Start containers, even when connected to a disabled bridge port#49705
Merged
vvoland merged 1 commit intomoby:masterfrom Mar 26, 2025
Merged
Start containers, even when connected to a disabled bridge port#49705vvoland merged 1 commit intomoby:masterfrom
vvoland merged 1 commit intomoby:masterfrom
Conversation
Commit 9a6e96f ("Before sending ARPs/NAs, check the bridge is ready") introduced a check that, if a container's veth is connected to a bridge, the port is forwarding before sending unsolicited ARP/NA messages to advertise the container's MAC/IP addresses. It waited for up-to 200ms, but it seems that's not always enough. If the port isn't forwarding, the ARP/NA messages will be silently dropped. But, if it comes up within two seconds, one or both of the resends will succeed. So - keep the wait for 200ms but, if anything goes wrong with checking the bridge port's state, or it's not forwarding after that time, just log an info/warning level message and continue. Signed-off-by: Rob Murray <rob.murray@docker.com>
robmry
added
area/networking
akerouanton
approved these changes
Mar 26, 2025
vvoland
approved these changes
Mar 26, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
- What I did
#49364 introduced a check that, if a container's veth is connected to a bridge, the port is forwarding before sending unsolicited ARP/NA messages to advertise the container's MAC/IP addresses.
It waited for up-to 200ms, but it seems that's not always enough.
If the port isn't forwarding, the ARP/NA messages will be silently dropped. But, if it comes up within two seconds, one or both of the resends will succeed.
(All reports of the issue seem to be from Compose users, but I don't think that's relevant.)
- How I did it
Keep the wait for 200ms but, if anything goes wrong with checking the bridge port's state, or it's not forwarding after that time, just log an info/warning level message and continue.
- How to verify it
Existing tests - but no repro for the slow transition to "forwarding".
- Human readable description for the release notes