All geek questions in one place

Docker 1.5 on IPv6 host only

I have problems with routing traffic from a Docker container (version 1.5.0) on an IPv6-only host. nc -w 10 2a00:1450:4010:c07::71 80 displays nc: connect to 2a00:1450:4010:c07::71 port 80 (tcp) timed out: Operation now in progress .

Following this documentation ifconfig eth0; ifconfig docker0; ip -6 route show ifconfig eth0; ifconfig docker0; ip -6 route show ifconfig eth0; ifconfig docker0; ip -6 route show shows:

 eth0 Link encap:Ethernet HWaddr fa:16:3e:74:4a:b9 inet6 addr: fe80::f816:3eff:fe74:4ab9/64 Scope:Link inet6 addr: 2a02:6b8:0:1a71::2329/64 Scope:Global inet6 addr: 2a02:6b8:0:1a71:f816:3eff:fe74:4ab9/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:78994 errors:0 dropped:0 overruns:0 frame:0 TX packets:20269 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:55503363 (55.5 MB) TX bytes:1945660 (1.9 MB) docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99 inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link inet6 addr: fe80::1/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:90 errors:0 dropped:0 overruns:0 frame:0 TX packets:28 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6528 (6.5 KB) TX bytes:2840 (2.8 KB) 2001:db8:0:2::/64 dev docker0 metric 1024 2a02:6b8:0:1a71::/64 dev eth0 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev docker0 proto kernel metric 256 default via 2a02:6b8:0:1a71::1 dev eth0 metric 2048 mtu 1450 advmss 1390 default via fe80::1 dev eth0 metric 2049 mtu 1450 advmss 1390

And ifconfig eth0; ip -6 route show ifconfig eth0; ip -6 route show inside container:

 eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:09 inet addr:172.17.0.9 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:acff:fe11:9/64 Scope:Link inet6 addr: 2001:db8:0:2:0:242:ac11:9/64 Scope:Global UP BROADCAST MTU:1500 Metric:1 RX packets:1 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:110 (110.0 B) TX bytes:90 (90.0 B) 2001:db8:0:2::/64 dev eth0 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 default via fe80::1 dev eth0 metric 1024

IPv6 and IPv4 routing is enabled ( cat /proc/sys/net/ipv6/conf/default/forwarding gives 1 and cat /proc/sys/net/ipv6/conf/all/forwarding gives 1 ).

It looks like I need to add a route from docker0 to IPv6 bridge traffic to eth0 , but I don’t know what to do.

Please stop!

+5
source share
2 answers

It is not recommended that you do any NAT in an IPv6 environment that defeats the IPv6 target.

You can access the container through IPv6 using piping. Pipelines allow more flexible network configuration:

 sudo docker run -t -i --name myimage <image id from `sudo docker images`> /bin/bash sudo pipework br4 -i eth1 <container id from `sudo docker ps`> 2001:db8:44::1/ 24@2001 :db8:44::ff sudo ip aa 2001:db8:44::FF/64 dev br4

To access your container from the Internet, you will need to assign an IPv6 address from the subnet of your public IPv6.

By assigning an IPv6 address to the new interface in the container (eth1), the default IPv4 route will be deleted, and the new default IPv6 route will point to the new default IPv6 gateway through eth1.

Container interfaces before using pipelines:

 root@a0b5f4937c42 :/# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 494: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:49 brd ff:ff:ff:ff:ff:ff inet 172.17.0.73/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:49/64 scope link valid_lft forever preferred_lft forever root@a0b5f4937c42 :/#

Container Interfaces After applying the pipeline: (eth1)

 root@9c8372c70ddc :/# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 498: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:4a brd ff:ff:ff:ff:ff:ff inet 172.17.0.74/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::42:acff:fe11:4a/64 scope link valid_lft forever preferred_lft forever 500: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 1e:0a:3f:b3:15:43 brd ff:ff:ff:ff:ff:ff inet6 2001:db8:44:0:1c0a:3fff:feb3:1543/64 scope global dynamic valid_lft 2591994sec preferred_lft 604794sec inet6 2001:db8:44::1/24 scope global valid_lft forever preferred_lft forever inet6 fe80::1c0a:3fff:feb3:1543/64 scope link valid_lft forever preferred_lft forever root@9c8372c70ddc :/# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.17.0.0 * 255.255.0.0 U 0 0 0 eth0 root@9c8372c70ddc :/# route -6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:db8:44::/64 :: UAe 256 0 0 eth1 2001:d00::/24 :: U 256 0 0 eth1 fe80::/64 :: U 256 0 0 eth0 fe80::/64 :: U 256 0 0 eth1 ::/0 2001:db8:44::ff UG 1024 0 0 eth1 ::/0 fe80::a8bb:ccff:fe00:100 UGDAe 1024 0 0 eth1 ::/0 :: !n -1 1 3 lo ::1/128 :: Un 0 1 0 lo 2001:db8:44::1/128 :: Un 0 1 0 lo 2001:db8:44:0:1c0a:3fff:feb3:1543/128 :: Un 0 1 0 lo fe80::42:acff:fe11:4a/128 :: Un 0 1 0 lo fe80::1c0a:3fff:feb3:1543/128 :: Un 0 1 0 lo ff00::/8 :: U 256 2 0 eth0 ff00::/8 :: U 256 6 0 eth1 ::/0 :: !n -1 1 3 lo root@9c8372c70ddc :/#

From container to docker node:

 root@9c8372c70ddc :/# ping6 2001:db8:44::ff PING 2001:db8:44::ff(2001:db8:44::ff) 56 data bytes 64 bytes from 2001:db8:44::ff: icmp_seq=1 ttl=64 time=0.134 ms 64 bytes from 2001:db8:44::ff: icmp_seq=2 ttl=64 time=0.062 ms 64 bytes from 2001:db8:44::ff: icmp_seq=3 ttl=64 time=0.061 ms ^C --- 2001:db8:44::ff ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.061/0.085/0.134/0.035 ms root@9c8372c70ddc :/#

From docker node to container:

 ping6 2001:db8:44::1 PING 2001:db8:44::1(2001:db8:44::1) 56 data bytes 64 bytes from 2001:db8:44::1: icmp_seq=1 ttl=64 time=0.092 ms 64 bytes from 2001:db8:44::1: icmp_seq=2 ttl=64 time=0.072 ms 64 bytes from 2001:db8:44::1: icmp_seq=3 ttl=64 time=0.074 ms 64 bytes from 2001:db8:44::1: icmp_seq=4 ttl=64 time=0.075 ms ^C --- 2001:db8:44::1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2997ms rtt min/avg/max/mdev = 0.072/0.078/0.092/0.010 ms ajn:~/docker/dockergit$
+3
source

Here is a solution with NAT:

 ip6tables -t nat -A POSTROUTING -s 2001:db8:0:2::/64 ! -o docker0 -j MASQUERADE

This will enable routing from the dock to the wide world.

+1
source

Source: https://habr.com/ru/post/1213301/

More articles:


All Articles