IPv6 with docker routing question

General Discussions General
1

Hi there,
I am trying to setup IPv6 on my docker. I followed a lot of guides and other issues all over the internet, however I can’t get the last step right, the routing of the traffic towards docker.

I have the following setup:
From my hoster I get: a:b:c:d::/64 with a complete IPv6 on eth0 (masked here as a:b:c:d:e:f:g:h)

For Docker I use in the daemon.json:

{
    "debug": false,
    "ipv6": true,
    "fixed-cidr-v6": "a:b:c:d:1::/80",
}

The network I create is the following:

docker network create \
  --driver=bridge \
  --subnet=192.168.4.0/24 \
  --gateway=192.168.4.1 \
  --ipv6=true \
  --subnet=a:b:c:d:4::/80 \
  --gateway=a:b:c:d:4::1 \
  server-network

Just for test purposes I added two webserver containers on a:b:c:d:4::2 and a:b:c:d:4::3 in the network.

When I start this setup up, I have the following status:

  • I can ping the container via its IPv6 from the host
  • I can ping the other container from the container via IPv6 and alias
  • I can ping the host from the container via the IPv6
  • However the webserver is not reachable or pingable via its IPv6 address from the internet.
  • I can log the incoming packets in the FORWARD chain of my host, however they seem not to get the last connection to be picked up by docker.

Within the routing table (ip -6 route), I have the following:

a:b:c:d:1::/80 dev docker0 proto kernel metric 256 linkdown  pref medium
a:b:c:d:1::/80 dev docker0 metric 1024 linkdown  pref medium
a:b:c:d:4::/80 dev br-851714c24d29 proto kernel metric 256  pref medium
a:b:c:d:4::/80 dev br-851714c24d29 metric 1024  pref medium
a:b:c:d:e:f:g:h dev eth0 proto kernel metric 256  pref medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium
fe80::/64 dev docker0 proto kernel metric 256 linkdown  pref medium
fe80::/64 dev br-851714c24d29 proto kernel metric 256  pref medium
fe80::/64 dev vethf2f6233 proto kernel metric 256  pref medium
fe80::/64 dev veth621fc09 proto kernel metric 256  pref medium
default via fe80::1 dev eth0 metric 1024  pref medium

Does anyone know what I am missing to get this to work? It seems that all the bits and pieces are there, but one last link is missing.

2

What has sometimes helped me with similar issues is to run ‘tcpdump’ in various places along the path; on the sender, on the host, and inside the container, all while trying to reach your container service.