Docker Community Forums

Share and learn in the Docker community.

Help me understand IPv6 and docker


(Icsy7867) #1

Hi everyone! I am quite new to docker but I think I have some of the basics down. Creating and running docker containers is quite easy and I am enjoying it quite a bit.

With my ISP I am in a double-nat scenario, but they do issue out public IPv6 addresses. I am currently running NextCloud on a VM over IPv6 without issue. Even with this, I am still struggling a bit to understand how docker handles IPv6. I would like to get my NextCloud instance moved to a docker conatiner (Along with several other VM’s) to help save resources on my hypervisor at home.

Currently I have tried this:
http://collabnix.com/enabling-ipv6-functionality-for-docker-and-docker-compose/

after adding

{
“ipv6”: true,
“fixed-cidr-v6”: “2001:db8:1::/64”
}

to
/etc/docker/daemon.json

My docker containers do put an ipv6 IP address and ping each other on this (but they can’t ping out to google, i.e ping6 google.com).

Will IPv6 work similarly to IPv4 with docker? If I open ports 443 on a nextcloud docker container, would I simply need to visit the hosts IPv6 address? Or should I get the containers IPv6 addresses to be publically accessible through my ISP as well?

Sorry for all the questions, but I am looking forward to getting this up and running.


(Icsy7867) #2

I think I have it figured out. It seems that what docker really wants (And I had trouble understanding from the docker wiki), is that the address listed in the “fixed-cidr-v6” address should come from your actual pool if your ISP gives you a block of ipv6 address like mine does.

So I changed the “fixed-cidr-v6”: “2001:db8:1::/64” to be “fixed-cidr-v6”: “xxxx:xxxx:xxxx:xxxx::/64” from my ISP, and changed the block to 80 (Just to more isolate the IP address pool)

“fixed-cidr-v6”: “xxxx:xxxx:xxxx:xxxx::/80”

I then had to run a couple more commands. Firstly I had to make sure that the nics accept_ra sysctl setting was set to 2 (It already was) and then I had to add the NDP proxy so that the containers could talk out to the network:

(Ran on the host, your “ens3” may differ)
ip -6 neigh add proxy SpecificIPV6AddressOfContainer dev ens3

After I did this, I can FINALLY ping6 google.com from the container using one of my public IP addresses. Most of this info was in the main docker ipv6 documentation, I was just interpreting it incorrectly.