Two containers talking to each other on overlay network with high traffic (connection frequency) occasionally got connection lag almost exact multiple of 1s. It doesn't matter whether it is same host both containers are running or it goes between two physical machines.
- Ping has no lag at all, only TCP connections are affected
- This is not DNS issue, connection is tested using other container's IP address
I've tried with setting some kernel parameters based on https://github.com/moby/moby/issues/35082 as it sound similar to my problem
for ns in /var/run/docker/netns/lb_* /var/run/docker/netns/ingress_sbox
do
nsenter --net=$ns sysctl -w net.ipv4.vs.conn_reuse_mode=0;
nsenter --net=$ns sysctl -w net.ipv4.vs.expire_nodest_conn=1;
nsenter --net=$ns sysctl -w net.ipv4.vs.expire_quiescent_template=1;
done
But no luck there...
Running it for all entries in /var/run/docker/netns/* seems to change parameters also as seen from containers perspective but still no change in lag frequency.
Docker version 20.10.12. Current kernel is 5.15.32 and according to net/netfilter/ipvs/ip_vs_core.c file it seems that patch from https://lkml.org/lkml/2020/6/16/254 is already incorporated in some form in kernel source.
Additional info:
net.ipv4.vs.conntrack = 0net.netfilter.nf_conntrack_tcp_be_liberal = 1
