IPv6 documentation wrong, causing Docker crash

[Alkarex]

Reposting here the following issues:

• "ipv6": true in /etc/docker/daemon.json leads to "Error starting daemon: Error initializing network controller: Error creating default "bridge" network: could not find an available, non-overlapping IPv6 address pool among the defaults to assign to the network" distribution/distribution#2571
• Docker documentation issue ipv6 distribution/distribution#2526

Description
The IPv6 documentation on https://docs.docker.com/config/daemon/ipv6/ seems wrong, i.e. does not actually enable IPv6 and also prevents Docker from restarting.

See distribution/distribution#2526 for a description by another user ( @igarny ).

The bug seems to have been introduced by version 1.12.6
5e28d20

Steps to reproduce the issue:

1. Install Docker from https://get.docker.com
2. Follow the documentation https://docs.docker.com/config/daemon/ipv6/

• i.e. create file /etc/docker/daemon.json with content { "ipv6": true }

3. Restart Docker with sudo service docker restart

Describe the results you received:
Docker fails to restart. Crash on startup.

sudo service docker start
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

sudo systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: inactive (dead) (Result: exit-code) since tor 2018-04-26 17:18:13 CEST; 43s ago
     Docs: https://docs.docker.com
  Process: 6042 ExecStart=/usr/bin/dockerd -H fd:// (code=exited, status=1/FAILURE)
 Main PID: 6042 (code=exited, status=1/FAILURE)

apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Unit entered failed state.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Failed with result 'exit-code'.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Service hold-off time over, scheduling restart.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Stopped Docker Application Container Engine.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: docker.service: Start request repeated too quickly.
apr 26 17:18:13 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.
apr 26 17:18:33 alexandre-VirtualBox systemd[1]: docker.service: Unit cannot be reloaded because it is inactive.
apr 26 17:18:47 alexandre-VirtualBox systemd[1]: docker.service: Start request repeated too quickly.
apr 26 17:18:47 alexandre-VirtualBox systemd[1]: Failed to start Docker Application Container Engine.

See distribution/distribution#2571 (comment) for more debug information from another user ( @jean-christophe-manciot ).

Describe the results you expected:
Docker restarting without crash, and IPv6 enabled.

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Test on Virtualbox:

Client:
 Version:	18.04.0-ce
 API version:	1.37
 Go version:	go1.9.4
 Git commit:	3d479c0
 Built:	Tue Apr 10 18:20:32 2018
 OS/Arch:	linux/amd64
 Experimental:	false
 Orchestrator:	swarm

Server:
 Engine:
  Version:	18.04.0-ce
  API version:	1.37 (minimum version 1.12)
  Go version:	go1.9.4
  Git commit:	3d479c0
  Built:	Tue Apr 10 18:18:40 2018
  OS/Arch:	linux/amd64
  Experimental:	false

Test on Raspberry Pi:

Client:
 Version:       18.04.0-ce
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    3d479c0
 Built: Tue Apr 10 18:25:24 2018
 OS/Arch:       linux/arm
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:      18.04.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   3d479c0
  Built:        Tue Apr 10 18:21:25 2018
  OS/Arch:      linux/arm
  Experimental: false

Output of docker info:

Test on Virtualbox:

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 18.04.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.4.0-121-generic
Operating System: Ubuntu 16.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.859GiB
Name: alexandre-VirtualBox
ID: IP7G:KW3X:6JQM:YTQG:FKJO:6V4J:PDQQ:C4KO:KSKA:L3XP:QP3Z:WNFZ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.):

Tested on Virtualbox and on Raspberry Pi.

[Alkarex]

Another documentation page https://docs.docker.com/v17.09/engine/userguide/networking/default_network/ipv6/ that looks better (still wrong though, because fixed-cidr-v6 seems mandatory and not optional), but not as easy to find than https://docs.docker.com/config/daemon/ipv6/

[jan-dickhut]

May I ask whether this is an issue with the documentation or the software?
We would like to just provide a IPv6 link-local address to the containers, without the fixed-cidr-v6 option, since IPv6 is currently no option for our setup.
Thanks.

[mesaque]

there is any news about this problem??? we need IPv6 on Docker!!! plz fix this!!

[miwagner1]

Why is this documentation still there to enable ipv6 when all it does is cause the docker service to not start?

[laptrinhcomvn]

Up. I got this too.
I want IPv6 because I run it on my api service for iOS app and they required IPv6

[anirbanmu]

Is there any workaround for this? I just need my containers to be able to access ipv6 (outgoing). I don't need to route to my containers via ipv6 (incoming).

[parsifallo]

Is there any workaround for this? I just need my containers to be able to access ipv6 (outgoing). I don't need to route to my containers via ipv6 (incoming).

For me it works using a fixed IPv6 address for my containers.

[Chrislevi]

@parsifallo Can you share your setup? what do you mean by fixed ipv6.. macvlan?

[daiaji]

Actually, I don't want to use fixed-cidr-v6. It's too complicated for me to configure the IPv6 address.
I prefer to use traditional port mapping to allow external links to access containers.
Although IPv6 NAT is evil.

[slxiao]

I met this issue today, workaround it successfully by changing content of /etc/docker/daemon.json from

{
      "ipv6": true
}

to

{
      "ipv6": true,
      "fixed-cidr-v6": "fe80::42:e0ff:fe36:174c/64"
}

[EgorDuplensky]

Faced the same issue.
To make it work the same way as ipv4 and considering example from documentation the following helped:

/etc/docker/daemon.json:

{
      "ipv6": true,
      "fixed-cidr-v6": "2001:db8:1::/64"
}

Setup forwarding and ip -6 route

ip -6 route add 2001:db8:1::/64 dev docker0
sysctl net.ipv6.conf.default.forwarding=1
sysctl net.ipv6.conf.all.forwarding=1 

enable MASQUERADE for outgoing packets:
sudo ip6tables -t nat -A POSTROUTING -s 2001:db8:1::/64 -j MASQUERADE

[leifnel]

What to do if I have a real ipv6 subnet different from the host network?

[ThaDaVos]

I ran into the same issue as everyone else here, got redirected to the documentation, followed it and greeted with a non-starting docker...

I was trying to setup this: https://zerotier.atlassian.net/wiki/spaces/SD/pages/7274520/Using+NDP+Emulated+6PLANE+Addressing+With+Docker

The only reason I want to enable IPv6 is inside a certain docker network - my internet doesn't have IPv6 and I don't/can't enable it

[MarcelWaldvogel]

@EgorDuplensky Using the documentation prefix 2001:db8::/32 for anything other than documentation is a bad idea. RFC3849 explicitly states: "it is not a local-use prefix".