Getting IPv6 working in Docker Containers


Kaldek

Recommended Posts

I know there are other posts on this topic, but none of them appear to solve or document the solution.  My situation is this:

  1. I have a dual stack IPv4/IPv6 Internet connection
  2. My ISP issues me a /56 IPv6 prefix
  3. I use a Mikrotik router, which notifies hosts in the network about IPv6 via SLAAC, *not* DHCPv6
  4. Every host in the network, including unRAID on br0 is getting an IPv6 address
  5. The result of "docker inspect br0" has IPv6 set to disabled (and I can't see how to change that in the GUI)

 

Here's the result of ifconfig:

Quote

root@unraid:~# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.198  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::425b:7f54:2795:fb89  prefixlen 64  scopeid 0x20<link>
        inet6 2403:XXXX:XXXX:7201:5199:c28e:f3ef:9e25  prefixlen 64  scopeid 0x0<global>
        ether a8:5e:45:65:fb:c3  txqueuelen 1000  (Ethernet)
        RX packets 9116  bytes 3870455 (3.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6042  bytes 4043727 (3.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:7aff:fe79:21a0  prefixlen 64  scopeid 0x20<link>
        ether 02:42:7a:79:21:a0  txqueuelen 0  (Ethernet)
        RX packets 2013  bytes 216701 (211.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2048  bytes 714495 (697.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::aa5e:45ff:fe65:fbc3  prefixlen 64  scopeid 0x20<link>
        ether a8:5e:45:65:fb:c3  txqueuelen 1000  (Ethernet)
        RX packets 183023  bytes 257593567 (245.6 MiB)
        RX errors 0  dropped 13  overruns 0  frame 0
        TX packets 97885  bytes 10572730 (10.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2537  bytes 479911 (468.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2537  bytes 479911 (468.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth341da62: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::4883:e1ff:fe7d:af5b  prefixlen 64  scopeid 0x20<link>
        ether 4a:83:e1:7d:af:5b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 140  bytes 20456 (19.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth465a813: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::dc1c:feff:fe04:f0c5  prefixlen 64  scopeid 0x20<link>
        ether de:1c:fe:04:f0:c5  txqueuelen 0  (Ethernet)
        RX packets 1069  bytes 121540 (118.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1149  bytes 541070 (528.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth4ec4d1d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::28ac:38ff:fe0c:9adf  prefixlen 64  scopeid 0x20<link>
        ether 2a:ac:38:0c:9a:df  txqueuelen 0  (Ethernet)
        RX packets 229  bytes 38976 (38.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 332  bytes 39109 (38.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth6d2cc1c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::1487:f5ff:fe8e:3161  prefixlen 64  scopeid 0x20<link>
        ether 16:87:f5:8e:31:61  txqueuelen 0  (Ethernet)
        RX packets 230  bytes 28039 (27.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 343  bytes 87549 (85.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethb4f5512: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::200c:78ff:fe2c:a76c  prefixlen 64  scopeid 0x20<link>
        ether 22:0c:78:2c:a7:6c  txqueuelen 0  (Ethernet)
        RX packets 186  bytes 22583 (22.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 297  bytes 46245 (45.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethef2cc2d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::14ff:15ff:fe16:7e71  prefixlen 64  scopeid 0x20<link>
        ether 16:ff:15:16:7e:71  txqueuelen 0  (Ethernet)
        RX packets 283  bytes 32593 (31.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 352  bytes 52767 (51.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf625ce5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::58f9:aaff:fe50:dbc0  prefixlen 64  scopeid 0x20<link>
        ether 5a:f9:aa:50:db:c0  txqueuelen 0  (Ethernet)
        RX packets 16  bytes 1152 (1.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 135  bytes 19783 (19.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:5b:48:00  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fef0:d107  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:f0:d1:07  txqueuelen 1000  (Ethernet)
        RX packets 89832  bytes 6015852 (5.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 174719  bytes 253201377 (241.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Here's a result of a ping:
 

Quote

root@unraid:~# ping www.google.com
PING www.google.com(syd09s06-in-x04.1e100.net (2404:6800:4006:802::2004)) 56 data bytes
64 bytes from syd15s02-in-x04.1e100.net (2404:6800:4006:802::2004): icmp_seq=1 ttl=55 time=20.8 ms
64 bytes from syd15s02-in-x04.1e100.net (2404:6800:4006:802::2004): icmp_seq=2 ttl=55 time=20.9 ms
64 bytes from syd15s02-in-x04.1e100.net (2404:6800:4006:802::2004): icmp_seq=3 ttl=55 time=21.1 ms
64 bytes from syd15s02-in-x04.1e100.net (2404:6800:4006:802::2004): icmp_seq=4 ttl=55 time=21.1 ms

 

Here's my network settings:
image.thumb.png.f3d3426acc0c7430c34eb0761f9c8cec.png

 

Here's the docker settings:

 

image.thumb.png.57b765216f043dfb9634c4d6bfbae03a.png

Here's the result of "docker inspect br0":
 

Quote

root@unraid:~# docker inspect br0
[
    {
        "Name": "br0",
        "Id": "82314ae8e1a1bf9d0c844675445561bf686927ff31456cc55603b7f02fbc10f1",
        "Created": "2020-02-06T10:43:45.700585676+11:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/24",
                    "Gateway": "192.168.0.254",
                    "AuxiliaryAddresses": {
                        "server": "192.168.0.198"
                    }
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "parent": "br0"
        },
        "Labels": {}
    }
]

 


 

Edited by Kaldek
Link to comment
  • 4 weeks later...

hmm. have the same network setup as @Kaldek

But I use a secondary NIC and configure it for no IP4 assigned. no IPv6 assigned either. (Turned on IPv6 but did not assign one) - the Containers VLAN

image.thumb.png.e085e31a7699cc5431f7f2423bacb1f2.png

and only IPv4 on the docker networks

image.thumb.png.15678c0cd995249744b1e03d891d7a94.png

 

Then I add this to all my containers

<ExtraParams>--sysctl net.ipv6.conf.all.disable_ipv6=0 --sysctl net.ipv6.conf.eth0.use_tempaddr=2</ExtraParams>

This then makes them have get SLAAC IPV6 addresses (disabling the privacy extension - temporary IPv6 address)

 

I suppose I can make them better but havent had time to tweak the network stack as I'm doing all this remotely.

 

EDIT just realized it might not even be necessary to enable IPv6 on this secondary NIC as the base eth1 is IPv4 only but a container there does get IPv6 address anyway

Edited by ken-ji
Link to comment
3 minutes ago, ken-ji said:

EDIT just realized it might not even be necessary to enable IPv6 on this secondary NIC as the base eth1 is IPv4 only but a container there does get IPv6 address anyway

With Unraid 6.8 IPv6 will be disabled on the interface when it is configured as IPv4 only.

  • Thanks 1
Link to comment

I turned IPv6 on on all pertinent interfaces just as I updated to 6.8.3 - and I don:t see any adverse effect, other than Unraid trying to assign it self a bunch of IPv6 addresses. I:ll see what happens if they are disabled at a later date. However, the Docker extra params I:m using is still ok for my needs as the container still gets a class one IPv6 address that participates on the LAN without interference from Docker (or network config for that matter)

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.