Why do I see duplicate API Call when using Python requests library deployed on container, one from container IP and one from Host IP?

Question

I have a python application deployed in docker container. For each request I sent to the external API server (rest api), I can see two HTTP requests on tcpdump; one from container IP, another from host IP.

I tried to check if the program is triggering 2 requests, but only 1 is found in logs and for every trigger request is logged

With tcp dump capture tcpdump -i any -nn host 10.222.xx.yy

With Mockoon attachment:

Logs where API is invoked:

2023-02-21 10:05:43,442 DEBUG app.processors.outgoing Process Messages ... 2023-02-21 10:05:43,449 INFO app.processors.outgoing Sending message to consumer with Id: 1 => Trans Id: 1676963144066_3084018310_3084018310 2023-02-21 10:05:43,452 DEBUG app.processors.outgoing 1 =>Timeout: 5.0 2023-02-21 10:05:43,454 DEBUG urllib3.connectionpool Starting new HTTP connection (1): 10.222.yyy.xxx:9001 2023-02-21 10:05:43,490 DEBUG urllib3.connectionpool http://10.222.^^^.^^^:9001 "POST /rtt/notify HTTP/1.1" 200 2 2023-02-21 10:05:43,494 DEBUG urllib3.connectionpool Starting new HTTP connection (1): 10.222.^^^.^^^:9001 2023-02-21 10:05:43,543 DEBUG urllib3.connectionpool http://10.222.^^^.^^^:9001 "POST /rtt/notify HTTP/1.1" 200 2 2023-02-21 10:05:43,544 DEBUG app.processors.outgoing Latency(ms): 50.673 2023-02-21 10:05:43,545 INFO app.processors.outgoing Success Response: 200, {} 2023-02-21 10:05:43,573 DEBUG app.common.decorators Timer: app.processors.outgoing: send_message_to_consumer took 123.77ms: Args: () 2023-02-21 10:05:43,574 INFO app.processors.outgoing Processed 1 messages 2023-02-21 10:05:43,574 DEBUG app.common.decorators Timer: app.processors.outgoing: process_out_messages took 132.18ms: Args: ()

Answer 1

You haven't shown us how you're running tcpdump, but I suspect that rather than seeing multiple requests, you're seeing the same request as it gets routed through your host.

If on my host I run:

tcpdump -i any -nn host stackoverflow.com

And then I spin up a container and run curl stackoverflow.com, I will see three results for every packet in the exchange (note that I've performed some manual alignment here to make things a bit easier to read):

07:25:32.969736 veth7b48792 P   IP 172.17.0.2.33710    > 151.101.1.69.80: ...
07:25:32.969741 docker0     In  IP 172.17.0.2.33710    > 151.101.1.69.80: ...
07:25:32.969747 eth0        Out IP 192.168.1.200.33710 > 151.101.1.69.80: ...
                 ^
                 |
                 +-- this column is the interface name

The first result shows the packet exiting the container (recall that a veth virtual wire connects eth0 inside the container to a device -- in this case veth8b48792 -- on the host, which is what gets added to the docker bridge).

The second result shows the packet traversing the docker bridge.

The third result shows the packet leaving the host's primary interface (after address translation in the nat table).

If you limit tcpdump to a single interface, you should only see a single match for each packet in the request. E.g., if I were to run tcpdump -i eth0 -nn host stackoverflow.com, I would see only:

07:46:33.505078 IP 192.168.1.200.50194 > 151.101.65.69.80: ...