Docker has a known issue where it seems to ignore the network's maximum packet size MTU (Maximum Transmission Unit) and set a default of 1500. This results in situations where the docker container is expecting to be able to send larger packets than the underlying network will send and parts of the packet get trimmed.
Here's an example using the output from running the command
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000 link/ether fb:1a:3e:47:80:62 brd ff:ff:ff:ff:ff:ff inet 10.17.228.5/24 brd 10.35.228.255 scope global ens3 valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:83:20:dc:cc brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever
The important parts are you can see that
ens3 (the default network interface) has an MTU of
1450, but Docker created the
docker0 interface with a higher MTU of
The effect of this is that you may get timeouts when connecting to internet services (such as package updates/downloads, Ruby gem installation, etc) or even that files download but don't have the correct size/contents.
Fortunately the fix is quite easy, you need to add a parameter to your launch script for Docker to specify/override the MTU. Using Ubuntu 16.04 for example, the file to edit as root is
/lib/systemd/system/docker.service. You need to change the line looking like this:
ExecStart=/usr/bin/dockerd -H fd://
to look like this:
ExecStart=/usr/bin/dockerd --mtu 1450 -H fd://
Note: It's quite fine to use the same value as the default network interface (in our example and for our infrastructure
1450), it just can't be higher.
After that you need to restart Docker and all will be well with your networking:
sudo systemctl daemon-reload sudo service docker restart