No internet from within local Service Fabric Mesh Container

Question

I'm playing around with Service Fabric Mesh on my local PC, but I'm struggling with internet access from within a (Windows) Container.

I'm using the standard web app template from Visual Studio 2017:

public static async Task<int> Main(string[] args)
    {
        try
        {
            var test = await (new System.Net.Http.HttpClient()).GetStringAsync("http://google.com");
            Console.WriteLine(test);

You would expect some HTML to be printed out but I get this exception:

System.Net.Http.HttpRequestException: No such host is known ---> System.Net.Sockets.SocketException: No such host is known at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken) at System.Threading.Tasks.ValueTask`1.get_Result() at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Threading.Tasks.ValueTask`1.get_Result() at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask) at System.Threading.Tasks.ValueTask`1.get_Result() at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at System.Net.Http.HttpClient.GetStringAsyncCore(Task`1 getTask) at Web1.Program.Main(String[] args)

The base docker image used is microsoft/dotnet:2.1-aspnetcore-runtime-nanoserver-1709 and if I run: docker run microsoft/dotnet:2.1-aspnetcore-runtime-nanoserver-1709 ping google.com then I get:

PS C:\Windows\system32> docker run microsoft/dotnet:2.1-aspnetcore-runtime-nanoserver-1709 ping google.com

Pinging google.com [172.217.168.238] with 32 bytes of data:
Reply from 172.217.168.238: bytes=32 time=16ms TTL=56
Reply from 172.217.168.238: bytes=32 time=15ms TTL=56
Reply from 172.217.168.238: bytes=32 time=15ms TTL=56
Reply from 172.217.168.238: bytes=32 time=16ms TTL=56

Ping statistics for 172.217.168.238:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 16ms, Average = 15ms

What am I doing wrong?

Update 1:

When I run the Docker image directly I get:

PS C:\Users\XXX> docker run microsoft/dotnet:2.1-aspnetcore-runtime-nanoserver-1803 ipconfig.exe /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXX

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : XXX
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-38-EE-09
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1c14:1ec3:9b85:5f56%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.20.192.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . : 172.20.192.1
   DHCPv6 IAID . . . . . . . . . . . : 67114333
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-7C-13-F1-00-15-5D-38-EE-09
   DNS Servers . . . . . . . . . . . : 172.20.192.1
                                       10.10.0.184 <-- IP of my local machine
                                       10.10.0.1 <-- My router
   NetBIOS over Tcpip. . . . . . . . : Disabled

If I do the same (System.Diagnostics.Process.Start("ipconfig.exe", "/all");) inside the code running in Service Fabric:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 0ded1f75fa51
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Application1

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : XXX
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-38-E5-2C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1d25:4204:2cd4:1bb0%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 172.20.202.176(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . : 172.20.192.1
   DHCPv6 IAID . . . . . . . . . . . : 67114333
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-7C-11-32-00-15-5D-38-E5-2C
   DNS Servers . . . . . . . . . . . : 172.20.192.1
                                       10.10.0.184
   NetBIOS over Tcpip. . . . . . . . : Disabled

As you can see 10.10.0.1 (my router/gateway is missing as a DNS Server in the last dump). How do I add that?

Answer 1

Also there was a DNS issue in Windows Containers 1709. Can you try using a more recent base layer and try again?

Also, ICMP is blocked inside Azure. You can use PSPing to check connectivity though.

More info here.

Because the ICMP protocol is not permitted through the Azure load balancer, you will notice that you are unable to ping an Azure VM from the internet, and from within the Azure VM, you are unable to ping internet locations.

Answer 2

You need to add EXPOSE command to the beginning of dockerfile, it's a known bug, i.e.

FROM .. WORKDIR ... EXPOSE 80