Watch out for DOCKER hosts

Had an issue with endpoint learning that was perplexing.  I traced the MAC address to a VM that was running DOCKER.

Interestingly enough the IP address that I did the show endpoint for does not exist in the fabric.  I masked the IP addresses so they are not the actual IPs but you’ll see the results.

Leaf_105# show endpoint ip 10.299.66.16
Legend:
O – peer-attached H – vtep a – locally-aged S – static
V – vpc-attached p – peer-aged L – local M – span
s – static-arp B – bounce
+———————————–+—————+—————–+————–+————-+
VLAN/ Encap MAC Address MAC Info/ Interface
Domain VLAN IP Address IP Info
+———————————–+—————+—————–+————–+————-+
105 vlan-1615 0050.56bf.30d7 LV po7
common:CM_Primary_PN vlan-1615 10.299.38.20 LV po7
common:CM_Primary_PN vlan-1615 172.299.221.37 LV po7
common:CM_Primary_PN vlan-1615 172.299.221.38 LV po7
common:CM_Primary_PN vlan-1615 172.299.49.19 LV po7
common:CM_Primary_PN vlan-1615 10.300.112.19 LV po7
common:CM_Primary_PN vlan-1615 10.300.88.40 LV po7
common:CM_Primary_PN vlan-1615 10.300.88.33 LV po7
common:CM_Primary_PN vlan-1615 10.299.38.24 LV po7
common:CM_Primary_PN vlan-1615 10.299.66.110 LV po7
common:CM_Primary_PN vlan-1615 172.299.213.70 LV po7
common:CM_Primary_PN vlan-1615 172.299.223.71 LV po7
common:CM_Primary_PN vlan-1615 172.299.213.96 LV po7
common:CM_Primary_PN vlan-1615 10.300.156.71 LV po7
common:CM_Primary_PN vlan-1615 10.300.88.20 LV po7
common:CM_Primary_PN vlan-1615 10.300.88.35 LV po7
common:CM_Primary_PN vlan-1615 172.299.222.116 LV po7
common:CM_Primary_PN vlan-1615 10.400.120.116 LV po7
common:CM_Primary_PN vlan-1615 10.300.112.32 LV po7
common:CM_Primary_PN vlan-1615 10.400.120.42 LV po7
common:CM_Primary_PN vlan-1615 10.300.9.163.106

<80 more lines of the same stuff>

Solution was to check the “enforce subnet check for IP learning” check box in the bridge domain L3 configuration tab.

BD-Setting

You can read up on DOCKER fun-ness https://docs.docker.com/v1.6/articles/networking/

This does not occur in “traditional” networks because the endpoint learning is in the hardware now and it learns IP’s many different ways.

Advertisements

2 thoughts on “Watch out for DOCKER hosts

    1. Yes. It’s fixed in the Bridge Domain settings under the L3 configuration tab.

      Check the box for “Enforce subnet check for IP learning”

      And

      Check the for “EP Move Detection Mode” GARP based detection

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s