New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPv6 Neighbor Discovery doesn't work between hosts in overlay #1169

Open
srcman opened this Issue May 12, 2016 · 6 comments

Comments

Projects
None yet
6 participants
@srcman

srcman commented May 12, 2016

IPv6 connectivity doesn’t seem to work between containers on different hosts in an overlay network. (I.e., currently in Docker 1.11.1 it seems to work only between containers on the same host, while IPv4 connectivity works also across hosts.)

Apparently the problem is that neighbor entries (within an overlay's namespace in each host) to containers on other hosts are created only for IPv4 addresses, but not for IPv6 addresses. Thus ARP works and returns addresses of containers on other hosts, but Neighbor Discovery doesn't.

Here's a simple example, where pinging a container on "host1" from another container on "host2" over IPv6 in a Swarm cluster fails, but works between containers within "host1" (DOCKER_HOST has been set to point to a Swarm manager in this example):

$ docker --version
Docker version 1.11.1, build 5604cbe

$ docker run -it --rm swarm --version
swarm version 1.2.2 (34e3da3)

$ docker network create -d overlay --ipv6 --subnet=fd55:1e00:1634::/48 testipv6
e9ce61af8639f59af0919c1e5d85fad02036139d8d870d616e5a007a61d9c177

$ docker run -d --net=testipv6 --ip6="fd55:1e00:1634::11" -e "constraint:node==host1" alpine tail -f /dev/null
12cd2b1cb1afee6dd7cea7cb1ecd4609188d5fcd4aa64c09bdbfa7a67236d637

$ docker run -it --rm --net=testipv6 -e "constraint:node==host2" alpine ping6 fd55:1e00:1634::11
PING fd55:1e00:1634::11 (fd55:1e00:1634::11): 56 data bytes
^C
--- fd55:1e00:1634::11 ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss

$ docker run -it --rm --net=testipv6 -e "constraint:node==host1" alpine ping6 fd55:1e00:1634::11
PING fd55:1e00:1634::11 (fd55:1e00:1634::11): 56 data bytes
64 bytes from fd55:1e00:1634::11: seq=0 ttl=64 time=0.166 ms
64 bytes from fd55:1e00:1634::11: seq=1 ttl=64 time=0.095 ms
^C
--- fd55:1e00:1634::11 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.095/0.130/0.166 ms

If the IPv6 addresses and corresponding MAC addresses of containers in other hosts are added as neighbors into the overlay’s namespace in each host, neighbor discovery and IPv6 connectivity across hosts start working. Example of a manual workaround: sudo sh -c 'mkdir -p /var/run/netns; ln -s /var/run/docker/netns/1-e9ce61af86 /var/run/netns/; sudo ip netns exec 1-e9ce61af86 ip neigh add fd55:1e00:1634::2 lladdr 02:42:0a:00:02:03 nud permanent dev vxlan1'.

@sanimej

This comment has been minimized.

Show comment
Hide comment
@sanimej

sanimej May 12, 2016

Contributor

@srcman Currently we don't support IPv6 over vxlan. The control plane exchange between the nodes doesn't carry IPv6 address. Hence the neighbor entry doesn't get populated.

Contributor

sanimej commented May 12, 2016

@srcman Currently we don't support IPv6 over vxlan. The control plane exchange between the nodes doesn't carry IPv6 address. Hence the neighbor entry doesn't get populated.

@takaomag

This comment has been minimized.

Show comment
Hide comment
@takaomag

takaomag Sep 23, 2016

Is there any plan to support IPv6 connectivity over vxlan overlay network ?

takaomag commented Sep 23, 2016

Is there any plan to support IPv6 connectivity over vxlan overlay network ?

@jonathan-kosgei

This comment has been minimized.

Show comment
Hide comment
@jonathan-kosgei

jonathan-kosgei Feb 14, 2017

Hi @sanimej has there been progress towards supporting ipv6 vxlan in docker 1.13?

jonathan-kosgei commented Feb 14, 2017

Hi @sanimej has there been progress towards supporting ipv6 vxlan in docker 1.13?

@GordonTheTurtle

This comment has been minimized.

Show comment
Hide comment
@GordonTheTurtle

GordonTheTurtle Aug 30, 2017

@srcman It has been detected that this issue has not received any activity in over 6 months. Can you please let us know if it is still relevant:

  • For a bug: do you still experience the issue with the latest version?
  • For a feature request: was your request appropriately answered in a later version?

Thank you!
This issue will be automatically closed in 1 week unless it is commented on.
For more information please refer to #1926

GordonTheTurtle commented Aug 30, 2017

@srcman It has been detected that this issue has not received any activity in over 6 months. Can you please let us know if it is still relevant:

  • For a bug: do you still experience the issue with the latest version?
  • For a feature request: was your request appropriately answered in a later version?

Thank you!
This issue will be automatically closed in 1 week unless it is commented on.
For more information please refer to #1926

@choppsv1

This comment has been minimized.

Show comment
Hide comment
@choppsv1

choppsv1 Aug 30, 2017

This is a pretty basic thing right? Did anyone working on docker make ipv6 work in swarm? Is there any reason to assume it's fixed?

choppsv1 commented Aug 30, 2017

This is a pretty basic thing right? Did anyone working on docker make ipv6 work in swarm? Is there any reason to assume it's fixed?

@srcman

This comment has been minimized.

Show comment
Hide comment
@srcman

srcman Aug 30, 2017

I still see exactly the same behavior as before with Docker 17.06.1-ce (and Swarm standalone 1.2.8). I.e., IPv6 doesn't work between hosts in an overlay network. I'd consider that a bug, and it seems that it hasn't been fixed yet.

srcman commented Aug 30, 2017

I still see exactly the same behavior as before with Docker 17.06.1-ce (and Swarm standalone 1.2.8). I.e., IPv6 doesn't work between hosts in an overlay network. I'd consider that a bug, and it seems that it hasn't been fixed yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment