Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Filter out ipv6 port forwards when an ipv6 default route doesn't exist #2855

Closed
wants to merge 1 commit into from

Conversation

lattwood
Copy link

@lattwood lattwood commented Apr 27, 2021

edit: Didn't intend to open this yet.

Summary

Implementation details

Testing

New tests cover the changes:

Description for the changelog

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@sparrc
Copy link
Contributor

sparrc commented May 13, 2021

Hello, could you please describe this PR in more detail, and what is the use case for this?

If I understand correctly, is this happening because you are using a task in awsvpc network mode, and your VPC has ipv6 enabled but you have disabled or deleted the default ipv6 route via the route table of that VPC? If this is the case, could you explain what is the use-case of having a VPC with ipv6 enabled but all of the ipv6 routes deleted?

@lattwood
Copy link
Author

@sparrc this is to prevent duplicate task registration in the ECS API, as ECS registers the task for every port forward. On the latest version of docker they return ipv6 port forwards even when there’s no ipv6 connectivity on the host.

In our case we have ipv6 disabled at the vpc layer, but it still tries to contact the host on the ipv6 port but the ipv4 address.

@lattwood
Copy link
Author

This happens with the nat networking mode as well.

@sparrc
Copy link
Contributor

sparrc commented May 13, 2021

by "latest version of docker" which version do you mean? could you provide some steps to reproduce?

@lattwood
Copy link
Author

lattwood commented May 13, 2021 via email

@sparrc
Copy link
Contributor

sparrc commented May 20, 2021

@lattwood can you confirm that this is the same issue as moby/moby#42288? Looks like docker is going to fix this in 20.10.7 so we probably want to hold off on any ECS workarounds, see PR in progress moby/moby#42322

@lattwood
Copy link
Author

lattwood commented May 20, 2021 via email

@chienhanlin
Copy link
Contributor

Hello @lattwood ,
A follow-up for the fix mentioned in @sparrc 's comment. The PR fix port forwarding with ipv6.disable=1 #2635 was merged to moby/moby repo, and is included in the 20.10.7 Docker Engine release notes. Could you take a look and see if the issue you have encountered can be resolved? If not, could you provide summary, implementation details and testing on this PR? Thank you.

@chienhanlin
Copy link
Contributor

Close this PR as the fix is available since ECS Agent 1.55.3 https://github.com/aws/amazon-ecs-agent/releases/tag/v1.55.3.

In addition, we are working on a related issue #3096 to differentiate between IPV4/IPV6 Port Mappings.

Please feel free to create PRs or issues if you would like to share any suggestion with us. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants