This respository contains various scripts and tools to enable Docker to use a IPv6 prefix obtained through DHCPv6 Prefix Delegation.
This allows containers to use native IPv6 without any need for proxies.
The scripts and tooling in this repository were tested on Ubuntu 14.04 (upstart) and 16.04 (systemd).
Prefix Delegation (PD) is a mechanism which allows a client to request a IPv6 prefix to be routed towards that host.
Usually a client will obtain a prefix larger than a /64 to allow splitting up this prefix in multiple smaller prefixes.
Docker and IPv6
Docker can use IPv6 for it's containers if you start the docker daemon with the --ipv6 flag.
docker daemon --ipv6 --fixed-cidr-v6=2001:db8:100::/80
IPv6 addresses of Docker containers are based on the MAC address. A /80 subnet combined with the 48-bits of a MAC address sums op to 128-bits for a full IPv6 address.
More information about Docker and IPv6 can be found in Docker's documentation.
A few sysctl settings have to be applied for IPv6 to work properly.
To do so create /etc/sysctl.d/99-ipv6.conf and add:
NOTE: Replace eth0 by your primary interface. This might be ens3 on newer kernels.
You can now apply these settings:
sysctl -p /etc/sysctl.d/99-ipv6.conf
A reboot of the system is suggested to make sure the settings are applied.
dhclient is part of ISC DHCP and can request a IPv6 Prefix through DHCPv6.
In order to do so, dhclient should be run with these flags:
dhclient -6 -P eth0
It will request a prefix through DHCPv6.
You can find the DHCPv6 information in /var/lib/dhcp/dhclient6.leases
Ubuntu 14.04: Upstart
Under Ubuntu 14.04 you can run dhclient using upstart to request the prefix and renew then needed.
See the upstart file in the repository to do so.
You should place this file in /etc/init/dhclient6-pd.conf
Afterwards you can start and stop with:
sudo start dhclient6-pd
sudo stop dhclient6-pd
Ubuntu 16.04: systemd
Ubuntu 16.04 using systemd and to run dhclient for Prefix Delegation to have to install dhclient6-pd.service in /etc/systemd/system/
Now reload systemd and start dhclient:
systemctl start dhclient6-pd
systemctl status dhclient6-pd
By default it uses eth0 as the configured interface. Change this in the service file if this differs on your system.
With newer kernels this might be ens3 for example.
ifupdown / interfaces file
The ifupdown package on Ubuntu is responsible for configuring network interfaces under Debian and Ubuntu.
I wrote a patch for ifupdown so that you can configure the network stack to perform the Prefix Delegation request for you.
When Ubuntu and Debian apply this patch you can use it in your interfaces file:
iface eth0 inet6 auto dhcp 1 request_prefix 1
Hopefully this makes it into Ubuntu 16.04.
Docker IPv6 hook
The docker-ipv6 dhclient hook in this repository should be placed in /etc/dhcp/dhclient-enter-hooks.d/ where it will be executed after dhclient obtains a prefix.
The hook will get the first /80 subnet out of the delegated prefix and write it to /etc/docker/ipv6.prefix
The Docker daemon is then restarted so it will use the new subnet as the fixed IPv6 cidr.
Depending on your Ubuntu version (14.04 or 16.04) configuration has to be done differently due to the Upstart vs systemd changes. The end result is the same.
Afterwards you can print the processlist and see docker running with these arguments:
/usr/bin/docker daemon --ipv6 --fixed-cidr-v6=2001:00db8:100:0000:0000:0000:0000:0000/80
In order for this to work the DOCKER_OPTS in /etc/default/docker should be set to:
DOCKER_OPTS="--ipv6 --fixed-cidr-v6=`cat /etc/docker/ipv6.prefix`"
First we copy the systemd service file for docker to /etc:
cp /lib/systemd/system/docker.service /etc/systemd/system
Now modify the ExecStatrt line so that it contains:
ExecStart=/bin/bash -c "/usr/bin/docker daemon --ipv6 --fixed-cidr-v6=`cat /etc/docker/ipv6.prefix` -H fd://"
Now reload systemd and stop/start Docker:
systemctl stop docker
systemctl start docker