Running in Docker and receiving flows, traps or syslog messages over UDP

We provide ways to run Minion and OpenNMS with Docker and you can configure it to receive Flows, Syslog or SNMP traps. Here are some important hints you should be aware of. It is a combination of how UDP based protocols work combined with how you configure networking with your Docker service.

If you use a network for your container and you just publish your UDP ports this will have side effects. Here is a very simplified example for explanation:

The UDP datagrams will run through NAT and from the Minion process it seems like your UDP datagrams came from 172.18.0.1 instead of 192.178.178.1. In the case of flows, the address 172.18.0.1 will be used as the IP address to assign the packets to the flow exporter. In the case of Syslog or SNMP traps over UDP, the source address will be used to assign these events to the node in the OpenNMS database.

If you can’t get around the NAT, for flows you can use additional meta data to assign flow packets differently, .e.g.:

  • Netflow v5: engineID
  • Netflow v9: sourceID
  • IPFix: observationDomainId
  • SFlow: sub_agent_id

:biohazard: UDP packets from all your devices will have 172.18.0.1 as the source IP address.

There is no simple solution for SNMP Traps and Syslog.

Solution: Network Mode Mode

If you run your Minion or OpenNMS Horizon on Linux you can use the network_mode: host which allows using the physically attached interface without NAT. You will keep the original source address for UDP datagrams. In docker-compose.yml with network_mode: host in your service or docker run --network host.

By default we run as non-root user and you get probably issues opening network ports, especially administrative ports < 1024. You can add network admin capabilities to your container service with

services
  horizon:
    network_mode: host
    cap_add:
      - NET_ADMIN

:biohazard: Network mode host will not work for Docker for Mac or Windows.

It runs Docker in a virtual machine and not natively as in Linux. The virtual machine can’t share the physical interface with Docker containers. It is emulated with a dedicated private network like 192.168.65.0/24 which is not reachable outside of your Mac or Windows box.