IPv6 in Docker
In order for IPv6 to work in docker, you just need to add the desired prefix and enable it in the configuration file - /etc/docker/daemon.json
.
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}
But there are several nuances here. In order for the addresses to work, it is necessary that the prefix is routed through the server.
Of all the available public clouds (which I use or used once), this feature is only available in AWS EC2 - prefix delegation.
But what do you do when it’s a server that’s only been given one /64 prefix? There is a way out - to use NDP Proxy.
It will not be possible to use full /64, but there is no need for this. We’ll just bite off the range for containers with the /80 prefix size.
apt install -qy ndppd
And in the file /etc/ndppd.conf
we will replace everything with the following content (eth0
- main server interface):
route-ttl 5000
proxy eth0 {
router yes
timeout 500
ttl 30000
rule 2001:db8:1:d0c4::/80 {
auto
}
}
Docker Compose
Compose is a little more complicated - it creates a separate network, and does not use the settings from the main configuration file.
To work, let’s change the main configuration file - just by enabling ipv6 support.
{
"ipv6": true,
"fixed-cidr-v6": "fd00::/64"
}
I don’t need to create containers outside of compose - so I’ll put the private address there. Is it still necessary to create containers outside of compose - then I advise you to select another one there public prefix. (you can also delegate through ndp proxy)
Now let’s configure in the docker-compose file so that addresses are issued to containers:
version: '3.9'
networks:
default:
enable_ipv6: true
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 10.0.0.0/24
- subnet: 2001:db8:1:d0c4::/80
And now, after creating or rebuilding the network, the addresses will be issued.