Login/Register
Docker receiving multicast traffic
Asked Answered
networkingdockerwiresharkmulticast
P

1

18

We have a dockerized server application that is doing auto-discovery of physical appliances on the network by listening for multicast packets on port 6969. So we need our docker container to be able to receive these packets from devices outside the host, through the host, and in to the container. I've seen some similar issues and done a lot of reading but I'm still unable to get the server to respond to these multicast packets.

I'm sitting on Wireshark watching network traffic, but I'm not a specialist. I know Docker creates a MASQUERADE address to make the traffic all look like it's coming from the Docker gateway, so when I watch veth I see mostly talk between 172.17.0.1 and 172.17.0.2 although my server is unable to retrieve any information about the devices on the network. (If I run outside of docker, I have no issues of course.)

I can't use --net=host as, like others, we make use of the --link feature. I've tried the following variations...

  • docker run --name app -p 6969:6969 -d me/app:latest
  • docker run --name app -p 0.0.0.0:6969:6969 -d me/app:latest (This one I could have sworn worked once but now doesn't?)
  • docker run --name app -p 0.0.0.0:6969:6969/udp -d me/app:latest
  • docker run --name app -p 255.255.255.255:6969:6969 -d me/app:latest

Any help or insight you could provide would be greatly appreciated.

Preponderance answered 13/5, 2016 at 16:5 Comment(0)
W
10

Try to enable multicast on your nics:

ip link set eth0 multicast on

echo 1 >/proc/sys/net/ipv4/ip_forward to turn on IP forwarding

You need to explicitly set or at least check that it is enabled on relevant interfaces.

net.ipv4.conf.all.mc_forwarding = 1
net.ipv4.conf.eth0.rp_filter=0

Allow the multicast traffic:

iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -I FORWARD -d 224.0.0.0/4 -j ACCEPT

Also you might need to add the route for multicast traffic:

route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0

Change the TTL of the multicast sender:

iptables -t mangle -A OUTPUT -d <group> -j TTL --ttl-set 128
Where group is the multicast group address of the stream you want to change the TTL of.

Also you can start multicast proxy

PS:

You should try (if above doesn't help) to start docker container with --net=none option and use pipework with follow command:

pipework docker0 -i eth0 CONTAINER_ID IP_ADDRESS/IP_MASK@DEFAULT_ROUTE_IP

which creates eth0 interface inside container with IFF_MULTICAST flag and defined IP address.

Wakeup answered 13/5, 2016 at 19:23 Comment(1)
It is not possible to set mc_forwarding in sysctl (or directly in proc). See this answerHeisler

© 2022 - 2024 — McMap. All rights reserved.