Home Assistant in Docker causes network packet loss on host

vdkeybus · January 16, 2023, 9:43pm

I installed HA in Docker.

As soon as the container is started, the host experiences network packet loss, causing a SSH session to become unbearably slow. HA seems to run fine, though, but I can’t be sure it also isn’t suffering from lost packets.

The Docker install includes the --privileged and --network=host options. I’m suspecting these interfere with Docker-managed iptables config.

I see the following interfaces in the Docker container. Is this right / to be expected ? I’m a bit surprised to see the Docker-specific IP as well as a Virtual ethernet port.

`docker0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:CB
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:f3ff:fef3:57cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1102 errors:0 dropped:0 overruns:0 frame:0
TX packets:1338 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2648353 (2.5 MiB) TX bytes:1918021 (1.8 MiB)

eno1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:E0
inet addr:192.168.16.10 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::ae1f:6bff:fe1c:d8e0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:160605 errors:0 dropped:0 overruns:0 frame:0
TX packets:84859 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:189619373 (180.8 MiB) TX bytes:29300554 (27.9 MiB)
Memory:fb300000-fb37ffff

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4199 errors:0 dropped:0 overruns:0 frame:0
TX packets:4199 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1117276 (1.0 MiB) TX bytes:1117276 (1.0 MiB)

vethb46aa03 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:3F
inet6 addr: fe80::6423:6ff:fed4:a13f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:850 errors:0 dropped:0 overruns:0 frame:0
TX packets:1055 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2226307 (2.1 MiB) TX bytes:1235085 (1.1 MiB)`

Knowing whether this is normal could help me dig deeper.

Thanks.

tmjpugh · January 16, 2023, 10:01pm

Run HA without privilege and host networking.

I presume you thinking one of the 2 is causing your issues so its faster to test without it

Also, how you starting the docker container?

mwav3 · January 17, 2023, 12:46am

Are you mapping a zigbee stick into zha? If not, there is no reason to use priviledged mode. Even if you are using zha, the -device flag and specifying the zigbee stick’s path is a better way to configure the container.

Host networking on the other hand is needed for device discovery, and many integrations won’t work properly (or at all) without host networking.

What command did you run to see those? If I run ifconfig from the host machine, I see all the networks you do and more. I actually have 7 virtual networks- I’m assuming these are created by integrations using discovery but I’m not sure.

vdkeybus · January 17, 2023, 12:28pm

I’m not sure running with different network configs won’t cause a setting to be changed, even to the point I have to redo the configuration. That’s why I wanted to ask first.

But I also don’t understand how network=host could cause packet drops. netstat (in HA container) also does not list the offended port.

vdkeybus · January 17, 2023, 12:29pm

Started container with:

sudo docker run -d
–name=homeassistant
–privileged
–restart=unless-stopped
-v $(pwd)/config:/config
-e TZ=Europe/Brussels
–network=host

vdkeybus · January 17, 2023, 12:32pm

Working with zigbee2mqtt, so I could indeed drop --privileged.

I used ifconfig in the HA container. I also found out that the virtual port is from an Ethernet interface that happens to sit in my monitor. So the interface view is exactly the same as when running ifconfig in the host.

tmjpugh · January 17, 2023, 1:56pm

No. HA really only requires port 8123. Host mode needed for discovery. Ultimately you will probably use host mode, i do not, but for immediate testing and troubleshooting it is not needed

docker run -d \
  --name homeassistant \
  --restart=unless-stopped \
  -e TZ=MY_TIME_ZONE \
  -v /PATH_TO_YOUR_CONFIG:/config \
  -p 8123:8123 \
  ghcr.io/home-assistant/home-assistant:stable

I have found no reason to run privileged . Even connecting usb and serial devices I found no need

Is HA your only docker container? Maybe the problem is docker and not the container itself.

mwav3 · January 17, 2023, 3:10pm

That shouldn’t in itself cause the issue - I’ve run Home Assistant container in host networking mode for a few years and never noticed the issue. I’d assume your packet loss is being caused by something else - either due to a conflict with Home Assistant, or possibly due to an integration being mis-configured, to a problem with how docker itself is configured. Any log errors in Home Assistant? What integrations are you using currently?

That should be the case using host networking mode - since there is no network isolation between the container and the host in this situation.

I agree - this could be an issue with the docker configuration itself - possibly a permissions issue. What is the host OS? Be advised host networking only works in linux (not windows or mac). Did you install docker according to the guide, including making sure to run the command to remove all previous old versions of docker?

Did you follow the post install steps to make sure docker commands can be run without needing sudo? I see sudo in your command to start home assistant container, which would imply this step wasn’t done. If docker can’t be managed as a non-root user you will likely have issues with host networking.