0

Preface: Similar to this post, but need a windows specific solution.

I need to route traffic from a cluster of windows containers through another windows container within that same cluster. The goal is for the outbound traffic for those containers to route to the edge router under the same source IP which will allow existing routing policies to be applied which might differ from the host's IP routing policies. The container I want to route through will have its own static IP on the host's external network (via docker network create -d l2bridge ...).

One thing that will work is using network_mode: "service:router-container", however since the majority of my services expose the same port there will be port collisions and other unknown issues. For this reason (and others), I cannot specify different ports for these containers, w/o breaking existing infrastructure, therefore joining these containers to the same network (via network_mode) is not a workable solution for my situation.

I tried configuring RRAS on a server core container, however, I kept getting an error about source files which lead me down an unproductive rabbit hole (pointing Source to install.wim, etc).

PS C:\> Install-WindowsFeature RemoteAccess

Install-WindowsFeature : The request to add or remove features on the specified server failed.
Installation of one or more roles, role services, or features failed.
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more
information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. Error: 0x800f081f
At line:1 char:1
+ Install-WindowsFeature RemoteAccess
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (@{Vhd=; Credent...Name=localhost}:PSObject) [Install-WindowsFeature],
    Exception
    + FullyQualifiedErrorId : DISMAPI_Error__Failed_To_Enable_Updates,Microsoft.Windows.ServerManager.Commands.AddWind
   owsFeatureCommand

I also stooped down to trying to set up ICS but also ran into errors creating the com object. Tried copying over the relevant DLLs (C:\Windows\System32\hnet*.dll) but still couldn't get it to work.

PS C:\> regsvr32 hnetcfg.dll /s
PS C:\> $m = New-Object -ComObject HNetCfg.HNetShare
New-Object : Retrieving the COM class factory for component with CLSID {00000000-0000-0000-0000-000000000000} failed
due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
At line:1 char:6
+ $m = New-Object -ComObject HNetCfg.HNetShare
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [New-Object], COMException
    + FullyQualifiedErrorId : NoCOMClassIdentified,Microsoft.PowerShell.Commands.NewObjectCommand

Since I am using windows containers, I think I have a little bit less flexibility compared to using a linux container, so looking for a solution that will work within a windows container if possible.

Refer to my existing post (which was closed w/o explanation) for WHY I am needing to do this along with more details on my infrastructure.

Hector Bas
  • 31
  • 6
  • isn't it the same as https://stackoverflow.com/questions/73675959/windows-container-outbound-nat-options ? – Iłya Bursov Sep 11 '22 at 17:53
  • Yup, that's my post, it was closed w/o an explanation. So I created this one to try to be a little more specific. I didn't edit that original post because there are still valid details that can be referenced by this more concise ticket. – Hector Bas Sep 11 '22 at 18:07
  • This, and the other question, might be on-topic on [Super User](https://superuser.com/) or [Server Fault](https://serverfault.com/). – Andrew Morton Sep 11 '22 at 18:19
  • 3
    It wasn't closed w/o an explanation. The close reason was "This question is not about programming or software development." – David Buck Sep 11 '22 at 18:20
  • Referencing the "docker-for-windows" tag, it would seem this question is more appropriate for SO, but I will give the others a try as well. – Hector Bas Sep 11 '22 at 18:39
  • 1
    I voted this question up as it's very relevant and pertinent to Docker on Windows for Windows containers. Others might find it useful. I read the original post. It seems you are having no trouble containerizing the application, which is a good sign. You got to the conclusion, but my recommendation would be to use separate networks for each customer. That way you can control the traffic without having to change anything on the app side. The other alternative is to look into Kubernetes. There are many networking options there to achieve what you are trying to do. – Vinicius Apolinario Sep 12 '22 at 20:37
  • 1
    @vinicius, appreciate the upvote. I always find it difficult whether to post more or less detail on these forums, in this case looks like I chose the wrong site. I ended up copying it to SU: https://superuser.com/q/1741827/1729376. After a little more pondering I was able to install RRAS using the windows/server container image which has full win api. Still more testing to do, but at least I'm moving in the right direction. I do agree that I will probably have more flexibility once we switch to using an orchestration tool like k8s but there's a lot to learn for a team new to containerization. – Hector Bas Sep 12 '22 at 23:13

0 Answers0