Skip to content

Instantly share code, notes, and snippets.

@porjo
Last active August 29, 2015 14:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save porjo/2292f2598d030a1bcf7e to your computer and use it in GitHub Desktop.
Save porjo/2292f2598d030a1bcf7e to your computer and use it in GitHub Desktop.
linux ipv6 router
# ---------------
# Container
# ---------------
# Ensure that a default IPv6 route exists on the container (it should match the link-local address of the host running radvd)
ip -6 route
# ---------------
# Radvd Host
# ---------------
# Ensure that the host has IPv6 address and gateway *statically* assigned (don't rely on autoconf here)
ip -6 addr
ip -6 route
# Must be set to forward IPv6
sysctl -w net.ipv6.conf.all.forwarding=1
# ip6tables FORWARD table should allow traffic through
ip6tables -nvxL
@porjo
Copy link
Author

porjo commented Jun 26, 2014

I just tried to set up radvd on a fresh installation of Ubuntu 14.04 to allocate addresses to new docker containers. While address allocation works (every docker container gets an IPv6 address), I just can't connect anywhere using the allocated address (not even the router (docker0 inteface) itself). I think there is some route configuration missing.
Can someone who got this working without running each container in privileged mode share their configuration?

@niclashoyer , rather than discuss config on the pull thread...

See the gist above for some tips. If you still have trouble, paste the output of the above commands aswell as the content of your radvd.conf file.

@niclashoyer
Copy link

@porjo
thank you! Yes, I got it working now. The problem was the host configuration. For reference, here is my radvd.conf (using fd00::/64 as a placeholder for the public subnet):

interface docker0
{
    AdvSendAdvert on;
    MinRtrAdvInterval 3;
    MaxRtrAdvInterval 10;
    AdvDefaultPreference low;
    AdvHomeAgentFlag off;
    prefix fd00::/64
    {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
    };
    route ::/0
    {
    };
};

The critical part on the host:

sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo ip -6 addr add fd00::1 dev docker0
sudo ip -6 route add fd00::/64 dev docker0

@niclashoyer
Copy link

@porjo
Sorry to bother you again, but maybe you can help 😄
I am trying to use the feature of PR #6155 to add multiple bridges, so I can define multiple groups of containers that can intercommunicate, but communication between groups should not be possible (the same use case as stated in the beginning of the PR).
I added bridges (docker1, docker2, ...) and gave them IPv6 addresses accordingly (fd00::2, fd00::3, ...) and added the bridges to the radvd.conf. All containers get their IPv6 address accordingly using self configuration.
The problem now is that the route, that I added before

sudo ip -6 route add fd00::/64 dev docker0

obviously does not work for the other bridges, as this route just routes all the traffic to docker0.

Is there any way I can add a route configuration that works in this scenario? When using IPv4 I would do subnetting. But subnetting of a /64 prefix in IPv6 is not possible when using SLAAC/radvd because the minimum amount of bits needed for self configuration based on the MAC-address is 64.

Maybe this is a use case for IPv6 address assignment directly implemented in docker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment