Help: Understanding Docker Networking, IPVlan/Macvlan and IPv6 behaviour

General
1

I’m learning a few new tricks with docker (Macvlan and IPVlan) triggered by the need to add a home assistant stack at home, and I’ve gotten to the part about setting everything up in IPv6 and things actually seem to be working… But I think my config may be messed up or I might have network conflicts…

I’m a software dev who likes to play around in the “infra” world but my networking-fu needs improvement.

With IPv4 everything seemed to be working as expected, however with IPv6, I can see that some containers might not be getting an IPv6 address setup also…

Let’s start with my compose network section:

networks:
  assistnet:
    driver: macvlan
    driver_opts:
      parent: eth0.10
    enable_ipv6: false
    ipam:
      config:
        - subnet: "192.168.4.0/24"             # router configured IPv4 subnet/vlan
          ip_range: "192.168.4.2/28"           # avoids collisions with the routers DHCP server
          gateway: "192.168.4.1"               # router IP
        - subnet: "fdfe:1ee7:666:1337::/64"    # router configured IPv6 subnet/vlan
          gateway: "fdfe:1ee7:666:1337::1"     # router IPv6 (???)

Then on my router I configured my IPv6 address as a fdfe:1ee7:666:1337::/64as my network too (see screenshot)
enter image description here

So, my questions start around the IPv6 config.

Namely:

  • In IPv4 we configure an ip_range. Should the same be done for IPv6, and if so, would a /124 subnet work?
  • Should the subnet sections match what’s defined on the router? That’s what I understood from the networking docs
  • I’m not sure the IPv6 gateway is correct. Should I be using a different address? I’m not sure the router IP is correct, but from the screenshot “Gateway IP/Subnet” I assumed the router would get the very first address, i.e. fdfe:1ee7:666:1337::1
  • It is my understanding Docker will create it’s own network based on these settings. If so, doesn’t that mean I have two fdfe:1ee7:666:1337::/64 networks defined? One in the router and another in Docker? Should docker have a smaller subnet configured or is this correct?

Thing is, I stopped seeing some of the containers on my router after adding IPv6, even if the IPs they report seem correct (and are being manually assigned)