Menu
I have problems with routing traffic from Docker (version 1.5.0) container on IPv6 only host. nc -w 10 2a00:1450:4010:c07::71 80 outputs nc: connect to 2a00:1450:4010:c07::71 port 80 (tcp) timed out: Operation now in progress.
Following this documentation ifconfig eth0; ifconfig docker0; ip -6 route show shows:
eth0 Link encap:Ethernet HWaddr fa:16:3e:74:4a:b9
inet6 addr: fe80::f816:3eff:fe74:4ab9/64 Scope:Link
inet6 addr: 2a02:6b8:0:1a71::2329/64 Scope:Global
inet6 addr: 2a02:6b8:0:1a71:f816:3eff:fe74:4ab9/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78994 errors:0 dropped:0 overruns:0 frame:0
TX packets:20269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:55503363 (55.5 MB) TX bytes:1945660 (1.9 MB)
docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link
inet6 addr: fe80::1/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6528 (6.5 KB) TX bytes:2840 (2.8 KB)
2001:db8:0:2::/64 dev docker0 metric 1024
2a02:6b8:0:1a71::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev docker0 proto kernel metric 256
default via 2a02:6b8:0:1a71::1 dev eth0 metric 2048 mtu 1450 advmss 1390
default via fe80::1 dev eth0 metric 2049 mtu 1450 advmss 1390
And ifconfig eth0; ip -6 route show within container:
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:09
inet addr:172.17.0.9 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:9/64 Scope:Link
inet6 addr: 2001:db8:0:2:0:242:ac11:9/64 Scope:Global
UP BROADCAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:110 (110.0 B) TX bytes:90 (90.0 B)
2001:db8:0:2::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
default via fe80::1 dev eth0 metric 1024
IPv6 and IPv4 routing is enabled (cat /proc/sys/net/ipv6/conf/default/forwarding gives 1 and cat /proc/sys/net/ipv6/conf/all/forwarding gives 1).
Seems like I need add route from docker0 bridged IPv6 traffic to eth0, but have no idea what exactly to do.
Please halp!
275
It is not recommended to do any kind of NAT in IPv6 environment, that defeats the purpose of IPv6.
You can accomplish access to the container through IPv6 using pipework. Pipework allows more flexible network configuration:
sudo docker run -t -i --name myimage <image id from `sudo docker images`> /bin/bash
sudo pipework br4 -i eth1 <container id from `sudo docker ps`> 2001:db8:44::1/24@2001:db8:44::ff
sudo ip a a 2001:db8:44::FF/64 dev br4
To be able to reach your container from Internet, you will need to assign an IPv6 address from a subnet of your public IPv6.
By assigning IPv6 address to a new interface in the container (eth1), the IPv4 default route is removed and the new IPv6 default route will point to the new IPv6 default gateway via eth1.
Container interfaces before applying pipework:
root@a0b5f4937c42:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
494: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:49 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.73/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:49/64 scope link
valid_lft forever preferred_lft forever
root@a0b5f4937c42:/#
Container interfaces After applying pipework: (eth1)
root@9c8372c70ddc:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
498: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:4a brd ff:ff:ff:ff:ff:ff
inet 172.17.0.74/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:4a/64 scope link
valid_lft forever preferred_lft forever
500: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 1e:0a:3f:b3:15:43 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:44:0:1c0a:3fff:feb3:1543/64 scope global dynamic
valid_lft 2591994sec preferred_lft 604794sec
inet6 2001:db8:44::1/24 scope global
valid_lft forever preferred_lft forever
inet6 fe80::1c0a:3fff:feb3:1543/64 scope link
valid_lft forever preferred_lft forever
root@9c8372c70ddc:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.17.0.0 * 255.255.0.0 U 0 0 0 eth0
root@9c8372c70ddc:/# route -6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:db8:44::/64 :: UAe 256 0 0 eth1
2001:d00::/24 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
::/0 2001:db8:44::ff UG 1024 0 0 eth1
::/0 fe80::a8bb:ccff:fe00:100 UGDAe 1024 0 0 eth1
::/0 :: !n -1 1 3 lo
::1/128 :: Un 0 1 0 lo
2001:db8:44::1/128 :: Un 0 1 0 lo
2001:db8:44:0:1c0a:3fff:feb3:1543/128 :: Un 0 1 0 lo
fe80::42:acff:fe11:4a/128 :: Un 0 1 0 lo
fe80::1c0a:3fff:feb3:1543/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 2 0 eth0
ff00::/8 :: U 256 6 0 eth1
::/0 :: !n -1 1 3 lo
root@9c8372c70ddc:/#
From container to docker host::
root@9c8372c70ddc:/# ping6 2001:db8:44::ff
PING 2001:db8:44::ff(2001:db8:44::ff) 56 data bytes
64 bytes from 2001:db8:44::ff: icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from 2001:db8:44::ff: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 2001:db8:44::ff: icmp_seq=3 ttl=64 time=0.061 ms
^C
--- 2001:db8:44::ff ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.061/0.085/0.134/0.035 ms
root@9c8372c70ddc:/#
From docker host to container:
ping6 2001:db8:44::1
PING 2001:db8:44::1(2001:db8:44::1) 56 data bytes
64 bytes from 2001:db8:44::1: icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from 2001:db8:44::1: icmp_seq=2 ttl=64 time=0.072 ms
64 bytes from 2001:db8:44::1: icmp_seq=3 ttl=64 time=0.074 ms
64 bytes from 2001:db8:44::1: icmp_seq=4 ttl=64 time=0.075 ms
^C
--- 2001:db8:44::1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.072/0.078/0.092/0.010 ms
ajn:~/docker/dockergit$
Here is solution with NAT:
ip6tables -t nat -A POSTROUTING -s 2001:db8:0:2::/64 ! -o docker0 -j MASQUERADE
This will enable routing from docker subnetwork to wide world.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With