cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
160
Views
0
Helpful
4
Replies

Docker Container Install

Netmart
Level 3
Level 3

Hello,

I installed docker. And next I wanted to create and run a container by starting with a simple one:

 

bash-5.1# docker run hello-world
Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get "http

 

s://registry-1.docker.io/v2/": dial tcp 3.94.224.37:443: connect: network is unreachable.
See 'docker run --help'

To me it looks like a registry issue. However, to my knowledge, those docker images like 'hello-world' are part of Docker Hub's public library.

I would appreciate any advice.

Thanks.

 

Internet access s ok since I am getting my 200 OK response

 

 

bash-5.1# curl -v https://hub.docker.com | head
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 52.21.43.228:443...
* Connected to hub.docker.com (52.21.43.228) port 443 (#0)
* ALPN: offers http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3903 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=*.docker.com
* start date: Mar 5 00:00:00 2025 GMT
* expire date: Apr 3 23:59:59 2026 GMT
* subjectAltName: host "hub.docker.com" matched cert's "*.docker.com"
* issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M03
* SSL certificate verify ok.
* using HTTP/1.1
} [5 bytes data]
> GET / HTTP/1.1
> Host: hub.docker.com
> User-Agent: curl/8.1.2
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [157 bytes data]
< HTTP/1.1 200 OK
< Date: Wed, 23 Jul 2025 16:20:14 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< x-ratelimit-limit: 180
< x-ratelimit-reset: 1753287674
< x-ratelimit-remaining: 180
< x-ratelimit-ip: 140.163.254.133
< set-cookie: dckr-sessid=ImFiQVc2dGkyU3Itc2NzdlBfVjlPaFEi.M4QO78ijPhl%2FbFqZ0MuWeqtYcj5JtAy3IAm26ffHZA0; Path=/; HttpOnly; Secure; SameSite=Lax
< set-cookie: _csrf=IlVaamooSTY3SXlWU2pmbUgpcTd2bDlYUyI%3D.nUiDnNvvRGWntT6iZJIB67yfoiyMilcBqa8ONkM0SbQ; Domain=.docker.com; Path=/; HttpOnly; Secure; SameSite=Strict
< x-docker-app-version: v6687.0.0
< x-trace-id: 3423f461a27dedaa98ee239a7b96ab8d
< accept-ch: Sec-CH-Prefers-Color-Scheme
< vary: Sec-CH-Prefers-Color-Scheme, Accept-Encoding
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< strict-transport-security: max-age=31536000
<
{ [15506 bytes data]

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Where is this installed ? on Any of the cisco devices ?

s://registry-1.docker.io/v2/": dial tcp 3.94.224.37:443: connect: network is unreachable.

Looks like reachability issue. are you able to reach the IP using  curl  ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jesus Illescas
Cisco Employee
Cisco Employee

Yep, how did you installed docker and where is installed? 

I always install docker following their documentation https://docs.docker.com/engine/install/ 

I had problems with the default installation on ubuntu for example. So is best to remove the default installation and do it the way docker recommends.

 

 

Thank you Jesus.

It is installed within bash on Arista switch. And I just learned that currently Arista is not capable of an option to let docker use a VRF other than the default one. And for that reason, the network connection is failing. I am not sure whether  there are any other alternatives available which docker could over to force the docker network to use a specific VRF for outbound; this what I was hoping to get out of this thread.

Jesus Illescas
Cisco Employee
Cisco Employee

Hi @Netmart I'm not familiar with Arista, but if they only support the default VRF, I consider there are no more options.

Usually you are limited by what the vendor supports and if you go in another direction, it might or it might not work.

If you need to use docker using a specific VRF in Arista, the best thing I think you can do is to speak to them and ask them for that feature.