Docker – Enabling IPv6 for docker breaks hosts IPv6 connectivity resulting in neither having IPv6 connection

Preface: I am newbie in both Docker and networking stuff, especially, IPv6. Am a software developer, not system/network administrator.

I am running Arch on Linode and am looking to set up Docker with IPv6 support. I could do with IPv4, and while I have not resolved this issue, I am staying with IPv4, but I am really looking forward to enable IPv6.

Since I am using systemd-networkd I had to enable IPForward=kernel which I have done.

If Docker is not running, obviously, IPv6 works for my Arch.

If I run Docker without IPv6, Arch has IPv6 connectivity.

Now, if I run Docker with IPv6 enabled: docker daemon --ipv6 --fixed-cidr-v6="XXXXX/64" -H fd://, it breaks the IPv6 connectivity for my Arch and neither does it work inside containers.

The one difference that I have spotted is that without IPv6 for Docker, I have a default route for IPv6 on my Arch:

[root@x ~]# ip -6 route show
2a01:7e00::/64 dev enp0s4  proto kernel  metric 256  pref medium
fe80::/64 dev enp0s4  proto kernel  metric 256  pref medium
fe80::/64 dev docker0  proto kernel  metric 256  pref medium
default via fe80::1 dev enp0s4  proto ra  metric 1024  expires 73sec hoplimit 64 pref medium

When enabling IPv6, I am left with this:

[root@x ~]# ip -6 route show
2a01:7e00::/64 dev enp0s4  proto kernel  metric 256  pref medium
2a01:7e00::/64 dev docker0  metric 1024  pref medium
fe80::/64 dev enp0s4  proto kernel  metric 256  pref medium
fe80::/64 dev docker0  proto kernel  metric 256  pref medium

Though, adding default IPv6 route manually:

ip -6 route add default via fe80::1 dev enp0s4

Enables IPv6 for my host, but still leaves containers with no IPv6 connection.

Info and what I have tried

To test connection, I am using ping6.
The container which acts as my test dummy is base/archlinux.
After manually adding default IPv6 route to host, restarting docker – no success.
Making default IPv6 route via docker0 leaves both the host and container with no connectivity.
I cannot ping my host by it's IPv6 address from container in any scenario.
I have followed Docker guide for IPv6 and tried to change the IPv6 subnet for my docker daemon to 80, didn't help (though, I could have done something wrong given my expertise).
I also attempted to set (as said in guide) sysctl net.ipv6.conf.eth0.accept_ra=2, though, on container it errors out with: sysctl: setting key "net.ipv6.conf.eth0.accept_ra": Read-only file system. On host, nothing changes.
The fact, that by default there is no IPv6 route for host, makes me think that this comes somewhere from Docker side of things.

IP configuration from host when IPv6 is enabled:

[root@apitecture ~]# ip addr show dev enp0s4; ip addr show dev docker0; ip -6 route show
3: enp0s4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f2:3c:91:ae:1a:0a brd ff:ff:ff:ff:ff:ff
    inet xxx.xxx.xxx.xxx/24 brd xxx.xxx.xxx.255 scope global enp0s4
       valid_lft forever preferred_lft forever
    inet6 2a01:7e00::xxxx:xxxx:xxxx:xxxx/64 scope global
       valid_lft 2590589sec preferred_lft 603389sec
    inet6 fe80::f03c:91ff:feae:1a0a/64 scope link
       valid_lft forever preferred_lft forever
13: docker0@NONE: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default
    link/ether 02:42:cd:3d:04:60 brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:cdff:fe3d:460/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::1/64 scope link
       valid_lft forever preferred_lft forever
2a01:7e00::/64 dev enp0s4  proto kernel  metric 256  pref medium
2a01:7e00::/64 dev docker0  metric 1024  pref medium
fe80::/64 dev enp0s4  proto kernel  metric 256  pref medium
fe80::/64 dev docker0  proto kernel  metric 256  pref medium

IP configuration from container when IPv6 is enabled:

[root@x ~]# docker run -it --rm base/archlinux bash -c "ip -6 addr show dev eth0; ip -6 route show"
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
    inet6 2a01:7e00::xxx:xxxx:2/64 scope global tentative
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link tentative
       valid_lft forever preferred_lft forever
2a01:7e00::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
default via fe80::1 dev eth0  metric 1024

xxxx are hidden, hope I do not have to expose my public addresses.

What do I do to fix the issue to enable IPv6 for Docker?

Best Answer

I'm experience similar problems. My setup is docker images running in a Debian LXC, which again runs on Proxmox.

The official way of editing /etc/docker/daemon.json never worked for me. Evern worse, editing this file or not, docker bridges break my host's ipv6 connection.

For my case, ip -6 route add default via xxxx dev eth0 and then adding network_mode: "host" in the docker-compose.yml enable ipv6 access for both host and container.

However, for adding ipv6 route part fe80::1 didn't work for me. I had to take whatever default ipv6 route is when docker daemon was shutdown. The only downside is that every time the LXC reboots, the command has to be executed.

Info and what I have tried

Best Answer

Related Solutions

Linux – ipv6: `ifconfig` shows “Scope:Link” . What is “Scope:Link”

Centos – Can’t get IPv6 setup statically using CentOS6 on a 1and1 dedicated server

Related Topic