Ignoring registration 90ceaf8e7a23. 192.168.0.1 90ceaf8e7a23385de6812500c33227290c38d0f4689c751429415d62028b054d (not a subdomain of weave.local.)
DEBU: 2016/06/10 14:23:04.373984 sleeve ->[<nil>|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:04.374010 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:04.374656 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeatAck
DEBU: 2016/06/10 14:23:04.374671 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendFragTest
2016/06/10 14:23:04 ->[10.99.101.129:53327|96:09:be:8a:53:0f(source1)]: connection fully established
INFO: 2016/06/10 14:23:04.374904 EMSGSIZE on send, expecting PMTU update (IP packet was 60028 bytes, payload was 60020 bytes)
DEBU: 2016/06/10 14:23:04.374925 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendMTUTest: mtu candidate 1438
DEBU: 2016/06/10 14:23:04.375190 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleMTUTestAck: for mtu candidate 1438
DEBU: 2016/06/10 14:23:04.375206 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: searchMTU: 1438 1439
INFO: 2016/06/10 14:23:04.375214 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: Effective MTU verified at 1438
DEBU: 2016/06/10 14:23:04.375914 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleFragTestAck
INFO: 2016/06/10 14:23:04.727841 Discovered remote MAC 9e:75:f9:61:72:fa at 96:09:be:8a:53:0f(source1)
INFO: 2016/06/10 14:23:05.369692 Discovered remote MAC 96:09:be:8a:53:0f at 96:09:be:8a:53:0f(source1)
DEBU: 2016/06/10 14:23:14.374923 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:14.375002 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:24.375091 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:24.375217 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:33.852428 [allocator 6a:2d:57:e1:77:e2]: Allocator.OnGossip: 646 bytes
DEBU: 2016/06/10 14:23:34.375356 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:34.375434 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:44.375289 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:44.375650 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:23:54.375562 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:23:54.375878 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
INFO: 2016/06/10 14:23:54.900035 Discovered remote MAC c2:c4:fc:33:cf:62 at 96:09:be:8a:53:0f(source1)
DEBU: 2016/06/10 14:24:03.851977 [allocator 6a:2d:57:e1:77:e2]: Allocator.OnGossip: 648 bytes
DEBU: 2016/06/10 14:24:04.375797 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:04.376022 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:14.375978 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:14.376234 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:24.376256 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:24.376467 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:33.851707 [allocator 6a:2d:57:e1:77:e2]: Allocator.OnGossip: 648 bytes
DEBU: 2016/06/10 14:24:34.376452 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:34.376619 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:44.376763 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:44.376830 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
DEBU: 2016/06/10 14:24:54.376856 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: handleHeartbeat
DEBU: 2016/06/10 14:24:54.377036 sleeve ->[10.99.101.129:6783|96:09:be:8a:53:0f(source1)]: sendHeartbeat
Raw
09-source1-netcat-run
/ # nc 192.168.0.1 4444
hello test world!
^Cpunt!
Raw
09-target1-netcat-listen
/ # nc -l 4444
^Cpunt!
Raw
10-source1-tcpdump
[root@source1 ~]# tcpdump -nn -i weave -c 10
tcpdump: WARNING: weave: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on weave, link-type EN10MB (Ethernet), capture size 65535 bytes
12:00:41.638943 IP 192.168.128.0.50404 > 192.168.0.1.4444: Flags [S], seq 2435720889, win 43690, options [mss 65495,sackOK,TS val 39993860 ecr 0,nop,wscale 8], length 0
12:00:42.640462 IP 192.168.128.0.50404 > 192.168.0.1.4444: Flags [S], seq 2435720889, win 43690, options [mss 65495,sackOK,TS val 39994862 ecr 0,nop,wscale 8], length 0
12:00:44.642515 IP 192.168.128.0.50404 > 192.168.0.1.4444: Flags [S], seq 2435720889, win 43690, options [mss 65495,sackOK,TS val 39996864 ecr 0,nop,wscale 8], length 0
Raw
10-target1-tcpdump
[root@target1 ~]# tcpdump -nn -i weave -c 10
tcpdump: WARNING: weave: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on weave, link-type EN10MB (Ethernet), capture size 65535 bytes
12:00:40.751388 IP 192.168.128.0.50404 > 192.168.0.1.4444: Flags [S], seq 2435720889, win 43690, options [mss 65495,sackOK,TS val 39993860 ecr 0,nop,wscale 8], length 0
12:00:41.752899 IP 192.168.128.0.50404 > 192.168.0.1.4444: Flags [S], seq 2435720889, win 43690, options [mss 65495,sackOK,TS val 39994862 ecr 0,nop,wscale 8], length 0
12:00:43.755173 IP 192.168.128.0.50404 > 192.168.0.1.4444: Flags [S], seq 2435720889, win 43690, options [mss 65495,sackOK,TS val 39996864 ecr 0,nop,wscale 8], length 0
Raw
11-target1-iptables-vnL-after
[root@target1 ~]# iptables -vnL -tfilter
Chain INPUT (policy ACCEPT 30275 packets, 2983K bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- docker0 * 0.0.0.0/0 172.17.0.1 tcp dpt:6783
0 0 DROP udp -- docker0 * 0.0.0.0/0 172.17.0.1 udp dpt:6783
0 0 DROP udp -- docker0 * 0.0.0.0/0 172.17.0.1 udp dpt:6784
0 0 ACCEPT udp -- docker0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2302 22M DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
1371 22M DOCKER all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0
1371 22M ACCEPT all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
845 51836 ACCEPT all -- docker_gwbridge !docker_gwbridge 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker0 weave 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
86 6360 ACCEPT all -- weave weave 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker_gwbridge docker_gwbridge 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 30957 packets, 2762K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- docker0 docker_gwbridge 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker_gwbridge docker0 0.0.0.0/0 0.0.0.0/0
2302 22M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@target1 ~]# iptables -vnL -tnat
Chain PREROUTING (policy ACCEPT 371 packets, 22256 bytes)
pkts bytes target prot opt in out source destination
442 26540 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 365 packets, 21820 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 203 packets, 12233 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 206 packets, 12485 bytes)
