Wrong ipv6 prefix in container when subnet is not /64

dbloms · March 12, 2018, 11:06pm

Hi,

I’ve setup an ipv6 network with a /48 netmask as follows:

docker network inspect docker_intern
[
    {
        "Name": "docker_intern",
        "Id": "f8dc4a5c681b4eb73405f01b9d2e4180def508da207b00d153edd21873f8ab94",
        "Created": "2018-03-12T20:33:43.737113869+01:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": true,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "192.168.254.0/24"
                },
                {
                    "Subnet": "2001:470:9a1a::/48",
                    "Gateway": "2001:470:9a1a::1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "parent": "wlp3s0"
        },
        "Labels": {
            "com.docker.compose.network": "intern",
            "com.docker.compose.project": "docker"
        }
    }
]

when I start a container with

docker run -ti --rm --name test --net docker_intern --ip6 2001:470:9a1a:820::2 alpine ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
9: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:c0:a8:fe:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.254.2/24 brd 192.168.254.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2001:470:9a1a::2/48 scope global flags 02 
       valid_lft forever preferred_lft forever
    inet6 fe80::42:c0ff:fea8:fe02/64 scope link tentative 
       valid_lft forever preferred_lft forever

I expect that the container gets the ipv6 address 2001:470:9a1a:820::2, but it gets 2001:470:9a1a::2.
It is reproducible.

I use docker-ce on debian 9:

here the output of docker info:

Containers: 1
 Running: 0
 Paused: 0
 Stopped: 1
Images: 117
Server Version: 18.02.0-ce
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.13.0-rc7-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.623GiB
Name: bereitschaft
ID: AV5F:JXB2:NU4H:AQFQ:XHJJ:UBIJ:LPE3:42LA:IL2V:3HHL:DVZ7:RUKQ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Can anybody confirm, that a container doesn’t get the right configured ipv6 address, or did I something wrong here ?

sercal · March 2, 2023, 12:12pm

Same problem here. docker network ipv6 prefix seems to be at least 64.