How to set only the IPv6 Interface ID (suffix)?

[mgutt]

My container has the following fixed IP address settings:

 

 

As you can see I set the prefix + the Interface ID. In my case "2003:xxx::8". But this works only if my IPv6 prefix does not change, so after an internet reconnect my provider assigns a different IPv6 prefix and my container is not reachable anymore.

 

I tried to use this, but it does not work:

192.168.178, ::8

 

How could I solve this?

[Omri]

Hi

Did you find a solution?

[mgutt]

Sadly not. That's why I changed the unRAID ports, while NPM uses the host network on ports 80/443. By that I'm able to use the IPv6 of the server itself, which updates without problems if the prefix changes.

[Omri]

8 hours ago, mgutt said:

Sadly not. That's why I changed the unRAID ports, while NPM uses the host network on ports 80/443. By that I'm able to use the IPv6 of the server itself, which updates without problems if the prefix changes.

Too bad

recent change in docker behaviour makes it very difficult for me to handle dockers in ipv6

we need a script, which monitor the prefix/ipv6 of eth0

and edit the templates (replace current prefix with new one) in /boot/config/plugins/dockerMan/templates-user and restart docker

some kind of "ddns" for docker

 

[KluthR]

@Omri Any news on that?

 

Does anyone at LimeTech gave a info anywhere about that? Is this even possible? This needs indeed some magic, right?

[Omri]

latest unraid version fixed the IPV6 (for most parts)

the containers now get address based on their MACVLAN adress which is sufficient for me to open the appropriate ports.

[KluthR]

Could you be more specific? How do you handle it (with example)? So, you are not set fixed v6 adresses?

[mgutt]

On 12/24/2022 at 7:41 AM, Omri said:

the containers now get address based on their MACVLAN adress

 

 

This the default behavior of IPv6 assignment:

https://ben.akrin.com/mac-address-to-ipv6-link-local-address-online-converter/

 

On 12/24/2022 at 10:11 AM, KluthR said:

Could you be more specific?

 

If you start a container, it gets a "random" MAC address (MACVLAN) from docker. This mac address can be obtained through "docker inspect":

root@Tower:~# docker inspect rsync-server | grep -A100 NetworkSettings
        "NetworkSettings": {
...
                    "Gateway": "192.168.178.1",
                    "IPAddress": "192.168.178.128",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "2003:xxxx:xxxx:xxxx::1",
                    "GlobalIPv6Address": "2003:xxxx:xxxx:xxxx::2",
                    "GlobalIPv6PrefixLen": 64,
                    "MacAddress": "02:42:c0:a8:b2:80",

 

So my container has the MAC address "02:42:c0:a8:b2:80". As there is an algorithm, which builds an IPv6 suffix based on this MAC address, the container now has the following additional IPv6 addresses:

946e7e921b50:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:C0:A8:B2:80  
          inet addr:192.168.178.128  Bcast:192.168.178.255  Mask:255.255.255.0
          inet6 addr: 2003:xxxx:xxxx:xxxx:42:c0ff:fea8:b280/64 Scope:Global
          inet6 addr: 2003:xxxx:xxxx:xxxx::2/64 Scope:Global
          inet6 addr: fe80::42:c0ff:fea8:b280/64 Scope:Link

...

 

As you can see my container now has three IPv6 addresses. Two of them are based on the MAC address, which resulted in "42:c0ff:fea8:b280". This allows us to forward the ports 80/443 to this suffix. But this won't be stable if you need to remove the docker.img, which can cause a different MAC address for each container.

 

But I found a solution for this!

 

We enable the advanced view and pass the "--mac-address 00:00:00:00:01:28" as extra parameter:

 

While in the fixed IP address field we only set the IPv4:

 

Again, additional IPv6 are added based on the mac-address and our container is permanently reachable through the suffix "200:ff:fe00:128", even if we need to delete the docker.img!

 

 

 

I played a little bit around and the shortest suffix I was able to produce, was by using a MAC-address like the following:

--mac-address 02:00:00:0F:00:09
--mac-address 02:00:00:0F:00:10
...

 

It returns this suffix:

::0:ff:fe0f:9
::0:ff:fe0f:10
...

 

I tested it with an rsync-server container and made it public through port 22 (never forward this port, this is only for testing!) in my router and it works flawlessly:

 

 

 

Thanks @Omri for the inspiration!

 

 

 

[KluthR]

Thanks @mgutt will try this out.

 

that all would be great if its covered from the GUI in future unraid releases.

[KluthR]

2 hours ago, mgutt said:

I played a little bit around and the shortest suffix I was able to produce

So, the example 00:00:00:00:01:28 is not valid? How do you checked, that 02:00:00:0F:00:09 is okay but 00:00:00:00:01:28 is not?

[KluthR]

2 hours ago, mgutt said:

 

 

My results:

...
 --mac-address 00:00:00:00:00:10 'jc21/nginx-proxy-manager:latest'

unknown flag: --mac-address 00:00:00:00:00:10
See 'docker run --help'.

The command failed.

 

[mgutt]

There must be a copy paste typo. The flag is correct. Please write the characters manually.

 

[KluthR]

Oh, yes - there was a hidden space. Sorry. But goin back to my 1st question: https://forums.unraid.net/topic/110648-how-to-set-only-the-ipv6-interface-id-suffix/?do=findComment&comment=1207205 - could you share your findings?

 

EDIT: specifying 00:00:00:00:00:01 successfully gives me a v6 Interface ID of 200:ff:fe00:1 inside my fritzBox. So I assume I could work with that

 

EDIT2: I updated all rules - the 00::10 address is working! So my public v6 is *prefix*:200:00ff:fe00:0010 as caluclated. Works perfectly!

 

Thansk you!

Edited December 27, 2022 by KluthR

[mgutt]

46 minutes ago, KluthR said:

So, the example 00:00:00:00:01:28 is not valid? How do you checked, that 02:00:00:0F:00:09 is okay but 00:00:00:00:01:28 is not?

Both are valid, but 02:00... would be more "correct" as it is part of the official local private ranges:

 

x2‑xx‑xx‑xx‑xx‑xx

x6‑xx‑xx‑xx‑xx‑xx

xA‑xx‑xx‑xx‑xx‑xx

xE‑xx‑xx‑xx‑xx‑xx

 

This should avoid MAC address conflicts, but I don't really think something else uses 00:00:00:00:01:28 or similar?!

[KluthR]

39 minutes ago, mgutt said:

but I don't really think something else uses 00:00:00:00:01:28 or similar?!

At least not at my assigned v6 prefix

We'll see.

[Omri]

Hi

Every container gets 2 global IPV6 addresses

one is based on the mac address (EUI-64) and one is based on the prefix with ::1/::2... at the end

some containers (like linuxservers qbittorrent) only "use" the later which can change between reboots

can I disable the second type of global IPV6 address?

or can I make it "fixed" somehow?