Issue : Exposing ports with Windows Containers on TP5

A brief post today, so assist people who are probably going to “enjoy” the same networking issue. When coming from docker on linux and working with docker on windows, the first thing you’ll probably run into is the port exposing…

I built a MSSQL 2016 container with the default port (1433) exposed.

PS C:\Users\kvaes> docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
efc7a981f6b9 kvaessql2016 “cmd /S /C ‘powershel” 6 minutes go Up 6 minutes 1433/tcp

Though I was unable to connect from the container host to this port…

PS C:\Users\kvaes> Test-NetConnection -Port 1433 -ComputerName Localhost
WARNING: TCP connect to Localhost:1433 failed

ComputerName : Localhost
RemoteAddress : ::1
RemotePort : 1433
InterfaceAlias : Loopback Pseudo-Interface 1
SourceAddress : ::1
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False

Now let’s try that directly from the container…

PS C:\Users\kvaes> docker exec -ti efc7a981f6b9 powershell Test-NetConnection -Port 1433 -ComputerName Localhost

ComputerName : Localhost
RemoteAddress : ::1
RemotePort : 1433
InterfaceAlias : Loopback Pseudo-Interface 2
SourceAddress : ::1
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : True

This had me totally flabbergasted! After searching for a solution, I ran into the following github issue ; https://github.com/Microsoft/Virtualization-Documentation/issues/253 

Which pointed me to the following statement ;

This is a known limitation in our Windows NAT implementation (WinNAT) that you cannot access the external port in a static port mapping directly from the container (NAT) host.

The following github issue showed a workaround ; https://github.com/docker/docker/issues/15740

So let’s check the IP of our container…

PS C:\Users\kvaes> docker exec -ti efc7a981f6b9 ipconfig

Windows IP Configuration

Ethernet adapter vEthernet (Temp Nic Name):

Connection-specific DNS Suffix . : 404nupum1doencwb55jgqiwlph.ax.internal.cloudapp.net
Link-local IPv6 Address . . . . . : fe80::3077:b4b4:3a8c:5d83%31
IPv4 Address. . . . . . . . . . . : 172.27.75.141
Subnet Mask . . . . . . . . . . . : 255.240.0.0
Default Gateway . . . . . . . . . : 172.16.0.1

And then setup a proxy to reroute the traffic ;

PS C:\Users\kvaes> netsh interface portproxy add v4tov4 listenaddress=127.0.0.1 listenport=1433 connectaddress=172.27.75
.141 connectport=1433

What does the test from our container host say now?

PS C:\Users\kvaes> Test-NetConnection -Port 1433 -ComputerName Localhost

ComputerName : Localhost
RemoteAddress : ::1
RemotePort : 1433
InterfaceAlias : Loopback Pseudo-Interface 1
SourceAddress : ::1
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : True

And now it works! In all honesty, I find this a serious flaw in the Windows implementation and truly annoying to anyone making the shift from containers in the Linux ecosystem to the Windows ecosystem.

Advertisements

Azure : Availability Patterns for IaaS – Can I do multiple regions?

Introduction

There are several questions that I’m often posed that relate to availability on Azure. In today’s post, we’ll take a look at the different availability patterns. Here I hope this will answer a big portion of the questions you might have about availability on Azure. The main intake for this post will relate to the “IaaS” chunk of Azure services. Concepts like Azure SQL, Webapps, etc may have a totally different approach. But then again, you are not responsible for designing (and thus do not need to worry about) the availability aspect of these services.

Continue reading “Azure : Availability Patterns for IaaS – Can I do multiple regions?”