Lab 3: Networking Fundamentals¶
| Field | Value |
|---|---|
| Tier | 1 — Foundations |
| Estimated Time | 30 minutes |
| Prerequisites | Docker, basic Linux networking |
| Auto-Grade | Yes |
Scenario¶
Your company runs a microservices stack using Docker Compose on a staging server. After a weekend maintenance window, the networking between services is completely broken. The frontend cannot reach the API server. The API server cannot resolve the database hostname. There is a firewall rule blocking traffic on a critical port. One container has an MTU mismatch causing packet fragmentation and timeouts. And the routing table on one container has a blackhole route eating traffic.
The developers are blocked and cannot deploy to staging until you fix the network. The services are: a web frontend (nginx), an API server (Node.js), and a PostgreSQL database. They should all communicate over a shared Docker bridge network, but right now, almost nothing works.
Objectives¶
- Create the Docker bridge network
lab-netif it does not exist - Ensure all three containers are attached to
lab-net - Fix DNS resolution between containers (API can resolve
dbhostname) - Remove the iptables rule blocking port 5432 on the
dbcontainer - Fix the MTU on the
apicontainer to match the network (1500) - Remove the blackhole route on the
frontendcontainer
Setup¶
Creates three containers with broken networking under Docker.
Hints¶
Hint 1: Docker networks
Use `docker network create lab-net` and `docker network connect lab-netHint 2: DNS between containers
Docker's embedded DNS only works on user-defined networks, not the default bridge. Containers must be on the same user-defined network to resolve each other by name.Hint 3: Checking iptables rules
Use `docker execHint 4: MTU settings
Check MTU with `docker execHint 5: Routing blackholes
Check routes with `docker execGrading¶
Solution¶
See the solution/ directory for step-by-step network repair commands.