does IPVS work for container to container communication on the same bridge?

Question

does IPVS work for container to container communication on the same bridge?

asridharan opened this issue 8 years ago · 3 comments

When I create a backend service with IPVS for a given container, other containers on the same bridge are unable to talk to this container. Reason is due to partially open TCP connection, since all traffic from and to the IPVS service is supposed to go through the host network namespace, but for container to container communication some of the traffic might get switched through the bridge itself.

Does gorb setup iptables SNAT to avoid this situation?

Answer 1 · 2017-01-24T16:35:12.000Z

Do you mean that adding a backend service with container's IP for an IPVS virtual service effectively blocks inter-container communications with that container?

Answer 2 · 2017-02-14T13:20:59.000Z

I noticed, that IPVS doesn't work in separate namespace, i.e. when gorb container is created using --net mybridge. Then if I put backend containers to the same net and define service <gorb_container_ip>:80 -> [<backend_container_1_ip>:80, <backend_container_2_ip>:80], I got connection refused if I do nc -v <gorb_container_ip>:80.
Everything works as expected if I create gorb container with --net host.

Answer 3 · 2017-11-28T20:31:33.000Z

I'm still not sure I understand the issue here. Are you trying to access an IPVS service from inside a container that is attached to the same bridge as one of the backends?