Containerized environment access via bridge to AWS

General Discussion
#1

Hi All,

We are deploying a handful of edge computing devices all running a containerized OS (balena). One of those containers is ZeroTier. The goal is to have all of the containers on the device be able to use ZeroTier to link into an AWS VPC (cloud network) in order to connect to various services.

I have the AWS bridge set up and it works and has been validated from my laptop connected to the same ZeroTier network. The issue that I am having is that my containerized environment doesn’t appear to be propagating my managed route to the edge device. I can ping any device directly connected to the ZeroTier network, but I can’t seem to get to anything on the other side of the bridge like I expected to.

Any help here would be awesome. I feel like I am missing something simple.

#2

Some additional info below.

When I run netstat -rn from my Mac I see the below

10.2/18            10.244.95.12       UGSc       feth197
10.244/16          link#18            UC         feth197      !

10.244/16 is my ZeroTier network. 10.2/18 is my managed route that exists in AWS. I can ping any server on either of those networks from my Mac.

In my containerized environment I have 2 containers. A ZeroTier container that is joined to the same 10.244/16 network, and a test/basic container. When I display routes from my test container I only see the 10.244/16 route and can ping hosts on the ZeroTier network. This means that some routes are propagating, but why isn’t my managed route?

Some additional info about my ZeroTier network. I have 3 hosts connected. My Mac and the container mentioned above, and then an EC2 instance in AWS that is set up to be a bridge to the 10.2/18 network. Unsure if I need my container to also be a bridge or not since nothing needs to be able to reach into the containers, the containers just need to be able to reach AWS.

Thanks again!

#3

I regret to inform everyone that my issue was the version of ZeroTier that was running in my container. I am a victim of a tale as old as time. :fliptable:

Thanks Everyone