Cannot reach IPv6 hosts from container attached to overlay (ipv6) network

Docker Engine Swarm
1

Hello,

I have enabled IPv6 support on docker daemon as described here.
I create a docker swarm service but I cannot ping to IPv6 hosts from inside the service replicas (containers).
I also cannot ping to the docker0 interface - Got network unreachable.

docker network inspect bridge
[
{
“Name”: “bridge”,
“Id”: “4c485926952c51b7b2b564a056d87a326a911dcbea09bdf4744ec3bb4cbcd452”,
“Created”: “2018-05-29T13:48:54.294420134+03:00”,
“Scope”: “local”,
“Driver”: “bridge”,
“EnableIPv6”: true,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: [
{
“Subnet”: “172.17.0.0/16”,
“Gateway”: “172.17.0.1”
},
{
“Subnet”: “2001:db8:1::/64”
}
]
},
“Internal”: false,
“Attachable”: false,
“Ingress”: false,
“ConfigFrom”: {
“Network”: “”
},
“ConfigOnly”: false,
“Containers”: {},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
“com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
},
“Labels”: {}
}
]

My docker info output is:

docker info
Containers: 22
Running: 0
Paused: 0
Stopped: 22
Images: 13
Server Version: 17.10.0-ce
Storage Driver: overlay
Backing Filesystem: xfs
Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: akdausgkl0k7h5ddtod4pc570
Is Manager: true
ClusterID: kzzsdn3qlyxj0nzsjf926b6zq
Managers: 3
Nodes: 3
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 3
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 172.31.206.236
Manager Addresses:
172.31.206.234:2377
172.31.206.236:2377
172.31.206.237:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 0351df1c5a66838d0c392b4ac4cf9450de844e2d
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-327.22.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 31.42GiB
Name: paas-bender-1
ID: Q6QZ:UXPH:2TGD:4PLA:556R:H2PA:LDTR:E7IH:Q332:GXYQ:XJOD:JFBK
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
globe:5000
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-ip6tables is disabled

To reproduce the issue, following steps:

docker network create -d overlay --attachable --opt encrypted --ipv6 --subnet 2001:db8::/80 epic_default
docker service create --name alpine-ipv6-overlay --network epic_default --entrypoint sleep alpine 111111
docker service ps alpine-ipv6-overlay
docker exec -it $(docker ps -q --filter “name=alpine”) sh

One of the problematic issue is the output of the ip -6 route command that returnes those errors:

/ # ip -6 route
2001:db8::/80 dev eth0 metric 256
> unreachable 2001:db8::/32 dev lo metric 256 error -101
fe80::/64 dev eth0 metric 256
> unreachable default dev lo metric -1 error -101
ff00::/8 dev eth0 metric 256
> unreachable default dev lo metric -1 error -101

I probably missed something, but after few days and many tries I didn’t succeed to make it work.

Thanks.