Docker 18.09 not talking IPv6 (on Ubuntu 18.04)
Brand new and fully patched Ubuntu 18.04 instance (on a Linode VPS) with Docker 18.09.0 (build 4d60db4) installed from the official Docker repo.
IPv4 networking is running fine, both between containers and internal to external (once I had set net.ipv4.ip_forward=1).
IPv6 however won't even talk between containers, let alone externally.
I have tried lots of things but found this guide to be the best (other than it doesn't work :-) )
As such I have...
Updated /etc/docker/daemon.json with the following and restarted:
{
“ipv6”: true,
“fixed-cidr-v6”: “2001:db8:1::/64”
}
Checked the MTU.
Run two docker containers set up for testing this:
sudo docker run -itd ajeetraina/ubuntu-iproute bash
sudo docker run -itd ajeetraina/centos-iproute bash
Both are showing perfect connectivity internally:
$ sudo docker exec -it b1cbb63b4e88 ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:acff:fe11:3 prefixlen 64 scopeid 0x20<link>
inet6 2001:db8:1::242:ac11:3 prefixlen 64 scopeid 0x0<global>
ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
RX packets 7 bytes 746 (746.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ sudo docker exec -it 57da37ca7f79 ifconfig eth0
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
inet6 addr: 2001:db8:1::242:ac11:2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1086 (1.0 KB) TX bytes:726 (726.0 B)
and will ping each other via IPv4:
$ sudo docker exec -it b1cbb63b4e88 ping -c 4 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.091 ms
64 bytes from 172.17.0.2: icmp_seq=3 ttl=64 time=0.113 ms
64 bytes from 172.17.0.2: icmp_seq=4 ttl=64 time=0.120 ms
--- 172.17.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3060ms
rtt min/avg/max/mdev = 0.091/0.114/0.134/0.018 ms
but nothing via IPv6:
$ sudo docker exec -it b1cbb63b4e88 ping6 -c 4 2001:db8:1::242:ac11:2
PING 2001:db8:1::242:ac11:2(2001:db8:1::242:ac11:2) 56 data bytes
From 2001:db8:1::242:ac11:3 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:db8:1::242:ac11:3 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:db8:1::242:ac11:3 icmp_seq=3 Destination unreachable: Address unreachable
From 2001:db8:1::242:ac11:3 icmp_seq=4 Destination unreachable: Address unreachable
--- 2001:db8:1::242:ac11:2 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3065ms
I've been reading that Docker has been playing around with sysctl and IPv6 in newer versions of Docker so have checked the host:
$ sudo sysctl -a | grep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.docker0.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
and tried running the containers with --sysctl net.ipv6.conf.all.disable_ipv6=0 but nothing has worked so far.
All help very gratefully received. Thank you in advance.
I have had this problem as well and it turned out to be with the iptables IPv6 FORWARD chain. It looks like docker just doesn't set it up in the same way it does IPv4.
You can test if this is the case by running:
sudo ip6tables -P FORWARD ACCEPT
This is a poor work around as it blindly opens up the forward chain.
Docker isn't known for great iptables integration...