Problems with some sites (MTU maybe)

hazard.2008 · March 13, 2026, 2:54pm

I sometimes notice that my workers return errors when working with some websites. For example https://api.rezdy.com

In nomad container:

442b69febe00:/# curl --request GET --url https://api.rezdy.com

curl: (28) Connection timed out after 300305 milliseconds
442b69febe00:/#
442b69febe00:/# curl --request GET --url https://google.com

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

On the host of container works good.

root@nomad-client11:~# curl --request GET --url ``https://api.rezdy.com
{“requestStatus”:{“success”:false,“error”:{“errorCode”:“4”,“errorMessage”:“Missing API Key”}}}
root@nomad-client11:~# curl --request GET --url ``https://google.com

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>

My test job:

job "net-utils-autobooker" {
  datacenters = ["dc1"] 

  type = "service"

  group "utils-group" {
    count = 2
    network {
      mode = "bridge"
    }
    
# I added this service block but it didn't help.
    service {
      name        = "test"

      connect {
        sidecar_service {
          proxy {
            transparent_proxy {}
          }
        }
      }
    }
    
    task "utils-task" {
      driver = "docker"
      config {
        image = "jonlabelle/network-tools"
        command = "bash"
        interactive = true
        tty = true
      }

      resources {
        cpu    = 100 # 100 MHz
        memory = 128 # 128MB
      }
    }
  }
}

I tried different settings and one of the solutions is to specify mode = “host” but I think it’s not very good solution.

I also noticed different MTU in network connections so add this:

{
“mtu”: 1450
}

to /etc/docker/daemon.json, restart it but doesn’t help.

host:

root@nomad-client11:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UP group default qlen 1000
    link/ether 86:00:00:89:f0:ed brd ff:ff:ff:ff:ff:ff
    inet 10.10.0.13/32 scope global dynamic enp7s0
       valid_lft 80403sec preferred_lft 80403sec
    inet6 fe80::8400:ff:fe89:f0ed/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether 02:42:f5:77:44:0a brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:f5ff:fe77:440a/64 scope link
       valid_lft forever preferred_lft forever
5: vethc525137@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP group default
    link/ether 62:15:46:58:1c:7b brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::6015:46ff:fe58:1c7b/64 scope link
       valid_lft forever preferred_lft forever
7: vethd639ada@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP group default
    link/ether 66:f9:8a:5e:6a:b7 brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet6 fe80::64f9:8aff:fe5e:6ab7/64 scope link
       valid_lft forever preferred_lft forever
8: nomad: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e2:40:19:58:49:01 brd ff:ff:ff:ff:ff:ff
    inet 172.26.64.1/20 brd 172.26.79.255 scope global nomad
       valid_lft forever preferred_lft forever
    inet6 fe80::e040:19ff:fe58:4901/64 scope link
       valid_lft forever preferred_lft forever
9: veth2182bac8@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether fe:2e:c2:77:55:e1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::8cd9:cbff:fe2f:e2d4/64 scope link
       valid_lft forever preferred_lft forever
10: veth0fea4df2@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether ca:cf:50:f6:bc:ea brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::c872:9eff:fe94:baf0/64 scope link
       valid_lft forever preferred_lft forever
11: veth636d48bb@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether b2:e5:b4:03:60:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::b0e5:b4ff:fe03:60f7/64 scope link
       valid_lft forever preferred_lft forever
13: veth6874ff68@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether 16:d1:53:01:84:ed brd ff:ff:ff:ff:ff:ff link-netnsid 6
    inet6 fe80::14d1:53ff:fe01:84ed/64 scope link
       valid_lft forever preferred_lft forever
14: veth63718708@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether 9e:40:fd:26:90:ff brd ff:ff:ff:ff:ff:ff link-netnsid 7
    inet6 fe80::9c40:fdff:fe26:90ff/64 scope link
       valid_lft forever preferred_lft forever
15: vethc8f76a58@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether ea:6e:9b:fb:56:8a brd ff:ff:ff:ff:ff:ff link-netnsid 8
    inet6 fe80::dc6f:8dff:fe6e:2fd3/64 scope link
       valid_lft forever preferred_lft forever
16: vethb1e43e61@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether fe:88:dd:98:33:32 brd ff:ff:ff:ff:ff:ff link-netnsid 9
    inet6 fe80::9428:ecff:fe0e:ec1d/64 scope link
       valid_lft forever preferred_lft forever
17: vethc17aae77@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether 82:c5:93:19:70:da brd ff:ff:ff:ff:ff:ff link-netnsid 10
    inet6 fe80::80c5:93ff:fe19:70da/64 scope link
       valid_lft forever preferred_lft forever
18: vethe9aa159e@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master nomad state UP group default
    link/ether 9e:eb:7d:a8:34:e0 brd ff:ff:ff:ff:ff:ff link-netnsid 11
    inet6 fe80::9ceb:7dff:fea8:34e0/64 scope link
       valid_lft forever preferred_lft forever
22: veth357911f@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP group default
    link/ether 66:76:6e:f6:b8:93 brd ff:ff:ff:ff:ff:ff link-netnsid 5
    inet6 fe80::6476:6eff:fef6:b893/64 scope link
       valid_lft forever preferred_lft forever

In container I see mtu 1500:

328903e3d272:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 5a:42:b5:16:69:c3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.26.67.187/20 brd 172.26.79.255 scope global eth0
       valid_lft forever preferred_lft forever

Some debug in container:

6cbdc9d65d55:/# curl -IL 'https://rezdy.com'
HTTP/2 200 
date: Fri, 13 Mar 2026 15:07:51 GMT
content-type: text/html; charset=UTF-8
content-length: 158068
x-sucuri-id: 19002
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding
last-modified: Fri, 13 Mar 2026 06:50:06 GMT
cache-control: max-age=0, s-maxage=2592000
expires: Fri, 13 Mar 2026 14:41:35 GMT
vary: Accept-Encoding
age: 887
x-cache: HIT
server: Sucuri/Cloudproxy
x-sucuri-cache: HIT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
accept-ranges: bytes

6cbdc9d65d55:/# curl -vIL 'https://api.rezdy.com'
* Host api.rezdy.com:443 was resolved.
* IPv6: (none)
* IPv4: 44.253.28.143, 16.147.130.218, 35.155.200.101
*   Trying 44.253.28.143:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust Anchors:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
*   CApath: /etc/ssl/certs

and then nothing - timeout:

* Connection timed out after 300252 milliseconds
* closing connection #0
curl: (28) Connection timed out after 300252 milliseconds

I think that resolving the problem is to correct MTU but I don’t know how do it right.

Topic		Replies	Views
Nomad bridge network not enabled? Nomad	5	4015	March 7, 2022
Websockets deployed on nomad fails to receive a message and disconnects Nomad	0	314	October 3, 2023
[UI] Decrese Nomad Web UI long-lived connections timeout Nomad	0	35	August 27, 2024
Can't connect to Nomad API Nomad connect	4	1132	September 27, 2021
Problem with tutorial Waypoint consul-nomad	12	1461	February 19, 2021

Problems with some sites (MTU maybe)

Related topics