-
-
Save porjo/2292f2598d030a1bcf7e to your computer and use it in GitHub Desktop.
# --------------- | |
# Container | |
# --------------- | |
# Ensure that a default IPv6 route exists on the container (it should match the link-local address of the host running radvd) | |
ip -6 route | |
# --------------- | |
# Radvd Host | |
# --------------- | |
# Ensure that the host has IPv6 address and gateway *statically* assigned (don't rely on autoconf here) | |
ip -6 addr | |
ip -6 route | |
# Must be set to forward IPv6 | |
sysctl -w net.ipv6.conf.all.forwarding=1 | |
# ip6tables FORWARD table should allow traffic through | |
ip6tables -nvxL |
@porjo
Sorry to bother you again, but maybe you can help 😄
I am trying to use the feature of PR #6155 to add multiple bridges, so I can define multiple groups of containers that can intercommunicate, but communication between groups should not be possible (the same use case as stated in the beginning of the PR).
I added bridges (docker1
, docker2
, ...) and gave them IPv6 addresses accordingly (fd00::2
, fd00::3
, ...) and added the bridges to the radvd.conf
. All containers get their IPv6 address accordingly using self configuration.
The problem now is that the route, that I added before
sudo ip -6 route add fd00::/64 dev docker0
obviously does not work for the other bridges, as this route just routes all the traffic to docker0
.
Is there any way I can add a route configuration that works in this scenario? When using IPv4 I would do subnetting. But subnetting of a /64 prefix in IPv6 is not possible when using SLAAC/radvd because the minimum amount of bits needed for self configuration based on the MAC-address is 64.
Maybe this is a use case for IPv6 address assignment directly implemented in docker.
@porjo
thank you! Yes, I got it working now. The problem was the host configuration. For reference, here is my
radvd.conf
(usingfd00::/64
as a placeholder for the public subnet):The critical part on the host: