libnetwork disables IPv6 on all interfaces in initns #1720

tgraf · 2017-04-13T20:51:45Z

The following code seems to mistakenly disable IPv6 on all interfaces in the initns if all containers use host networking.

https://github.com/docker/libnetwork/blob/ab8f7e61743aa7e54c5d0dad0551543adadc33cf/osl/namespace_linux.go#L224

Steps to reprorduce:

sysctl net.ipv6.conf.all.disable_ipv6
docker-compose up -d
sysctl net.ipv6.conf.all.disable_ipv6

Output:

==> cilium-1: net.ipv6.conf.all.disable_ipv6 = 0
==> cilium-1: Creating cilium-kvstore
==> cilium-1: Creating cilium
==> cilium-1: Creating cilium-docker-plugin
==> cilium-1: net.ipv6.conf.all.disable_ipv6 = 1

docker-compose.yml

version: '2'
services:
  cilium:
    container_name: cilium
    image: cilium/cilium:${CILIUM_TAG}
    command: cilium-agent ${CILIUM_OPTS}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/run/cilium:/var/run/cilium
      - /run/docker/plugins:/run/docker/plugins
      - /sys/fs/bpf:/sys/fs/bpf
    network_mode: "host"
    cap_add:
      - "NET_ADMIN"
    privileged: true
    depends_on:
      - consul

  cilium_docker:
    container_name: cilium-docker-plugin
    image: cilium/cilium:${CILIUM_TAG}
    command: cilium-docker
    volumes:
      - /var/run/cilium:/var/run/cilium
      - /run/docker/plugins:/run/docker/plugins
    network_mode: "host"
    cap_add:
      - "NET_ADMIN"
    privileged: true
    depends_on:
      - cilium

  consul:
    container_name: cilium-kvstore
    network_mode: "host"
    ports:
      - "8500:8500"
    environment:
      - "CONSUL_LOCAL_CONFIG={\"skip_leave_on_interrupt\": true}"
    image: consul:v0.6.4
    command: agent -client=0.0.0.0 -server -bootstrap-expect 1

The text was updated successfully, but these errors were encountered:

aboch · 2017-04-13T20:54:35Z

That's correct.
The bug was fixed in #1711. Docker 17.05 will have the fix.

aboch · 2017-04-13T21:28:57Z

Fixed by #1711

tgraf · 2017-04-13T23:47:23Z

Thanks @aboch !

Docker <17.05 has an issue which causes IPv6 to be disabled in the initns for all interface (moby/libnetwork#1720) Signed-off-by: Thomas Graf <thomas@cilium.io>

Docker <17.05 has an issue which causes IPv6 to be disabled in the initns for all interface (moby/libnetwork#1720) Backports: 19e0ed1 Signed-off-by: Thomas Graf <thomas@cilium.io>

aboch closed this as completed Apr 13, 2017

tgraf mentioned this issue Apr 13, 2017

daemon: Always enable net.ipv6.conf.all.disable_ipv6=0 for now cilium/cilium#544

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

libnetwork disables IPv6 on all interfaces in initns #1720

libnetwork disables IPv6 on all interfaces in initns #1720

tgraf commented Apr 13, 2017

aboch commented Apr 13, 2017

aboch commented Apr 13, 2017

tgraf commented Apr 13, 2017

libnetwork disables IPv6 on all interfaces in initns #1720

libnetwork disables IPv6 on all interfaces in initns #1720

Comments

tgraf commented Apr 13, 2017

aboch commented Apr 13, 2017

aboch commented Apr 13, 2017

tgraf commented Apr 13, 2017