No IPv6 connectivity from docker container
So after waiting two weeks for an answer and researching another few hours after opening up a bounty i found the solution.
Set up a new IPv6 enabled network and assign a subnet available to me (a /80 of my /64)
docker network create --ipv6 --subnet=w:x:y:z:aaaa::/80 myfancynetwork
Now start a container and connect it to the new network. Find out it's IP address. Let's say it's w:x:y:z:aaaa::5 in this example.
Enable proxy_ndp
sysctl net.ipv6.conf.eth0.proxy_ndp=1
You may also configure this setting via /etc/sysctl.conf, to make it persistent.
Add proxy to make my host (IPv6 enable) to respond to Neighbour Sollicitation messages from my router (like: "hey, who's hosting w:x:y:z:aaaa::5?") with Neighbour Advertisement messages ("that would be me!").
ip -6 neigh add proxy w:x:y:z:aaaa::5 dev eth0
ndppd may help you to automatically advertize any hosts on your network.
Bam, that's it.
Related videos on Youtube
Bogdan Perian
Updated on September 18, 2022Comments
-
Bogdan Perian over 1 year
i'm having serious problems enabling IPv6 in docker.
Environment
- The host is running Debian Jessie.
- It's a virtual Server (KVM).
- eth0 has a statically configured address like w:x:y:z::1 in a network like w:x.y:z::/64, which is assigned to my by my hosting company.
- My host is capable of using IPv6 without any problem: Pinging the outside world works, a website running on a container (Port 80 bound to host:80) is accessible via ipv6.
Problem
I cannot however access the outside world from within the containers! My docker0 bridge does NOT have a IPv6 address after restarting docker with the parameters below. There's no route and no gateway either (doesn't makes sense without an ipv6 address).
My Docker setup: Docker is started with these parameters in DOCKER_OPTS
DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4 --ipv6 --fixed-cidr-v6=w:x:y:z:a::/80"
Some ipv6 host configuration parameters:
net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1
here's One of the networks i created myself:
root@wopr:~# docker network inspect wopr6 [ { "Name": "wopr6", "Id": "ddc192d4af2a8edc809975e84cf3e4cb82c24d4cfe970dd8e3fc7d6ff31e20ee", "Scope": "local", "Driver": "bridge", "EnableIPv6": true, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.23.0.0/16", "Gateway": "172.23.0.1/16" }, { "Subnet": "w:x:y:z:a:0:0:0/80", "Gateway": "w:x:y:z:a::1" } ] }, "Internal": false, "Containers": { "dff30ab1496a4c3689ad6da0837fdb6cf7ea1a5b32312116214313b5b14ed07e": { "Name": "happy_varahamihira", "EndpointID": "8cd4ed4b91d8421171ec8cc771bbe7b7d81f05dc9f4679f20c642c2e828ec475", "MacAddress": "02:42:ac:17:00:02", "IPv4Address": "172.23.0.2/16", "IPv6Address": "w:x:y:z:a::2/80" } }, "Options": {}, "Labels": {} } ]
Here's some information from inside the container, which is mentioned above:
Addresses
root@dff30ab1496a:/# ip -6 a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 332: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 inet6 2a03:4000:6:2158:a::2/80 scope global nodad valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe17:2/64 scope link valid_lft forever preferred_lft forever
Routes
root@dff30ab1496a:/# ip -6 r 2a03:4000:6:2158:a::/80 dev eth0 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 default via 2a03:4000:6:2158:a::1 dev eth0 metric 1024
Ping
PING ipv6.l.google.com (2a00:1450:4001:811::200e): 56 data bytes, id 0x0011 = 17 --- ipv6.l.google.com ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss
What am i missing?
-
Michael Hampton almost 8 yearsYou can install the
ndppd
daemon to automate this. -
Bogdan Perian almost 8 years@MichaelHampton: That's exactly what i suggested.