The Controller runs Docker locally to provide a sandbox for running the Avi Load Balancer CLI server for non-superuser accounts. By default, Docker creates a Linux bridge interface with IP address 172.17.0.1/16. This interface can cause conflicts and communication failures between the Controller and hosts in this 172.17.0.1/16 network range because the Controller will have a local next-hop route for the entire /16 subnet through the Docker bridge.

The following are the possible symptoms:

  • Inability to communicate with the Controller from any host with 172.17.x.x (172.17.0.0/16) IP address.

  • Cloud integration fails when vCenter, NSX manager and so on, are in the 172.17.0.0/16 subnet.

  • Virtual service placement fails with the following status:

    • State: Resources

    • Reason: Host : <esxi hosts> not accessible from the Controller.

Resolution

  1. SSH to the Controller using the admin account and password.

  2. Become root using: sudo -s

  3. Create /etc/docker/daemon.json file (this file does not exist by default) with the following content:

     {
      "bip": "172.26.0.1/16"
      }
  4. Replace the example IP address above with an address that is not in conflict with subnets in use on the network. This must be a host address, not a network address. The prefix length should be between /16 to /28.

  5. After creating the file, restart the Docker daemon using systemctl restart docker code.

  6. Verify if the changes that you made work fine by checking the IP address shown in ifconfig for the docker0 interface corresponds to the bridge IP you specified in the daemon.json file.

Note:

In the case of a Controller Cluster, these steps must be carried out on each individual Controller.

The modification to daemon.json is preserved across Controller upgrades from Avi Load Balancer versions 18.2.11 and 20.1.2 onwards.