Docker Notes for IPv6

FireWall


~~>  sudo ip6tables -P OUTPUT ACCEPT
 
~~>  sudo ip6tables -P INPUT ACCEPT
 
~~>  sudo ip6tables -P FORWARD ACCEPT

~~>  sudo ip6tables -t nat -A POSTROUTING -s fd00::/64 -j MASQUERADE

Rules


~~>   sudo ip6tables -nvL
 

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      lo     *       ::/0                 ::/0                
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
  140  9992 ACCEPT     icmpv6    *      *       ::/0                 ::/0                

Chain FORWARD (policy ACCEPT 11 packets, 1144 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 40 packets, 3448 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      lo      ::/0                 ::/0

NAT 


~~> sudo ip6tables -nvL -t nat


Chain PREROUTING (policy ACCEPT 49 packets, 6271 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 1 packets, 104 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1   104 MASQUERADE  all      *      *       fd00::/64            ::/0

Docker Daemon


# /usr/bin/dockerd --ipv6 --fixed-cidr-v6="fd00::/64"

or

# /usr/bin/dockerd --ipv6 --fixed-cidr-v6="fd00::/64" -H fd://


busybox


$ docker run --rm -t -i busybox:latest busybox sh

IPv6 Address


/ # ip a


1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
50: eth0@if51: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fd00::242:ac11:2/64 scope global flags 02 
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link 
       valid_lft forever preferred_lft forever


IPv6 Route


# ip -6 r 


fd00::/64 dev eth0  metric 256 
fe80::/64 dev eth0  metric 256 
default via fd00::1 dev eth0  metric 1024 
unreachable default dev lo  metric -1  error -101
ff00::/8 dev eth0  metric 256 
unreachable default dev lo  metric -1  error -101


IPv6 on the host


$ ip -6 address show docker0 


 docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP 
    inet6 fd00::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::42:fff:fe26:9dee/64 scope link 
       valid_lft forever preferred_lft forever
    inet6 fe80::1/64 scope link 
       valid_lft forever preferred_lft forever


IPv6 routing on the host


$ ip -6 route list  | grep docker

fd00::/64 dev docker0 proto kernel metric 256 pref medium
fd00::/64 dev docker0 metric 1024 pref medium
fe80::/64 dev docker0 proto kernel metric 256 pref medium


Ping6


testing inside the docker busybox !


/ # ping6 -c6 -n google.com
PING google.com (2a00:1450:4013:c00::8a): 56 data bytes
64 bytes from 2a00:1450:4013:c00::8a: seq=0 ttl=44 time=37.965 ms
64 bytes from 2a00:1450:4013:c00::8a: seq=1 ttl=44 time=34.541 ms
64 bytes from 2a00:1450:4013:c00::8a: seq=2 ttl=44 time=33.939 ms
64 bytes from 2a00:1450:4013:c00::8a: seq=3 ttl=44 time=33.714 ms
64 bytes from 2a00:1450:4013:c00::8a: seq=4 ttl=44 time=35.864 ms
64 bytes from 2a00:1450:4013:c00::8a: seq=5 ttl=44 time=33.630 ms

--- google.com ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 33.630/34.942/37.965 ms