Containers on overlay network and "error creating vxlan interface: file exists"

[isavcic]

Output of docker version:

Client:
 Version:      1.10.3
 API version:  1.22
 Go version:   go1.5.3
 Git commit:   20f81dd
 Built:        Thu Mar 10 15:54:52 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.10.3
 API version:  1.22
 Go version:   go1.5.3
 Git commit:   20f81dd
 Built:        Thu Mar 10 15:54:52 2016
 OS/Arch:      linux/amd64

Output of docker info:

Containers: 3605
 Running: 3
 Paused: 0
 Stopped: 3602
Images: 95
Server Version: 1.10.3
Storage Driver: aufs
 Root Dir: /data/docker/aufs
 Backing Filesystem: xfs
 Dirs: 7313
 Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
 Volume: local
 Network: null host overlay bridge
Kernel Version: 4.2.0-34-generic
Operating System: Ubuntu 14.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 24
Total Memory: 188.9 GiB
Name: docker3
ID: DHJL:NC3K:JSL4:AB3M:DSIA:5NX3:GRBK:4BKF:J4I5:OROS:52EY:BRBU
Debug mode (server): true
 File Descriptors: 264
 Goroutines: 964
 System Time: 2016-03-24T18:03:14.608035906+01:00
 EventsListeners: 4
 Init SHA1: 14bbd54b64d2a737269118ce4f1613787e2d0ce8
 Init Path: /usr/lib/docker/dockerinit
 Docker Root Dir: /data/docker
WARNING: No swap limit support
Cluster store: consul://beta-consul.REDACTED:8500/docker-beta
Cluster advertise: REDACTED:2375

Additional environment details (AWS, VirtualBox, physical, etc.):

Physical.

Steps to reproduce the issue:

1. Create Marathon application which spawns Docker containers on an overlay network with -p 8888 --net=busybox-net1, image busybox, command sleep 60 (Mesos prepends sh -c to commands) without additional options. Pretty basic container setup without bells and whistles.
2. Scale to 100 container instances across 4 nodes, wait some time to pass. Containers will exit and get started again, as expected.
3. After some time (usually less than 6 hours), one by one, nodes will be unable to run containers in this network, verified by manual execution on the command line:
   docker3# docker run -d --net=busybox-net1 --name=busybox-test-12341238 busybox sleep 600 54255b316c4f0b54701bd4268f8b37044078e0260ab2065dce862dce45fb513a docker: Error response from daemon: subnet sandbox join failed for "10.140.140.0/24": error creating vxlan interface: file exists.

Debug log of an error: https://gist.github.com/isavcic/afa10cfecce0f760ad32

Describe the results you received:

docker3# docker run -d --net=busybox-net1 --name=busybox-test-12341238 busybox sleep 600 54255b316c4f0b54701bd4268f8b37044078e0260ab2065dce862dce45fb513a docker: Error response from daemon: subnet sandbox join failed for "10.140.140.0/24": error creating vxlan interface: file exists.

Describe the results you expected:

On the other node which is currently unaffected, docker run without issues:
docker4# docker run -d --net=busybox-net1 --name=busybox-test-12341239 busybox sleep 600 a2ba83dd315b2a269fedc1ea62ed6f70d545d631744d627fb0a8ad10f5d54b5a

Debug log of a successful run: https://gist.github.com/isavcic/f17afd54fd3f75b8c70c

Additional information you deem important (e.g. issue happens only occasionally):

Lines containing GET /v1.15/containers were omitted from the debug log snippets because they occur all the time. After service docker stop && service docker start on affected nodes everything works okay again.

I will leave the affected nodes in current state, if I need to provide some additional information do tell.

Thanks.

[isavcic]

Marathon/Mesos, POST to Docker API endpoint /v1.22/containers/create form data (from Docker logs): https://gist.github.com/isavcic/c835ed8e26b98d9274a3

[mavenugo]

@isavcic do you have the affected node in this state ?

am curious about the subnet 10.140.140.0/24 as seen in the error message. how many overly networks are created (and are they ever deleted ?).

Can you also share the following info -

• docker network ls (this should show all the networks that are created and currently used).
• What is the command used to create these networks ?
• ls -latr /var/run/docker/netns/*

[isavcic]

Thank you for your response.

EDIT: There were only two docker network rm, specifically of busybox-net1, after which it was recreated and remained.

The only new one since the day I've filed this ticket is bigoverlay.

docker network ls output:

NETWORK ID          NAME                DRIVER
1b571ec2de58        bigoverlay          overlay
3627d72a9b35        busybox-net1        overlay
10a41f1ec1db        bridge              bridge
7bd0fcbff939        docker_gwbridge     bridge
51804639a9c1        none                null
b8e953983508        host                host

Command used to create the network in question:

docker network create -d overlay --subnet=10.140.140.0/24 busybox-net1

ls -latr /var/run/docker/netns/* output:

-r--r--r-- 1 root root 0 Mar 24 01:35 /var/run/docker/netns/default
-rw-r--r-- 1 root root 0 Mar 24 01:35 /var/run/docker/netns/dda19de51b16
-rw-r--r-- 1 root root 0 Mar 24 01:44 /var/run/docker/netns/02c10453703e
-r--r--r-- 1 root root 0 Mar 24 15:20 /var/run/docker/netns/1-1b571ec2de
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/f65990d8f7aa
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/2ad396053960
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/4b80957d7aab
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/f111285e52e9
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/6dea95d266e1
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/0ceb34044677
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/14c206b4541c
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/91b1bce23125
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/d3f299bc2500
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/ee31e3502add
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/60ed817ff41d
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/0116aa78468e
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/2b7de8f11191
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/fe384a65d2d8
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/2c9908b366ab
-rw-r--r-- 1 root root 0 Mar 24 15:41 /var/run/docker/netns/fad2ba333862
-r--r--r-- 1 root root 0 Mar 24 15:52 /var/run/docker/netns/e1e7e80454b6
-r--r--r-- 1 root root 0 Mar 24 15:52 /var/run/docker/netns/a8e19737d7ae
-r--r--r-- 1 root root 0 Mar 24 17:42 /var/run/docker/netns/19-3627d72a9

[mavenugo]

@isavcic thanks for the info and it seems consistent with your description. on the reproduction steps, how many times does step 2 (Scale to 100 container instances across 4 nodes, wait some time to pass. Containers will exit and get started again, as expected) happen before you see the error ?
Does this happen consistently after ~ 6 hrs if the containers are continuously stops and restarted again ?
Do you see the error for all the containers after you the issue once ?

[isavcic]

Not sure on how many containers spawn in total, but given that each container, when spawned, sleeps for 10 minutes, exits and another one spawns in its place over the course of ~6 hours, I would say a couple of thousand containers are started and stopped during this time frame, it's definitely no less than a thousand at least.

After ~6 hours, on the affected node no new containers could be added to this overlay network until the restart of Docker daemon and it's consistent, ie. even today, five days later from when I submitted this issue:

docker3# docker run -d --net=busybox-net1 --name=busybox-test-2016-03-29 busybox sleep 10
06187c49d75581689e24f053d764413ad4bd8a156c04ec7ff3fe277b767ca839
docker: Error response from daemon: subnet sandbox join failed for "10.140.140.0/24": error creating vxlan interface: file exists.

[aboch]

Fix for this issue was brought in by #21671, and it is included in 1.11.0-rc3.

[thaJeztah]

Thanks @aboch. Let me close this issue as it is fixed in 1.11.0-rc3

[schmunk42]

Seeing this on swarm 1.2.5 + Docker 1.12.2-rc1 - see also moby/libnetwork#945 (comment)