0

Preface: Similar to this post, but need a windows specific solution.

I need to route traffic from a cluster of windows containers through another windows container within that same cluster. The goal is for the outbound traffic for those containers to route to the edge router under the same source IP which will allow existing routing policies to be applied which might differ from the host's IP routing policies. The container I want to route through will have its own static IP on the host's external network (via docker network create -d l2bridge ...).

One thing that will work is using network_mode: "service:router-container", however since the majority of my services expose the same port there will be port collisions and other unknown issues. For this reason (and others), I cannot specify different ports for these containers, w/o breaking existing infrastructure, therefore joining these containers to the same network (via network_mode) is not a workable solution for my situation.

I tried configuring RRAS on a server core container, however, I kept getting an error about source files which lead me down an unproductive rabbit hole (pointing Source to install.wim, etc).

PS C:\> Install-WindowsFeature RemoteAccess

Install-WindowsFeature : The request to add or remove features on the specified server failed.
Installation of one or more roles, role services, or features failed.
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more
information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. Error: 0x800f081f
At line:1 char:1


    

  • Install-WindowsFeature RemoteAccess
    • 

  •   + CategoryInfo          : InvalidOperation: (@{Vhd=; Credent...Name=localhost}:PSObject) [Install-WindowsFeature],
  Exception
  + FullyQualifiedErrorId : DISMAPI_Error__Failed_To_Enable_Updates,Microsoft.Windows.ServerManager.Commands.AddWind
 owsFeatureCommand

    

    •

I also stooped down to trying to set up ICS but also ran into errors creating the com object. Tried copying over the relevant DLLs (C:\Windows\System32\hnet*.dll) but still couldn't get it to work.

PS C:\> regsvr32 hnetcfg.dll /s
PS C:\> $m = New-Object -ComObject HNetCfg.HNetShare
New-Object : Retrieving the COM class factory for component with CLSID {00000000-0000-0000-0000-000000000000} failed
due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
At line:1 char:6
+ $m = New-Object -ComObject HNetCfg.HNetShare
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [New-Object], COMException
    + FullyQualifiedErrorId : NoCOMClassIdentified,Microsoft.PowerShell.Commands.NewObjectCommand

Since I am using windows containers, I think I have a little bit less flexibility compared to using a linux container, so looking for a solution that will work within a windows container if possible.

Refer to my existing post (which was closed w/o explanation) for WHY I am needing to do this along with more details on my infrastructure.

gerneio
  • 11

1 Answers1

1

After some more hours of brainstorming it finally dawned on my that I might need to try a different flavor of the window server containers. There are presently four windows base images:

  • Nano Server is an ultralight Windows offering for new application development.
  • Server Core is medium in size and a good option for "lifting and shifting" Windows Server apps.
  • Windows is the largest image and has full Windows API support for workloads.
  • Windows Server is slightly smaller than the Windows image, has full Windows API support, and allows you to use more server features.

The server core image was what I had been trying, so instead, I tried the "mcr.microsoft.com/windows" one, but it didn't seem to have discoverability of the RRAS feature and is only supported up to 20H2/1809 anyhow. On the other hand, "mcr.microsoft.com/windows/server" is supported on server 2022 and should be the one to use going forward. Using that one I was successful in installing RRAS and querying the ICS com object (although it didn't return any results). So now I just need to figure out how to properly set up RRAS from the terminal (this might be useful), but this is definitely a step in the right direction.

Still curious if there are better ways to accomplish what I am trying to do here within a windows container environment. I wouldn't mind having a mix/hybrid ecosystem with Linux and Windows containers, but based on my research that is not fully supported just yet, at least from the same host.

gerneio
  • 11