Docker IPv6

There are diffrent ways to support IPv6 in Docker. The easiest is to enable ipv6 on the docker host and simply use the docker proxy to forward ipv6 via ipv4 to the containers. But one disadvantage of this method is, that your container is unable to see the clients remote address. Each request seems to be send from the docker host. Especially nginx and php or a spam filter for your mailserver are depending on a correct client ip. So adding a ipv6-address to each container and allowing forwarded traffic to it is the correct way to go.

# sudo nano /etc/docker/daemon.json
{
  "ipv6": true,
  "fixed-cidr-v6": "2001:xxx:2::/64"
}
# sudo nano /etc/sysctl

Change eth0 with your network device.

...
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.proxy_ndp=1
# sudo sysctl -p

Ipv6 is using a neighbor discovery system, but your ISPs router wont be able to detect your containers, so you need a so called NDP (Neighbour discovery) proxy. We already enabled it for your device above, so you only need to add your containers ip adresses. For example:

# ip -6 neigh add proxy 2001:xxx::2::4 dev eth0

We are almost ready for ipv6 support. Simply allow traffic to be forwarded to your containers and edit your dns settings to point directly to the containers ipv6 addresses.

# ip6tables -A FORWARD -i eth0 -o docker0 -d 2001:xxx:2::4 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
# ip6tables -A FORWARD -i eth0 -o docker0 -d 2001:xxx:2::4 -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT

Docker Docs

Author: Anton Bracke

Software engineering student from Germany. Loves programming in PHP, JS and sometimes C.

Last modified on August 22nd, 2018 at 1:02

Leave a Reply

Your email address will not be published. Required fields are marked *