pkts bytes target prot opt in out source destination
3 184 MASQUERADE all -- * !docker_gwbridge 172.18.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
335 20771 WEAVE all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker_gwbridge * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
Chain WEAVE (1 references)
pkts bytes target prot opt in out source destination
[root@target1 ~]# iptables -vnL -traw
Chain PREROUTING (policy ACCEPT 1839 packets, 146K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1831 packets, 159K bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# iptables -vnL -tmangle
Chain PREROUTING (policy ACCEPT 1776 packets, 142K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1774 packets, 142K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 2 packets, 120 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1778 packets, 153K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1780 packets, 153K bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# iptables -vnL -tsecurity
Chain INPUT (policy ACCEPT 1720 packets, 139K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 2 packets, 120 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1730 packets, 149K bytes)
pkts bytes target prot opt in out source destination
Raw
11-target1-iptables-vnL-before
[root@target1 ~]# iptables -vnL -tfilter
Chain INPUT (policy ACCEPT 28018 packets, 2801K bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- docker0 * 0.0.0.0/0 172.17.0.1 tcp dpt:6783
0 0 DROP udp -- docker0 * 0.0.0.0/0 172.17.0.1 udp dpt:6783
0 0 DROP udp -- docker0 * 0.0.0.0/0 172.17.0.1 udp dpt:6784
0 0 ACCEPT udp -- docker0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2300 22M DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
1371 22M DOCKER all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0
1371 22M ACCEPT all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
845 51836 ACCEPT all -- docker_gwbridge !docker_gwbridge 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker0 weave 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
84 6240 ACCEPT all -- weave weave 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker_gwbridge docker_gwbridge 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 28695 packets, 2567K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- docker0 docker_gwbridge 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- docker_gwbridge docker0 0.0.0.0/0 0.0.0.0/0
2300 22M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@target1 ~]# iptables -vnL -tnat
Chain PREROUTING (policy ACCEPT 349 packets, 20936 bytes)
pkts bytes target prot opt in out source destination
420 25220 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 343 packets, 20500 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 191 packets, 11513 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 194 packets, 11765 bytes)
pkts bytes target prot opt in out source destination
3 184 MASQUERADE all -- * !docker_gwbridge 172.18.0.0/16 0.0.0.0/0
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
323 20051 WEAVE all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker_gwbridge * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
Chain WEAVE (1 references)
pkts bytes target prot opt in out source destination
[root@target1 ~]# iptables -vnL -traw
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# iptables -vnL -tmangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# iptables -vnL -tsecurity
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Raw
12-target1-iptables-vnL-after-in-container
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tfilter
Chain INPUT (policy ACCEPT 1480 packets, 23M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 903 packets, 56694 bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tnat
Chain PREROUTING (policy ACCEPT 3 packets, 252 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 3 packets, 252 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5 packets, 308 bytes)
pkts bytes target prot opt in out source destination
3 192 DNAT udp -- * * 0.0.0.0/0 127.0.0.11 udp dpt:53 to:127.0.0.11:33078
0 0 DNAT tcp -- * * 0.0.0.0/0 127.0.0.11 tcp dpt:53 to:127.0.0.11:57827
Chain POSTROUTING (policy ACCEPT 8 packets, 500 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT udp -- * * 127.0.0.11 0.0.0.0/0 udp spt:33078 to::53
0 0 SNAT tcp -- * * 127.0.0.11 0.0.0.0/0 tcp spt:57827 to::53
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tmangle
Chain PREROUTING (policy ACCEPT 43 packets, 305K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 43 packets, 305K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 25 packets, 1982 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 25 packets, 1982 bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tsecurity
Chain INPUT (policy ACCEPT 44 packets, 305K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 25 packets, 1982 bytes)
pkts bytes target prot opt in out source destination
Raw
12-target1-iptables-vnL-before-in-container
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tfilter
Chain INPUT (policy ACCEPT 1476 packets, 23M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 903 packets, 56694 bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tnat
Chain PREROUTING (policy ACCEPT 3 packets, 252 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 3 packets, 252 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5 packets, 308 bytes)
pkts bytes target prot opt in out source destination
3 192 DNAT udp -- * * 0.0.0.0/0 127.0.0.11 udp dpt:53 to:127.0.0.11:33078
0 0 DNAT tcp -- * * 0.0.0.0/0 127.0.0.11 tcp dpt:53 to:127.0.0.11:57827
Chain POSTROUTING (policy ACCEPT 8 packets, 500 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT udp -- * * 127.0.0.11 0.0.0.0/0 udp spt:33078 to::53
0 0 SNAT tcp -- * * 127.0.0.11 0.0.0.0/0 tcp spt:57827 to::53
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tmangle
Chain PREROUTING (policy ACCEPT 38 packets, 305K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 38 packets, 305K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 25 packets, 1982 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 25 packets, 1982 bytes)
pkts bytes target prot opt in out source destination
[root@target1 ~]# ip netns exec 25694 iptables -vnL -tsecurity
Chain INPUT (policy ACCEPT 38 packets, 305K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 25 packets, 1982 bytes)
pkts bytes target prot opt in out source destination
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment