IPV6 routing problem

logicethos · July 10, 2018, 3:14pm

My host has ipv6 which works fine. But my containers cant connect out on ipv6.

Docker version 18.03.1-ce, build 9ee9f40

/etc/network/interfaces (host)

iface eth0 inet6 static
address 2001:xxxx:5000:20::0010
netmask 64
gateway 2001:xxxx:5000:20::1

/etc/docker/daemon.json

{
    "ipv6": true,
    "fixed-cidr-v6": "2001:xxxx:5000:20::/64",
    "default-gateway-v6": "2001:xxxx:5000:20::1"
}

sysctl (host)

net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding=1

docker run -it alpine ash -c “ip -6 addr show dev eth0; ip -6 route show; ping6 google.com”

259: eth0@if260: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 state UP 
    inet6 2001:xxxx:5000:20::242:ac11:2/64 scope global flags 02 
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link tentative 
       valid_lft forever preferred_lft forever

2001:xxxx:5000:20::/64 dev eth0  metric 256 
fe80::/64 dev eth0  metric 256 
default via 2001:xxxx:5000:20::1 dev eth0  metric 1024 
ff00::/8 dev eth0  metric 256 

PING google.com (2a00:1450:4009:801::200e): 56 data bytes

Ping just hangs

logicethos · July 11, 2018, 2:16pm

Seems this is the problem.

docker run -it --privileged alpine ash -c "sysctl -a | grep forward|grep ipv6;sysctl -a | grep disable_ipv6"

net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

timhughes · December 24, 2018, 9:45pm

did you manage to fix this ?

paaguti · March 29, 2020, 5:41am

Hey,

I’ve been struggling with this problem too. At the end, I went back to basics (i.e. BASH and the ip netns commands ) and found out that (at least in Linux) any interface you assign to a network namespace will not inherit the

ipv6.conf.all.forwarding

or

ipv6.conf.default.forwarding

settings.

So, unless you set the forwarding flag specifically for the container interface(s) from within the network namespace assigned to the container you want to use as a router, it will never activate IPv6 forwarding.

I have reported this as a bug in the network namespaces in the Linux kernel. Let’s see if they react.

Best,
/Pedro A.

Topic		Replies	Views
IPv6 with docker routing question General	1	1162	September 24, 2018
Struggling to wrap my head around Docker and IPv6 General	0	538	December 6, 2019
Docker and IPv6 General docker	0	651	January 7, 2021
Ipv6 not working General	10	12933	May 23, 2016
Starting Docker with IPv6 Kills my IPv6 Connection General docker	1	2048	June 26, 2021

IPV6 routing problem

Related topics