Docker 接收多播流量
[英]Docker receiving multicast traffic
问题描述
We have a dockerized server application that is doing auto-discovery of physical appliances on the network by listening for multicast packets on port 6969. So we need our docker container to be able to receive these packets from devices outside the host, through the host, and in to the container.
我们有一个 dockerized 服务器应用程序,它通过侦听端口 6969 上的多播数据包来自动发现网络上的物理设备。因此我们需要我们的 docker 容器能够通过主机从主机外部的设备接收这些数据包,并进入容器。 I've seen some similar issues and done a lot ofreading but I'm still unable to get the server to respond to these multicast packets.我已经看到了一些类似的问题并做了很多阅读,但我仍然无法让服务器响应这些多播数据包。
I'm sitting on Wireshark watching network traffic, but I'm not a specialist.我坐在 Wireshark 上观察网络流量,但我不是专家。 I know Docker creates a MASQUERADE address to make the traffic all look like it's coming from the Docker gateway, so when I watch veth I see mostly talk between 172.17.0.1 and 172.17.0.2 although my server is unable to retrieve any information about the devices on the network.我知道 Docker 创建了一个MASQUERADE地址,使所有流量看起来都像是来自 Docker 网关,所以当我观看veth时,我看到的主要是172.17.0.1和172.17.0.2之间的对话,尽管我的服务器无法检索有关设备的任何信息在网络上。 (If I run outside of docker, I have no issues of course.) (如果我在 docker 之外运行,我当然没有问题。)
I can't use --net=host as, like others, we make use of the --link feature.我不能使用--net=host ,因为我们像其他人一样使用--link功能。 I've tried the following variations...我尝试了以下变体......
-
docker run --name app -p 6969:6969 -d me/app:latest -
docker run --name app -p 0.0.0.0:6969:6969 -d me/app:latest(This one I could have sworn worked once but now doesn't?)docker run --name app -p 0.0.0.0:6969:6969 -d me/app:latest(这个我发誓曾经工作过但现在不行了?) -
docker run --name app -p 0.0.0.0:6969:6969/udp -d me/app:latest -
docker run --name app -p 255.255.255.255:6969:6969 -d me/app:latest
Any help or insight you could provide would be greatly appreciated.您可以提供的任何帮助或见解将不胜感激。
1 个解决方案
解决方案1
10 2016-05-13 19:23:30
Try to enable multicast on your nics:尝试在您的网卡上启用多播:
ip link set eth0 multicast on
echo 1 >/proc/sys/net/ipv4/ip_forward to turn on IP forwarding echo 1 >/proc/sys/net/ipv4/ip_forward开启IP转发
You need to explicitly set or at least check that it is enabled on relevant interfaces.您需要明确设置或至少检查它是否在相关接口上启用。
net.ipv4.conf.all.mc_forwarding = 1
net.ipv4.conf.eth0.rp_filter=0
Allow the multicast traffic:允许多播流量:
iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -I FORWARD -d 224.0.0.0/4 -j ACCEPT
Also you might need to add the route for multicast traffic:您还可能需要为多播流量添加路由:
route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0
Change the TTL of the multicast sender:更改多播发送者的 TTL:
iptables -t mangle -A OUTPUT -d <group> -j TTL --ttl-set 128
Where group is the multicast group address of the stream you want to change the TTL of.
Also you can start multicast proxy您也可以启动多播代理
PS:附言:
You should try (if above doesn't help) to start docker container with --net=none option and use pipework with follow command:您应该尝试(如果以上没有帮助)使用 --net=none 选项启动 docker 容器,并使用带有以下命令的管道:
pipework docker0 -i eth0 CONTAINER_ID IP_ADDRESS/IP_MASK@DEFAULT_ROUTE_IP
which creates eth0 interface inside container with IFF_MULTICAST flag and defined IP address.它使用 IFF_MULTICAST 标志和定义的 IP 地址在容器内创建 eth0 接口。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.